Nov 4 – 8, 2019
Adelaide Convention Centre
Australia/Adelaide timezone

Token-based authorization in the StoRM WebDAV service

Nov 5, 2019, 3:30 PM
1h
Hall F (Adelaide Convention Centre)

Hall F

Adelaide Convention Centre

Poster Track 4 – Data Organisation, Management and Access Posters

Speaker

Andrea Ceccanti (Universita e INFN, Bologna (IT))

Description

Support for token-based authentication and authorization has emerged in recent years as a key requirement for storage elements powering WLCG data centers. Authorization tokens represent a flexible and viable alternative to other credential delegation schemes (e.g. proxy certificates) and authorization mechanisms (VOMS) historically used in WLCG, as documented in more detail in other submitted contributions to this conference.

In this contribution, we describe the work done to enable token-based authentication and authorization in the StoRM WebDAV service, describing and highlighting the differences between support for external OpenID connect providers, group-based and capability-based authorization schemes, and locally-issued authorization tokens.

We also discuss how StoRM WebDAV token-based authorization is being exploited in several contexts, from WLCG DOMA activities to other scientific experiments hosted at the INFN Tier-1 data center.

Consider for promotion No

Primary authors

Andrea Ceccanti (Universita e INFN, Bologna (IT)) Enrico Vianello Francesco Giacomini (INFN CNAF)

Presentation materials