Attendees: Andrea, DavidC, Hannah, Maarten, Mischa, Romain, Nicolas, Paul
Notes:
- DODAS is CMS distributed framework, not as specific as HTCondor, but could be a good talk of how these things are integrated in practice - could be included in call at end of June (TBC)
- Schema document
- Resource provider is not OAuth, do we mind? We can either go for readability or try to be in keeping with the spec. DECISION, add a glossary that defines OAuth and maps to understandable terms
- Revocation flow and discovery content has been included in the main document
- We need to consider trust in verification (which OPs and RPs etc are trusted by the group). Technical detail might be too detailed for now but we should say something. For SciTokens the environment is more homogeneous than ours will be, we need something more flexible than the current proposal.
- Operational impact of checking keys; if we have a smaller lifetime do we increase load? Presumably yes. OP can advertise multiple keys. Key retention period > lifetime of last access token signed. (Refresh tokens do not need to be signed). We don't want to flood token issuer with key requests. Will need tuning. HTTP get optimising is well documented, leverage caching headers. We should come up with some reasonable guidance.
- Revocation is needed if we want refresh.
- We need to specify how refresh and delegation works.
- In the end we will have
- Catalogue of JWT
- Schema & apendices
- Possibly some additional docs... e.g. extended Flows
Actions:
- @All read through the doc before pre-GDB
- @Hannah try a first draft of the glossary (some text already in flows document)
- @Andrea to continue "Flow document" and link to doc, add a little summary saying that we will follow the standard
- @Hannah add appendices (discovery)
- @Hannah ask Brian whether verification is standard
- @Mischa and Andrea to add Trust aspects to Verification, include Brian in discussions
- @Andrea normalise URLs and examples to WLCG jargon
- @Hannah make sure to talk about versioning in the next call
- @All to read through Operational Impacts Section and comment
There are minutes attached to this event.
Show them.