WLCG AuthZ Call

Tuesday 29 Jan 2019, 15:00 → 16:30 Europe/Zurich

Proposed agenda:

1. Schema document comments https://docs.google.com/document/d/1cNm4nBl9ELhExwLxswpxLLNTuz8pT38-b_DewEyEWug/edit?usp=sharing 

Attendees: Romain, Hannah, Maarten, Mischa, Andrea, Nicolas, Brian

Notes:

• Decision from Pilot teams to share a deployment of the Master Portal & RCAuth integration
• Q from Andrea: the status of the master portal?
  • Already deployed and connected to RCAuth at CERN
  • Q from Nicolas: Do we need to register IAM as an OIDC IdP for the Master Portal?
    • Yes to establish trust
  • Need to register as client
    • Nicolas needs client ID and secret from IAM
  • Different integration required for RCAuth and Master Portal
• Q from Mischa: which is the host name of the RCAuth test instance? RCAuth Pilot EU 
  • Might need to renew the host certificate (letsencrypt is used)
• Schema work
  • We need to be clearer about expected behaviour when asserting groups and capabilities - a separate paragraph should be included
  • "ver" claim. Should it be "wlcg_ver"? It would be nicer to use a pre-defined attribute from upstream but we think there isn't one. In practice this doesn't matter so much
• DUNE
  • Visit on Friday from Steven Timm
  • Various attempts to make contact already between this working group and fermilab, hopefully this can be strengthened

Actions:

• Andrea to create a client and send details (encrypted) to Nicolas (who will send endpoint)
• Mischa to followup r.e. certificate renewal (with DavidG)