WLCG AuthZ Meeting
Thursday, 28 September 2017 -
16:00
Monday, 25 September 2017
Tuesday, 26 September 2017
Wednesday, 27 September 2017
Thursday, 28 September 2017
16:00
AuthZ in WLCG
-
Maarten Litmaath
(
CERN
)
Brian Paul Bockelman
(
University of Nebraska Lincoln (US)
)
AuthZ in WLCG
Maarten Litmaath
(
CERN
)
Brian Paul Bockelman
(
University of Nebraska Lincoln (US)
)
16:00 - 16:20
Maarten/Brian - present and review how Authorization is used today in WLCG, and what features or functionalities would need to be preserved in the future
16:20
VOMS proxy provisioning via ssh
-
Mischa Sallé
(
FOM Nikhef
)
VOMS proxy provisioning via ssh
Mischa Sallé
(
FOM Nikhef
)
16:20 - 16:40
16:40
FIM Considerations
-
Hannah Short
(
CERN
)
FIM Considerations
Hannah Short
(
CERN
)
16:40 - 17:00
FIM Discussion Points: - How can we enable membership requests based on federated credentials? - What is a suitable source of membership roles & groups? Does it need to change? (VOMS, e-groups, User Office, COManage etc) -Acceptable LoA of federated credentials? -Acceptable trust in IdP (e.g. Sirtfi)? -Identity vetting process integration? (Between User Office & AA) -Account transfer between federated credentials (home organisation changes)? -What needs to change for services to accept federated credentials? -Translation services? -Move non web services behind web portals? -CLI possibilities? -Can we remove the need for certificates in the hands of the -user - or make it transparent? -How can we block users? -Blocking at the authentication stage? -Real-time blocking? -Blocking long lived access tokens (certificates, OAuth tokens, etc)? -How can access rights (roles/groups) for a user be queried? -What can we expect of users in addition to web based AuthN? -Certificate management? -SSH Key management? -Other?