- Compact style
- Indico style
- Indico style - inline minutes
- Indico style - numbered
- Indico style - numbered + minutes
- Indico Weeks View
Attending:
- Alessandra F, Andrea C, Andrew H, Brian B, Fabrizio F, Horst S., Lucia, Oliver K, Rizart D., Haykahi, Dmitry L, Andrea M,
Protocol Updates:
- Xrootd: Continued work on the multistream transfers for Xrootd TPC.
- HTTP: Nothing of note - everything continues on quietly.
Token-based AuthN/Z for DOMA data transfers:
- Document discussed.
- One token or two? If it is generated when the FTS transfer is started, then it is a bit irrelevant: the amount of code change is pretty minimal to do a second one.
- What trust do we put in FTS? Document has client_credentials (CMS trusts FTS) while existing mechanism has a delegation of trust (CMS Rucio is trusted, Rucio delegates to FTS).
- Suggestion: reshuffle the proposal so there is a token exchange at the FTS side.
- FTS would be able to change the scope and audiences.
- Token exchange vs client credentials:
- Client credentials causes FTS to be completely trusted. Very simple
- Token exchange causes FTS to be delegated quite a bit of authority. Requires refresh tokens.
- FTS supports token exchange currently? To investigate.
- To reduce the number of tokens, maybe we can just use fine-grained audiences and not fine-grained scopes?
- Audience: "storage endpoint" name of the SE? GocDB name? Endpoint name of the current host.
- Let's not do GocDB name -- site admins may not know that, doesn't add much.
-