Collaboration meeting
# Argus Collaboration Meeting - 4/11/2016
## General News
## UMD4 Integration
RC packages have been produced, release of ARGUS will be part of next UMD4 release, expected next week.
TODO: tag the current documentation on ReadTheDocs as 1.7.0
* Define this tag as the default one if possible
## Development News
No development in Argus since the last meeting
* No new issue
* CERN confirms that the last release solved all issues with Argus
Next release planned to include the new PIP to support IOTA CAs
* All the codes changes are in opened pull requests that can be merged now that 1.7.0 is out
* Need to update the policy: Mischa is writing a script to do it
* Further discussion needed on how to ship this script: from the PDP RPM, from the documentation, from another RPM for Argus tools. Could also be integrated into the PAP on the fly when policies are updated but it is difficult to identify which VOs are eligible to have IOTA CAs supported... In any case we should not end up in a situation where all the VOs have IOTA CAs enabled because the policy has not been properly defined.
* Problem is that IOTA CAs are enabled by default if not forbidden by the policy: the default behaviour just checks the proxy DN and FQANs, not the CA
* One possibility is to have a configuration option that disables IOTA CAs by default, until they are explicitly enabled after upgrading the policy. Difficulty is how to distinguish IOTA CAs from stronger ones: can probably be handled with Argus scanning the /etc/grid-security/certificates directory and considering untrusted all the CAs that are not part of the stronger trust anchor profiles.
* As all services ought to use the same library for these checks, it should not be too difficult to implement. It might be even better to have this check in CANL but may be too complicated...
* Need to agree on the attribute name in the interoperability profile used to list the meta INFO file used for an IOTA CA: will not be easy to change it after the release
* Meta INFO is used to work around the absence of 'or' in the Simplified Policy Language
* See July 25 email from Mischa on the list: general agreement with Mischa's proposal
* Need a proper documentation of IOTA CA support
* Everything should be ready in the coming weeks
* Need also to check how to integrate this aspect in the current Argus test suite
* Release pretty urgent as this is a prerequisite for IOTA CA support in EGI (and WLCG...)
Stress test suite: work stopped at NIKHEF after the departure of Tamas
* In fact, not really a problem as most of the tests have been integrated into the Argus test suite by Marco
== AOB ==
Next meeting: December 2 or 16, 2pm
* Michel will be off, somebody else will need to chair the meeting