Speaker
Description
In 2018, as part of the effort to replace the use of the Globus Toolkit's security infrastructure, a flurry of new approaches toward token-based authentication and authorization were attempted in the WLCG. This includes work in token formats (such as SciTokens, Macaroons, or WLCG JWT) and token acquisition workflows. After a year of experimentation, some common patterns are starting to emerge.
The token-based approach - relying on describing the bearer's capabilities - is a more flexible scheme than the traditional GSI setup, which relies on identity mapping. In this presentation, I'll outline the difference between the two and take a tour through the different token schemes. I'll discuss the new feature support in XRootD for these different authorization techniques.
