Notes WLCG AuthZ
Participants: Andrea, Andrii, Dave, Enrico, Jim, Julie, Linda, Mischa, Elvin, DaveK, Mihai, Roberta, Maarten, Jeffrey, Francesco, Brian, Mine, Petr, DavidC, Raul
Notes:
- Pre-GDB summary
- Policy
- We seem to be missing docs on who makes authorization decisions etc. Maybe good to start with a risk assessment
- Discussion needs to happen within IGTF as well (raised at TAGPMA)
- IGTF has idea of self assessment, how would this process look for a token issuer? Who are the peers and what are the criteria?
- US labs only allowed to do some things because DoE trusts IGTF processes
- Note, we never accredited VOMS which is a bit more parallel to the token issuer
- Possible actions
- Add to workplan short document on how “it” all works, what is the token issuer and who authorizes what
- Do a trial peer review of a self assessment of a token issuer (this would be a good test)
- We should have a compliance test suite for the WLCG JWT profile (there is already something basic)
- Which projects could we use to fund policy work?
- Some existing projects e.g. EC ones
- Should keep an eye out for good opportunities
- ARC etc
- Need to define the division of work
- Dedicated meetings for token based workflows (or hackathon)
- Rucio has a conflicting meeting on Thursday afternoons
- “Token based bulk data transfer”
- Also forward compatibility with mapping (not just backwards)
- Try and spin up broader discussion with FIM4R and OIDF group and AEGIS r.e. next WLCG profile
- Need to decide whether want to align with recent RFC
- Moving towards a more general profile (possibly longer term)
- Could use RFC as an excuse to get things going
- Brian suggests starting email sending now before real work begins
- What are we asking for from FIM4R etc? Find a way to make more broadly adoptable. Will merge WLCG and Sci-Tokens
- FIM4R Signup https://fim4r.org/contact/
- Petr: Could we have similar workflows for job submission as we have for download/upload? Yes, that’s next
- CE scopes presentation from Brian
Actions:
- Schedule next meeting (not Nov 25) for FTS & Rucio (include right people, Mihai, Petr)
- Brian/Hannah to kick off activity for joint profile
- Hannah update grid map activities in workplan to “Mapping”
- Hannah clarify who will volunteer whilst on leave (until June 2022)
- DaveD to help Hannah/CERN deploy htgettoken instance for testing
There are minutes attached to this event.
Show them.