Choose timezone
Your profile timezone:
WLCG AuthZ Call
→
Europe/Zurich
Description
Previous Actions:
-
Brian B: Update the profile and lead implementation of the above proposal, to be reviewed in May.
-
HTCondor CE configuration examples, links etc. to be collected on our Twiki page.
Proposed agenda:
- Review of previous Actions
- Update on ARC token integration
- Review of AuthZ Milestones: https://docs.google.com/document/d/11fcZU8fEsfjDiSkjh95nVr4tNXLPCA_xwr2SwriBpiw/edit#heading=h.lzdl5i6720lh
- Status of Token Issuers
- AOB:
Zoom meeting:
Link below, in the videoconference section. Please ensure you are signed in to Indico to see the meeting password!
Next Meeting:
- March 31st
WLCG AuthZ Call
Zoom Meeting ID
61554826915
Description
Zoom room for WLCG AuthZ Call
Host
Tom Dack
Alternative hosts
Hannah Short, Maarten Litmaath
Useful links
Join via phone
Zoom URL
Attending: Tom D, Alessandra F, Max F, Dave D, Mary H, M Mascheroni, Doug B, Jim B, Jeny T, Enrico V, Francesco G, Jeffrey G, David Cameron, Linda C, Maarten L, Thomas H, Stephan L, Roberta M, Marcelo S, Federica A, Mine A, Brian B, Maiken P, Petr V
Apologies: Dave K, Paul M, Ian C, David Crooks
Review of Actions:
- Brian B: Update the profile and lead implementation of the above proposal, to be reviewed in May.
- Doug&Maarten: Some code updates underway, and documentation changes proposed
- Still some reservations about the proposal, will need more discussion next time
- SciTokens CPP library update - Brian will check details, and contribute Twiki for Atlas sites
- Condor will need rebooting when library updated
- For U.S. CMS there are some XRootD issues - how CEPH-based instances are mapping VOMS attrs. Fixed in XRD master - haven't decided if will release a patch, or make release earlier. Only affects CMS.
- HTCondor CE configuration examples, links etc. to be collected on our Twiki page.
Notes:
- Update on ARC token integration
- Latest ARC releases support SCI/WLCG tokens, but only for jobs which don't require ARC data management - not a big deal for most people, but a big issue for ATLAS.
- ARC does continue to support X509 and Condor can support through REST
- Longer lived tokens: The software which needed changing, has been changed. Sites must use recent HTCondor version and have it use the right version (>= 0.7.0) of the scitokens-cpp library.
- ATLAS should all work, CMS needs lifetime increase
- Timeline for CMS upgrade to OSG sites - BB says awfully close
- 2022 CMS SI CE Token Readiness status https://docs.google.com/spreadsheets/d/1P5Tvv5RorEDsUtKbsN-UuW_GanSos9Yz5dPJwD5_hJk/edit?pli=1#gid=0
- Atlas side ready for production submission of tokens
- do not expect problems, even if IAM is down
- Need clear plan on how to get rid of the workaround
- LHCb need to participate to ensure tokens adopted
- Make libraries more strict for token lifetime enforcing as of ~May
- Other VOs are more "aggressively" submitting with tokens
- OSG Token Docs:
https://opensciencegrid.org/docs/security/tokens/overview/
https://opensciencegrid.org/docs/security/tokens/using-tokens/
https://opensciencegrid.org/technology/policy/collab-bearer-tokens/
- AOB:
- From Mail Thread - token lifetime is configurable in the same place as refresh tokens, and can be changed by VO Administrators
There are minutes attached to this event.
Show them.
The agenda of this meeting is empty
