Speaker
Description
Since Run 1, CMS has relied on certificates for user identification and experiment/group membership through extensions. However, as support for both certificates and extensions declines, CMS is transitioning to token-based authentication, aligned with the WLCG profile, for the upcoming High-Luminosity LHC run. With certificates, sites were responsible for mapping roles to capabilities. Tokens will allow CMS to take a more granular approach to security whilst also aligning with industry-standard practices.
This presentation provides an overview of the token-based authentication and authorisation workflows implemented for CMS data transfers. It also reflects on past experiences, outlines the current testing efforts, and discusses future enhancements to optimize the use of tokens within CMS.
