Focus on:  Hide Contributions
Login

WLCG DOMA BDT Meeting

Europe/Zurich
Brian Paul Bockelman (University of Wisconsin Madison (US)), Maria Arsuaga Rios (CERN), Petr Vokac (Czech Technical University in Prague (CZ))
Description

Topic: WLCG DOMA BDT Meeting (twiki)

    • 16:30 16:40
      News 10m

      NOTES

      • Rucio rough development plan for tokens
        • March - document with details how to integrate tokens with Rucio according WLCG AuthZ design
        • summer - implementation of deletions with tokens
        • by end of 2023 - tested / production quality interaction with FTS using tokens (ready to be deployed)
        • rucio download / upload workflow most probably after DC24
          • CLI user interaction not yet well defined even by WLCG AuthZ group
      • Rucio mini-challenges tests done before DC24
        • we can use existing token implementation in Rucio => don't wait till the end of 2023 with token tests
        • configure tokens directly on our production instances(?)
        • ESCAPE testbed - this will be discussed tomorrow during Rucio meeting
    • 16:40 16:55
      Transfers with tokens 15m
      Speaker: Francesco Giacomini (INFN CNAF)
      • FTS token improvements plans 20m
        Speaker: Mihai Patrascoiu (CERN)

        FTS wants to go with the token per (Storage, <src|dst>) approach, as opposed to a different token for each particular token.
        It is the responsibility of the user to provide the appropriate credentials, similarly to how they do right now via the proxy certificate delegation.

        FTS to introduce a delegation mechanism for tokens:
        - Tokens will be delegated according to a (CredID, Storage, <src|dst>) tuple
        - Clients will be able to delegate to "*" storage, a particular storage or (Storage, <src|dst>) pair
        - The delegation endpoint will be adapted to also list a user's delegated tokens

        CredID (credential ID) is a hash function of certain token fields. For the moment, that includes: "sub", "wlcg.groups" and "iss".
        Should "scopes" be part of the CredID?

        For convenience, FTS will provide transparent delegation via the command line tools. Example:
        $ fts-rest-transfer-submit --access-token <token_for_fts> --src-token <src_token> --dst-token <dst_token> -s https://fts3-pilot.cern.ch:8446/ <src> <dst>
        <token_for_fts> - created the CredID for the delegation
        <src_token> - token to delegate for source storage
        <dst_token> - token to delegate for destination storage

        Meeting Notes

        - Include "storage.*" scope in the CredID

        - When does the token delegation end? Has to be defined

        Dedicated meeting

        • we have to think a bit about this proposal
          • e.g. not clear when client (e.g. Rucio) needs to delegate fresh token
          • some experiments don't want to allow scope.read:/ - unable to protect any data for some subgroup
          • refresh tokens are not "cheap" on IAM side
          • bootstrap problem
        • Petr create doodle pool
        • send email to the BDT mailing list
    • 16:55 17:05
      Tape REST access 10m
      Speaker: Mihai PATRASCOIU (CERN)
    • 17:05 17:15
      Packet marking 10m
      Speakers: Marian Babik (CERN), Shawn Mc Kee (University of Michigan (US))

      Draft plan for networking mini-challenges and network related activities for this year:

      https://docs.google.com/document/d/11AwUiyJit_241A4DfHbt-93Z-6BZ2CBwqMApoVXWpbk/edit?usp=sharing

      Packet Marking WG meeting took place 24th of January (https://indico.cern.ch/event/1244448/) - focus of the meeting was to discuss plans for this year

    • 17:15 17:25
      WebDAV Error Message Improvement Project 10m

      Discuss with experts improvements in the error messages produced by failed transfers.

      Speaker: Stephan Lammel (Fermi National Accelerator Lab. (US))

      Petr would like to prioritize improvements described in DMC-1286 (due to higher number of these failures with recent problems on BNL LHCOPN link) and also better deal with transfers with substandard throughput that leads to the timeout DMC-1278.

    • 17:25 17:30
      AOB 5m

      HTTP-TPC Update #4: Monitoring - transfer source and destination addresses

      • today we agreed that proposal makes sense and Petr should create ticket for storage implementations
      • this is not urgent, because it is "just monitorin" but it can make ops life easier / provide more details for precise transfer issue debugging
      • our deadline for implementation is the end of 2023

      Standardize format of error messages

      • form working group that comes with same error messages in all implementations for specific failure
      • start with HTTP-TPC error messages
      • we can collect information in the "Webdav Error Improvement" twiki pages
Powered by Indico v3.3.7-pre