WLCG AuthZ Call
→
Europe/Zurich
Description
Proposed agenda:
- Feedback from ARC (see pdf attached)
- WLCG Claim Names (using ver and groups doesn't seem the way to go)
- Schema document comments https://docs.google.com/document/d/1cNm4nBl9ELhExwLxswpxLLNTuz8pT38-b_DewEyEWug/edit?usp=sharing
Attendees: Maarten, Balazs, Brian, Hannah, Jeny, Linda, Mischa, Romain
Apologies: Nicolas
Notes:
- ARC feedback
- one main suggestion to mirror data scopes in compute scopes
- Important to keep number of scopes small
- Maybe we need a namespace to differentiate between data and compute scopes
- suggested “modify” is for modifying job metadata rather than launching or cancelling job
- aiming for symmetry would be nice, let’s not give up yet
- need to be aware of implementation cost and token size (above 2k is difficult)
- GA4GH restricts tokens to 2k and adds flag if token is larger
- this will be difficult to change after the fact
- maybe a power user might be able to kill all jobs for a VO
- we need to be careful not to accidentally allow anyone to upload a pilot job
- need namespace or separate tokens per function
- OIDF Feedback
- Agree that adding WLCG to ver and groups claim seems reasonable
- How do we inform the version endpoint that we want a version 43 token rather than a version 42 token?
- Must use scopes since that’s the only thing available
- Or in client registration?
- Or better a mix
- version specified in client registration
- plus override in scopes request (would also allow OP to advertise which versions it supports)
Actions:
- @Hannah add suggestion on token size (2k recommendation)
- @Hannah to make some demo tokens and check their size https://demo.scitokens.org
- @Hannah to add wlcg. in front of ver and group throughout the doc
- @Hannah send a message to ask who can meet on the 25th
There are minutes attached to this event.
Show them.
The agenda of this meeting is empty