Name: pre-GDB - Authorisation Working Group
Start: 2017-11-07T09:30:00+01:00
End: 2017-11-07T20:00:00+01:00
Location: CERN

pre-GDB - Authorisation Working Group

Tuesday 7 November 2017 - 09:30

Monday 6 November 2017
Tuesday 7 November 2017

09:30 Intro and Agenda Setting
Intro and Agenda Setting
09:30 - 10:00
Room: 31/S-028

10:00 Establishing the requirements for the future
Establishing the requirements for the future
10:00 - 12:00
Room: 31/S-028 What are the requirements for a WLCG AuthZ system? https://docs.google.com/document/d/1hnsPWf9C7ODVXZ7JehsSEiEsQwf5UmqLfTwVDhuqHzk/edit#heading=h.xam6oit8esxs

12:00 Lunch
Lunch
12:00 - 13:30
Room: 31/S-028

13:30 Summary of the agreed requirements
Summary of the agreed requirements
13:30 - 14:00
Room: 31/S-028

14:00 Review of existing or potential solutions and strategies
Review of existing or potential solutions and strategies
14:00 - 16:30
Room: 31/S-028 Aim is to come up with a strategy for how to address our requirements. Split into roughly two sections, "Front end" i.e. impacting users, and "Back end" i.e. what's going on under the hood. ----Front end---- Authentication mechanisms - X.509 - SAML - OpenID Connect - Social logins Identity/Collaboration management/Authorization services - VOMS Admin - INDIGO IAM - EGI Check-in - CoManage - Keycloak - Argus ----Back end---- Authorization - VOMS attribute certificate - OAuth bearer token - JWTs - Other token format (Macaroons) - SAML assertion Token Translation - Master Portal - WATTS

15:30 Coffee
Coffee
15:30 - 16:00
Room: 31/S-028

16:30 Consensus, conclusions and next steps
Consensus, conclusions and next steps
16:30 - 17:15
Room: 31/S-028

18:00 Go for a drink
Go for a drink
18:00 - 20:00
Room: Restaurant 1