In order to enable an iCal export link, your account needs to have an API key created. This key enables other applications to access data from within Indico even when you are neither using nor logged into the Indico system yourself with the link provided. Once created, you can manage your key at any time by going to 'My Profile' and looking under the tab entitled 'HTTP API'. Further information about HTTP API keys can be found in the Indico documentation.
Additionally to having an API key associated with your account, exporting private event information requires the usage of a persistent signature. This enables API URLs which do not expire after a few minutes so while the setting is active, anyone in possession of the link provided can access the information. Due to this, it is extremely important that you keep these links private and for your use only. If you think someone else may have acquired access to a link using this key in the future, you must immediately create a new key pair on the 'My Profile' page under the 'HTTP API' and update the iCalendar links afterwards.
Permanent link for public information only:
Permanent link for all public and protected information:
Off the wall question from Paul: in x509 certificates / OIDC Access Tokens we have an expiry time because we think they may be compromised, what happens when we convert between types? When converting a SciToken to a Macaroon they both have expiry times but it's not clear whether the expiry times should be identical. If not, there's a possibility to extend the lifetime of a token.
This scenario happens frequently in proxies
More complicated with refresh tokens included, maybe need an upstream check
Need to consider separate logic for access tokens and refresh tokens
Macaroons don't have the concept of a refresh token, makes converting a short OAuth2 token to a Macaroon not very useful for long running activities (e.g. jobs)
Is there anything enforcing this in MyProxy? No. Only on a credential basis, e.g. proxy cannot outlive certificate
We need more input on Distribution of Trust, lack of agreement on use of OIDC Fed.
@Hannah to see whether we can have a BoF at CHEP - we would need a specific topic
@Hannah extend glossary
@Mischa to look at "Discovery" (now renamed, "Metadata Lookup")
@Andrea add WLCG specific URLs
@Andrea ask Brian whether aud has been restricted in SciTokens to a single value
@Hannah to ping key people about pre-GDB
@Hannah ask IanC about visitor cards and get back to the list, "If you plan to attend in person and require a visitor pass, please contact lcg.office AT cern.ch in advance of travel (please don't arrive at CERN without having arranged your pass in advance)."
There are minutes attached to this event.