Attendees:
- (Borja) DB, hadoop as well as DB
- (Luca) CF, data centre & service now, hardware lifecycle
- (Diogo) Storage, most visible are CERNbox, EOS, AFS, Samba -> how is this different to FreeIPA coord meeting
- (Remi) Beams, 3000 devices for controls that use LDAP and AD, Linux systems plus tools (e.g. technical consoles)
- (Andreas) CS communication systems, mostly internal monitoring tools but also telephony that is user facing
- (Ben) Compute and monitoring, Batch, many machines to migrate to FreeIPA plus configuration. Many queries run against LDAP. Apps such as Foreman
- (Panos) scientific computing, CRIC (topology for WLCG), using LDAP and kerberos. Also CMS
- (Sebastian & Siavas) replacing Pablo for CDA, windows management. Also migration from AD to FreeIPA
- (Sotirios) IR department, web design guidelines, using LDAP for MyCERN app (retrieve bio)
- (P Fokianos) scientific information service department, kerberos usage and web auth
- (Joel) EP department, TBC which applications might be affected
- & Maite, Paolo, Mary, Julien and Hannah
- (Roberto & Mario) FAP-BC, mostly interested in SSO but possibly other services
Notes:
- Some confusion between LDAP and SSO
- What are we trying to restrict in terms of privacy? E.g. adding a group to a puppet managed VM, group members are expanded and visible to any user on the box. Can be authenticated but not necessarily private. We need to understand whether there is any benefit to blocking anonymous LDAP when IT users can get data in other ways. Can have ACLs for API endpoints.
- Consider confidentiality vs traceability
- We need to better define the privacy problem
- How to review with team? set up a collaboration workspace
There are minutes attached to this event.
Show them.