WLCG AuthZ Call


Attendees: Ioannis, Linda, Maarten, Mischa, Romain, Hannah, David, Nicolas, Brian


  • @Hannah send email r.e. Mischa & Hannah to talk with Uros & Nicolas & Markus & Davide about the OIDC schema at the AARC meeting. Can also discuss briefly in JRA1 session
  • @Hannah send info about how to join OIDF rande mailing list
  • @Maarten to contact ARC CE folk to get opinion on compute capabilities
  • @Hannah ask @Andrea about use of https://edms.cern.ch/ui/file/1078881/1/xacml-grid-ce-profile-v_1_0.pdf in CREAM? 

Answer "That profile was put together some years ago to enable fine-grained
management of the authorizations on a CREAM CE in the integration with
the Argus authorization service (I know, this sentence is a bit
convoluted). Basically you could link CREAM to an Argus instance and
there define policies that would grant those capabilities to some
principal depending on its authentication and authorization attributes.

I am not sure if in the end CREAM has fully implemented the profile, but
I would say this doesn't really affect our works since CREAM is out of
support and will be replaced by other CE technologies (ARC CE,

That said, the profiling work we've done at the time could help in
defining the capabilities for a generic batch system/ CE environment, so 
we can reuse some of the classification logic and refresh things to make
sense in a token-based AAI."

  • @Hannah to ask Brian if he has some example requests
There are minutes attached to this event. Show them.
The agenda of this meeting is empty