JWT Profile Meeting

Europe/Zurich
Description

Draft agenda:

 

Videoconference Rooms
WLCG_AuthZ_Meeting
Name
WLCG_AuthZ_Meeting
Description
WLCG_AuthZ_Meeting
Extension
10669715
Owner
Hannah Short
Auto-join URL
Useful links
Phone numbers

17:00 15th March

Attendees: Romain, Maarten Brian, Paul, Mischa, Hannah

  • Token Verification 
    • Largely standard. 
    • Discussion over whether certificate should be IGTF. Must bear in mind that the trust built through IGTF is an important factor.
    • Which role should IGTF play? Could be a key signer (parallel to OIDC Federation future role)
    • OIDC endpoint recommended for token validation, this is not necessarily in the standard for OAuth but is generally supported, pre RFC https://tools.ietf.org/html/draft-ietf-oauth-discovery-10
    • We should future-proof our decisions to consider federation between infrastructures
    • Scitokens may need to check compliance with the RFC
  • Token Validation
    • which claims should the clients understand? 
    • suggestion to have optional and required 
    • clients MUST support the minimum version but can ignore everything else
    • there is a generally accepted minimum set for JWT claims
  • Authorisation schema
    • Suggesting scp claim
    • Perhaps need to have sanity checks to avoid unsafe authorisations
    • Should still be flexible
    • Need to have a similar language, e.g. does write also cover delete, is queue just write? 
    • We need to define claims (mandatory & optional) and scopes (where relevant)
  • How do we get parties to agree to adopt the schema?
    • Needs to be a period of consultation
    • Need continuous input from working group during adoption and transition
    • Must involve the wider community 
  • Next Call Topics
    • Identify Roadmap, potential blockers
    • IGTF role

Actions:

@Hannah set up a call with IGTF people (Jim, David) & this WG to talk about certificate usage

@Brian to add recommended minimum claims set to document

@Andrea to add Identity Schema 

@All to contribute to the list of “actions” for authorisation 

@All to review the doc and add comments

@Hannah to set up the next call

There are minutes attached to this event. Show them.
The agenda of this meeting is empty