Choose timezone
Your profile timezone:
WLCG AuthZ Call
→
Europe/Zurich
Description
Previous Actions:
- A pull request to be opened to implement prototype/experimental token renew descriptions, from 23/03: https://indico.cern.ch/event/1262265/
Proposed agenda:
- Milestone Review and CHEP presentation
- Automated token renewal for interactive users
Zoom meeting:
Link below, in the videoconference section. Please ensure you are signed in to Indico to see the meeting password!
Next Meeting:
- TBC
WLCG AuthZ Call
Zoom Meeting ID
61554826915
Description
Zoom room for WLCG AuthZ Call
Host
Tom Dack
Alternative hosts
Hannah Short, Maarten Litmaath
Useful links
Join via phone
Zoom URL
Present: Tom Dack (notes), Maarten L, Dave D, Dimitrios C, Alexandre FB, Petr V, Jim B, Francesco G, David K, Roberta M, Linda C, Mischa S, J G, Thomas H, Mine AC, Hannah S
Apologies: David C
Previous Actions:
- A pull request to be opened to implement prototype/experimental token renew descriptions, from 23/03: https://indico.cern.ch/event/1262265/
Proposed agenda:
- Milestone Review and CHEP presentation
- Automated token renewal for interactive users
Notes:
Milestone Review and CHEP presentation
- No notes as Tom was sharing. Comments and changes to presentation made, will be shared for final comments before CHEP
Viewer link: https://cernbox.cern.ch/s/Q8gNuBWZMr3c7uD
Please see mailing list for editor link - Technical comment from Petr:
In _my view_ IAM proxycert interface (https://indigo-iam.github.io/v/v1.8.1/docs/reference/api/proxycert-api/) developed for RCAuth could be still used to store long lived proxy and retrieve short proxies ... currently we use MyProxy (built on top of Globus libraries) for this functionality.
Previous Action & Token Renewal:
- A pull request to be opened to implement prototype/experimental token renew descriptions, from 23/03: https://indico.cern.ch/event/1262265/
- Previous two options:
- Tool has background refresh, the tool gets a token whenever a new one is needed
- Add to WLCG bearer token discovery, allowing it to get a token with a command when needed
- New third suggestion: Parent Shell.
- This shell can get new tokens when needed, and perform processes as needed
- OIDC auth done interactively when shell generated, and renews with existing vault token - works up to 7 days.
- Combines the best of both previous ideas, whilst
- Concept proven through other grid shell usage
AOB
- Petr commenting on ticket handling, and ticket disappeared due to auto-cleanup.
- Slow ticket handling, though bug commented on by Hannah about duplicating tickets with Petr's messages
- https://ggus.eu/index.php?mode=ticket_info&ticket_id=161020
- To be followed up offline
There are minutes attached to this event.
Show them.
The agenda of this meeting is empty
