Apologies: Dave K, Maarten
Attending: Petr V, Tom D, Liz SK, Linda C, John SDSJr, Jeny T, Stefano DP, Max F, Jim B, Xin Zhao, Roberta M, Douglas B, Julie M, Hannah S, Dave D, Federica A, Andrei T
- Petr: hoping for more concrete details, notably the "wanting to grow" comment
Hannah: Maarten had said expected but Hannah didn't want to portray as definite due to hiring issues. Support from community should help. Hopeful
- Petr: Some sort of timeline towards IAM transition from VOMs Admin. Currently makes planning hard.
Hannah: Maarten wants to restart Token transition timeline, but there are conversations needed to happen. Conversation with Laurence, who is keen to migrate asap - should be driven by experiments rather than us, as they will need to support and move users. Expect CMS and Atlas to push, but will need discussion.
Petr: Can push, but a fixed timeline would help. Would like to see all experiments move at the same time according to a timeline.
Hannah: A stage migration would be preferable. CMS likely to go first as they were driving it.
- Previous timeline document: https://docs.google.com/document/d/11fcZU8fEsfjDiSkjh95nVr4tNXLPCA_xwr2SwriBpiw/edit#
- Not just the CERN team maintaing - support from CNAF is there
- Addition of OSG CE token support comment
Liz: chicken & egg, as CMS didn't go full into transition as they were afraid the service wasn't ready and the service wasn't ready as it needed an experiment user
Hannah: to clarify, don't need an experiment for justification for more effort. Agree it's unreasonable to expect experiments to use something underfunded
Liz: has there been a declaration of production?
Hannah: not really - more organic. There is a support service (best effort) and it is working
Liz: When could lots of users use in anger reliable? So we can all aim for the same place
Hannah: Not sure can have that information ready for wednesday
- Unsure who is delivering - Tom will check after to confirm that Maarten will be delivering.
WLCG IAM on new Version
- WLCG IAM now on new version
- IAM dashboard can now be controlled from the main dashboard rather than MitreID - less complicated. People can try the instance and report and issues found.
- Update to Spring version
- Petr: a few open tickets from VO Admin training from Andrea in Dec. Petr will try to ping these, as some are important and would like to see fixed in a release soon. Issues shown on IAM GitHub
- Stefano: confusion around the subject for token issuer.
Site Admin should be able to verify that https://atlas-auth.web.cern.ch/ is really the token issuer for ATLAS (Trust anchor).
Not currently an official location with a list of token issuers. Is it possible to have a webpage to lookup which are the issuers defined by any given VO? Something similar is done by OSG - page on GitHub and another page (potential missmatch). Well known source for verifying issuer and issuer subjects.
For VOMS details we can look in the EGI VO card - https://operations-portal.egi.eu/vo/view/voname/atlas (or rely on packages containing lsc/vomses config files)
- Potential for Maarten to talk to EGI to understand this - will bring up at next meeting
There are minutes attached to this event.