Discussion/comments on the data model/workflow (see slides for details):

• Except for the HLT farm, the x509 credentials of the proxy sill accessible to the user (could be isolated using singularity)
• No user proxy/credential for the job: job only has a job token used to get data access token from the central service
• Custom protocol on the storage side:
  • ALICE-specific protocol, no standard, but code is public
  • Additional configuration required for sites (XROOTD plugin)
• Two models possible (can be combined):
  • Jobs get all data access at start-up, with an extended expiration date
  • Jobs continuously ask central service for tokens, with shorter expiration date
• File deletion might be blocked (not required by standard jobs, not clear if implemented during the meeting)