October Pre-GDB: AuthZ and IAM Workshop

Europe/Zurich
513/R-068 (CERN)

513/R-068

CERN

19
Show room on map
Description

This month's pre-GDB will focus on the INDIGO IAM and the Authentication and Authorization work done by both the WLCG Authz WG and the wider community. 

The meeting will be split over two days, starting the afternoon of Monday 10th October and continuing through Tuesday 11th October.

Contributions to the agenda on both technical and policy topics are warmly welcome.

We will organise a dinner on Monday at Bain des Paquis on the lake in Geneva where you can have Fondue or a small range of other options. If you would like to attend, please indicate so on the registration form. Please bring cash in Swiss francs.

 

 

Videoconference
WLCG AuthZ Call
Zoom Meeting ID
61554826915
Description
Zoom room for WLCG AuthZ Call
Host
Tom Dack
Alternative hosts
Maarten Litmaath, Hannah Short
Useful links
Join via phone
Zoom URL
Registration
Participants
Participants
  • Alastair Basden
  • Alessandra Forti
  • Alison Packer
  • David Crooks
  • Dimitrios Christidis
  • Doug Benjamin
  • Emmanouil Vamvakopoulos
  • Enrico Vianello
  • Francesco Giacomini
  • Hannah Short
  • Ian Collier
  • Josh Drake
  • Linda Ann Cornwall
  • Maarten Litmaath
  • Marcelo Vilaca Pinheiro Soares
  • Mario Lassnig
  • Matt Doidge
  • Michel Jouvin
  • Narendra Kumar Reddy Challa
  • Nick Evangelou
  • Petr Vokac
  • R. Florian von Cube
  • Robert Hancock
  • Roberta Miccoli
  • Stefano Dal Pra
  • Tom Dack
  • Vincent Garonne
  • Monday, 10 October
  • Tuesday, 11 October
    • 09:00 17:00
      Tuesday 8h 513/R-068

      513/R-068

      CERN

      19
      Show room on map
      • Submission Tokens 50m

        How to express capabilities in a submit token vs how to configure a [HTCondor] CE to handle them

        Speaker: Stefano Dal Pra (Universita e INFN, Bologna (IT))

        Summary:
        Having a surrogate of LCMAPS that works with tokens would be good. 

        Having an ordered list of groups would be useful for HT Condor use case. -> others disagree, though perhaps primary being first one makes sense

        Should explore expanding the compute.create scope to include more information e.g. compute.create:/opportunistic or compute.create:/gpu

        The WLCG Auth Working Group should come up with some guidelines about when it makes sense for authorization logic to live in IAM and when it should be service/client side.

        There is an existing "Compute Scopes" working document, which can be found here: https://docs.google.com/document/d/1J85iNV1gIn4HX3owVrP4DdhTZKH7dzq11nv7Qv0Wj3U/edit?usp=sharing - notes on further discussion should go here as well.

      • Discussion: migrating to tokens from proxies 50m

        How have people done or are planning to do the transition? Are workflows being modified to roughly replace proxies with tokens or is there more?

        Speaker: Francesco Giacomini (INFN CNAF)
      • Supporting the wider community 50m

        How should we be supporting the wider community to reuse our findings? Are we framing things in a way that is friendly to non-HEP user communities?