WLCG AuthZ Call

Europe/Zurich
Description

Proposed agenda: 

Discuss role of keys and trust anchors in OIDC-based infrastructure

  • OIDC Key management
    • Transport
    • Signing (JWTs)
  • Distribution of keys
  • OIDC Federation Key Management (future scenario)

Attendees: Jeny, Mine, Linda, Tom, Maarten, Andrea, Hannah, Ian

 

Summary: 

  • OIDC Certificates and Keys (largely a solved problem)

    • Transport certs

      • Must be publicly trusted

      • Opportunity to make life easier for integrators (e.g. LetsEncrypt)

    • Signing certs

      • Discovery and distribution well described by standards

      • Lifetimes defined by WLCG Token Schema v1.0

    • VOs will need to maintain lists of valid token issuers (similar to current VOMS lists)

    • Global list may be useful for opportunistic resources

  • OIDC Federation

    • Future model of OIDC AuthZ at large scale, will have additional role for certificates

    • Not currently required for WLCG (we have smaller scale and OIDC Fed not production yet)

  • Role of IGTF

    • IGTF certs no longer have role in OIDC AuthZ

    • IGTF policies still essential

    • Envisage that IGTF maintains list of approved Token Issuers 

There are minutes attached to this event. Show them.
The agenda of this meeting is empty