WLCG AuthZ WG Call
→
Europe/Zurich
Description
Evaluation table for EGI Checkin and IAM: https://docs.google.com/spreadsheets/d/1mC2U2H12RDHsOtk1OHQM3_HVbbflHfj-Y1Fv0yW_0KA/edit?usp=sharing
Notes from the EGI Checkin demos and IAM: https://indico.cern.ch/event/680452/
Registration
Participants
Notes WLCG Auth WG Feb 21st 16:00 CET
Attendees: Andrea, Aresh, Hannah, Panos, Julia, Alessandro, Alexey, Linda, Maarten, Mario, Michel, Miguel, Mischa, Nicolas, Romain
CRIC
- multiple authN sources used
- Local
- SSL
- CERN SSO
- Grid Cert
- Currently rely on grid map for caching, but also per-user lookup
AARC
- Pilots should be able to be run in parallel
- Mischa and Mario to discuss next week in AARC PlugFest
- IAM instance https://wlcg-authz-wg.cloud.cnaf.infn.it/
- Should involve admins to test the pilots
EGI/IAM Evaluation
- https://docs.google.com/spreadsheets/d/1mC2U2H12RDHsOtk1OHQM3_HVbbflHfj-Y1Fv0yW_0KA/edit#gid=0
- Delegated AUP signing may be more important (i.e. delegate the AUP itself)
- Hannah to check whether there is an attribute in the CERN SSO token to show whether the user is registered
- Probably need a bigger discussion on whether CERN SSO should be the only IdP
AOB
- Talk from IT CDA on future e-groups replacement project - is this of interest?
Next Steps
- Mario to speak with Mischa next week
- Work to begin on Pilots
- Consider provisioning
- Hannah set up next call (not Wednesday with cost model, Andrea Shaba)
- discuss CERN SSO integration options & HR DB
- go through requirements
- potentially a talk from Paolo on IT CDA
Actions
- Andrea and Hannah to set up CERN SSO for WLCG IAM instance
- Mario to set up a mailing list & Wiki space
- All (mostly Andrea and Nicolas) to continue to fill the requirements before the next call
There are minutes attached to this event.
Show them.