WLCG AuthZ WG Call

31/S-027 (CERN)



Show room on map
  • VOMS-Admin essential features from previous experience: https://hackmd.web.cern.ch/s/S1oVAsk5z#
    • Features have been added to this Spreadsheet for ease 
  • Site level traceability and suspension
    • What is needed? What kind of identifier is needed at the Sites, the VO membership management?
    • Which attributes need to be available to facilitate this?
  • AOB



Attendees: David, Andrea, Brian, Hannah, Mischa, Miguel, Maria, Tanya, Ioannis, Maarten, Paul

Apologies: Romain


  • Went through list of previous VOMS-Admin essential features
  • Suspension/Expiration, possibly need to make requirements more concrete 
  • Point raised that moving to pure group based authorisation loses the role-choice requirement (specific way to do this in e.g. IAM) 
    • Must make sure that group selection is an available feature
  • These feature requirements should be checked with VO managers to ensure they are correct
  • It has been useful in the past to be able to roll back expiration in VOMS if e.g. CERN HR DB is incorrect
  • Possibility to improve new tool to mark a user as incorrectly flagged in CERN HR DB
  • Bulk action feature - this may not be the most optimal feature as it's typically used to roll back mistakes. We need to check with VO managers. @Miguel to ask VO Managers for ALICE input
  • Certain requests that weren't included in VOMS Admin we will leave until demand
  • July pre-GDB, Andrea will send a representative 
    • pre-GDB final drafts
      • JWT schema
      • WLCG Requirements
      • Pilot Progress (@Hannah to follow up with both pilots)
  • ***Talk about User Identifiers in the next call***


There are minutes attached to this event. Show them.
    • 16:00 17:30
      WLCG Auth Call 1h 30m
      Speaker: Hannah Short (CERN)