Collaboration meeting

Name: Collaboration meeting
Start: 2017-01-20T14:00:00+01:00
End: 2017-01-20T15:00:00+01:00
Location: Vidyo

Friday 20 Jan 2017, 14:00 → 15:00 Europe/Zurich

Vidyo

Hide

# Collaboration Meeting - 20/1/2017

[Agenda](https://indico.cern.ch/event/592658/)

## General News

INDIGO: new person hired, should begin Feb. 1

## Development News

CNAF
* Main work done: integration of Misha's work on PIP into the main code
* A few issues identified during code review and fixed
* Deciding for being non blocking when an update is in progress: work to implement update in a separate thread
* No time in December to work yet on the policy processing into canl to be able to restrict use of IOTA CAs to certain VOs
* Will provide the required protection because the profile used requires providing a certificate chain and the certificate chain validation calls canl. In addition Argus does a full verification of the the proxy presented by the VOMS extensions (doesn't rely on an external entity to check it to prevent/limit the risk of DDOS).
* Should be done after PIP integration

Update on IOTA CA release: EGI (DavidG) will provide them as a separate RPM, meaning they will not be enabled by default through an update
* Will also require installing the policy update script RPM and configure the policies
* Will also run a test as part of the site tests that should fail if the site did the proper things to enable IOTA support
* New discussion about adding explicitly the `ca_policy_name` attribute or having the PAP doing it after verifying that the policy is properly configured, based on the profile
* The ultimate goal is to ensure that the new version of Argus with the old configuration will not allow IOTA CA in
* IOTA CA must allowed in only if the policy update script has been run
* Having the PAP driving the process of enabling a IOTA CA doesn't allow to specify which VOs are enabled
* May be something could be done in pepd to refuse IOTA CA use until the ca_policy_name has been specified (policy upgraded). Andrea looking at the possibility.
* If this is processed at the Argus level by some reliable ways, there is no need for the canl change as far as Argus is concerned... Would be good to have it anyway but less pressure/urgency


## 1.7 Deployment Status

Would be good to look at deployment status with BDII
* May be wait 1.7.1 (IOTA support) before starting a campaign

Agreement that 1.6 could be declared End-Of-Life: in case of problem, people will be required to upgrade to 1.7 first
* This is the general policy for grid MW anyway

## AOB

Next meeting : March 3, 2 pm

There are minutes attached to this event. Show them.

- 14:00 → 14:10
  
  General news 10m
- 14:10 → 14:30
  
  New release: development and testing status 20m
  
  Development news (Andrea)
  1.7.1 release status (new PIPs for IOTA CA support)
- 14:30 → 14:40
  
  UMD4 Integration status 10m
- 14:40 → 14:50
  
  Open issues 10m
- 14:50 → 15:00
  
  AOB 10m
  
  Next meeting