WLCG AuthZ Call

Thursday 13 Mar 2025, 16:00 → 17:00 Europe/Zurich

Previous Actions:

• All to send high priority issues to the mailing list -> Enrico to create board for 1.11 release including those issues (not experiment specific but specifying initial requestor)
• Next call to focus on JWT Common Profile improvements for v 2.0
• Maarten to send email to working groups to ask for consensus on v 2.0 profile (allows developers to progress) 

Proposed agenda:

• Any requests can be sent to the mailing list
•  

 

Zoom meeting:

Link below, in the videoconference section. Please ensure you are signed in to Indico to see the meeting password!

Next Meeting: 

• TBD

Present:

Stephan L, Tom D, Dave D, John SDS Jr, Linda C, Dimitrios C, Berk B, Dave K, Maarten L, Federica A, Matthew SD

Apologies:

Mischa

Previous Actions:

• All to send high priority issues to the mailing list -> Enrico to create board for 1.11 release including those issues (not experiment specific but specifying initial requestor)
• Next call to focus on JWT Common Profile improvements for v 2.0
• Maarten to send email to working groups to ask for consensus on v 2.0 profile (allows developers to progress) 

 

Notes:

Potential topics:

• Publication of the 2.0 profile
• Open issues raised by various parties - but need the right stakeholders, such as storage
• IAM enchancements - some functionality improvements are orthogonal to these
  • Large number of components to be replaced
  • Discuss and discover viewpoints, priorities

 

Maarten plans to start looking at, and pulling out profile issues to be discussed.

Some of us will be busy with upcoming events - in particular HEPiX and WLCG workshop

Error handling - flagged by Stephan as an issue that is causing problems

• Has been flagged at DOMA. IAM team are working on things, adding features as needed
  • This matter rather concerns data management MW

 

Lifetimes

• understand the requirements and policies that we should need to comply to
• settling this would be pertinent
• WLCG Token Task Force is working on a new timeline and new milestones for this and next year - the inital 2022 timeline has limited steps for 25/26
  • This is a small group, kept to experts of several parties
• Token lifetimes are being discussed here, as well as in the Token Trust and Traceablity Working Group
  • TTT aiming to produce best practice guides which then lead to policy. Should be based on things that are proven to be workable, not theoretical
• Still finding answers and parameters

 

Aims of this working group:

• IAM development and features
• WLCG Token Profile
  • Improving the correctness and usability

 

Meeting cadence and planning?

Will need to ensure the relevant parties and groups are attending meetings - for example having the correct data management experts

• Action: Tom to send an email to request topics and issues for discussion, and then we can plan a schedule of meetings upcoming
• Action: Maarten to tidy up and review open issues and pull requests for the token profile, and then circulate a potential 2.0 draft

 

Stephan raises: Host certificate CA alternatives - inc IGTF certs, LetsEncrypt

• Maarten raises this was being looked at by the Resource Trust Evolution Task Force
• Orthogonal to tokens/this group - but could revive that group for next steps
• There are various developments there
• Action: Maarten to look at reviving the RTE Task Force
• Google trust services are getting close to IGTF, noted by Dave K
• Could look to use the same slot - security meeting time, use by WLCG AuthZ and RTE Task Force, as needed