ESCAPE Trust Framework discussion

Wednesday 14 May 2025, 11:00 → 12:00 Europe/Zurich

11:00 → 12:00 Roundtable

Conveners: Alberto IESS, Enrique Garcia Garcia (CERN), Gareth Hughes, Gino MARCHETTI, Giovanni Guerrieri (CERN), Raymond Oonk

Gareth: Xavi wrote the AAI strawdog

Document with minues and notes about the meeting on AAI: since then the effort ramped down a bit.

 

Gino: at the Lyon computing centre, there is the effort of building projects based on communities' needs. 

The Trust framework initiative got picked up a bit later then hoped.

There is interest in understanding what AAI developments are in place in EU.

 

Enrique: (introduction about the strawdogs and the historical background) 

Trust Framework aims to be as shared as possible to avoid monopolising the steering of the initiative.

 

Giovanni: https://zenodo.org/records/15388270

AAI Strategy for EOSC Nodes

Q: (Gareth): are there working groups related to AAI in EOSC?
A: (Enrique, Giovanni): there are working groups, but they are probably more related to the 13 candidate nodes than to the broader community.
Alberto: still in discussion with partners whether to propose ESCAPE as a Node in the second wave. There is a INFRA-EOSC call for consolidation, evaluating on that.
Enrique: EOSC AAI will be based on MyAccessID (Geant); aim is to allow for a transparent integration of RIs AAIs into the EOSC one.

 

Cards Overview

IAM-Cluster Interface Management
INDIGO-IAM is now the core AAI mechanism: collect use cases and propose priorities on what needs to be developed
Enrique: gather consensus in ESCAPE on what should be done. 
Giovanni: Rucio, the tokens transition, and the SLA with IAM is not very robust.
Gareth: MoU with CNAF for tokens - other worry: if researchers have proposal periods, dependency on IAM is critical to comply with deadlines.

 

Multiple experiment analysis
Create a federated way of dispatching workflows (?)
ET developing MADDEN, which is along the lines of the topic presented there.

 

Common ESCAPE/ERI user model.
Restrict access to resources depending on user profile. 
Users attributes can be included in the token profiles.
Common format that all the partners have in common, and possibly can be propagated to CNAF.
Q (Gino): Standard user model means having a common user profile (with default attributes) that are largely shared among communities

Multi wavelength/messenger use cases
See MADDEN

 

IAM-dCache interface
Folks wanted to pull data out of dCache using IAM. 
Now solved in ~2 different ways.
Gino: some tests on the CCIN2P3 INDIGO instance
Gareth: would be interesting to have presentations!

 

User Management tools
Some APIs are aggregated in some tool.

Actions

Contact ESCAPE partners to understand the status on AAI technologies.

Ping people that are assigned to cards

Summarise the developments in another meeting