WLCG AuthZ Call


Attendees: Romain, Hannah, Maarten, Mischa, Andrea, Nicolas, Brian


  • Decision from Pilot teams to share a deployment of the Master Portal & RCAuth integration
  • Q from Andrea: the status of the master portal?
    • Already deployed and connected to RCAuth at CERN
    • Q from Nicolas: Do we need to register IAM as an OIDC IdP for the Master Portal?
      • Yes to establish trust
    • Need to register as client
      • Nicolas needs client ID and secret from IAM
    • Different integration required for RCAuth and Master Portal
  • Q from Mischa: which is the host name of the RCAuth test instance? RCAuth Pilot EU 
    • Might need to renew the host certificate (letsencrypt is used)
  • Schema work
    • We need to be clearer about expected behaviour when asserting groups and capabilities - a separate paragraph should be included
    • "ver" claim. Should it be "wlcg_ver"? It would be nicer to use a pre-defined attribute from upstream but we think there isn't one. In practice this doesn't matter so much
  • DUNE
    • Visit on Friday from Steven Timm
    • Various attempts to make contact already between this working group and fermilab, hopefully this can be strengthened


  • Andrea to create a client and send details (encrypted) to Nicolas (who will send endpoint)
  • Mischa to followup r.e. certificate renewal (with DavidG)
There are minutes attached to this event. Show them.
The agenda of this meeting is empty