WLCG AuthZ Call

Europe/Zurich
Description

Previous Actions:

  • Open tickets from VO Admin training from Andrea in Dec. Petr will try to ping the important ones of these for addressing


Proposed agenda: 

Zoom meeting:

Link below, in the videoconference section. Please ensure you are signed in to Indico to see the meeting password!

Next Meeting: 

  • 22nd July
Videoconference
WLCG AuthZ Call
Zoom Meeting ID
61554826915
Description
Zoom room for WLCG AuthZ Call
Host
Tom Dack
Alternative hosts
Maarten Litmaath, Hannah Short
Useful links
Join via phone
Zoom URL

Present: Irwin G, Jeny T, John SDS, Maarten L, Petr V, Tom D, Jim B, Linda C, Federica A, Julie M, Xin Z, Brian B, Ian C, Dave D, Doug B, Marcelo S

Apologies: Francesco G, Hannah S

Agenda: 

Minutes: 

  • Token Transition Timeline
    • Comments about dates potentially being unachievable, though already pushed back somewhat from older drafts
    • Danger of losing momentum if things move back anymore
      Brian - liked split of demo, ie have one transfer work and then complete transition. Doesn't mind pushing back with an appropriate plan.
    • Maarten: Should not try and create more milestones - at least need to indicate the first possible time things could happen.
    • Aim for existing dates, and find and see where teams are unable to meet dates and table can be updated. Goal is to put into production things that work, and profit from that in run 3 where suitable - run 4 should not have any X509 vestiges.
    • M8 - some ambiguous wording, to be updated
    • Big challenge could be communicating the different configurations different places may need
    • DPM can tolerate some slippage around the EOL Centos7 - places with only DPM are unable to participate in token things.
      Some sites may not meet deadline, and that tail should hopefully be something which can be lived with. At some point need the deadline of Must support tokens.
    • Pre-2024 deadlines should be achievable, and the table can grow as needed (eg intermediary milestones as wanted) - have some time to make these decisions before document needs to be with MB.
    • Brian comments:
      M9: needs some clarification of some/all, so as to be clear what is needed
      M10: likely needs some pushing back
    • More powerful document if signed off on by some of the big middleware groups.
    • Version 1.0 - aim to look not totally impossible, rather most being achievable - 8,9,10 being the difficult ones.
    • Doug: have people recently reached out to check with Rucio, FTS, etc to check whether dates align with their thoughts.
      Maarten to email "usual suspects" to gauge this and understand their views.
    • Doug: M8/9/10 should have some feedback from the experiments
      Brian: less worried about 8, but 9 is a big question mark and needs understanding from experiments. 10 will always be a guess, and 3 months may not be realistic.
      Petr: 10 date was originally based on end of run 3, didn't imagine we'd push tokens during run 3 and unless we are really trying to push we should push these back.
    • Petr: next data challenges should be done with tokens, meaning production sites should support tokens
      Brian: targeting the data challenge means it should be fine for production, but something more Rucio/DIRAC/FTS centric targeting DC23 should be suitable for M7 - reworded in the meeting.
    • Jeny: important to gather feedback from non-LHC VOs, eg DUNE. Currently causing uncertainty for DUNE as the schedule isn't clear. DUNE's run model doesn't coincide with Run3, and so important to take into account smaller VOs for a clearer schedule.
      Maarten: need to meet in the middle, smaller VOs can bring things up and inform and also learn from progress. Not doing things just to serve our own four as is. Understand their frameworks if not covered by what is noted here.
      Doug: Linkage to other communities should be considered, DUNE may be moving faster in some areas but also requiring progress on some resources such as Rucio
      Brian: should bring them in the loop, as constructive comments and thoughts should be welcomed.
      Maarten to contact relevant parties for their comments
    • Aim is a "nice official document" which can be referred to - not delay until everyone has commented, but get a sensible and thought out version 1.0 available and out there. This could then be replaced and updated quickly and as needed, without going through the MB every time.
    • M4 needs to understand how to support EGI use cases for now - a prototype solution, before understanding sustainability going forward.
    • Brian: concerned about turning off of VOMS-Admin
      Maarten: switching VOMS-Admin has a prerequisite of issues in IAM being resolved, as identified by Petr, with an aim of Feb next year.
      Brian: concerned about velocity
      Petr: if able to push CNAF team to deliver the required issues. Francesco doesn't view this as a major risk.
      Maarten: if we know this won't happen, we can push if needed - can be pushed to the end of run 3 if needed, if prerequisites cannot be met sooner.
      Potentially evolve bullets to milestones, should be required
  • People should look to comment and provide blessing on this in the next week, so a version 1 can be published.
  • Brian: any updates on IAM support improvements at CERN, had agreed that things will be looked at in May.
    Maarten: Situation has not improved a lot since earlier in the year. Hannah is main expert and services are stable - Maarten does not see a huge concern with lifetimes, and has some doubts about the optimistic lifetimes previously detailed.
     
  • Brian: concern about issuers, issuers per VO, constraints on multiple VOs per issuer. Should be on the agenda as concerned about pulling together a new infrastructure layer of abstraction and "resetting the clock" - costly to go back to the beginning.
There are minutes attached to this event. Show them.
The agenda of this meeting is empty