ESCAPE WP2 Fortnightly 6th June 2019
Present: Andrea Ceccanti, Andrew Pickford, Aris, DavidG, Eric Fede, Fabio, Jordi Delgado, Mischa Salle, Paul Millar, Rosie, Tommasso, Mario, Martin, Xavi
News (Rosie, Xavi):
- Google doc in preparation for the F2F meeting in Amsterdam. Google doc to collect technical input gathered during the fortnightly meetings. We would like to come up with an skeleton to be distributed among the different ESFRIs to provide input at the Amsterdam workshop. The goal is to define an architecture of the system together with a work plan:
AAI - Authentication and Authorization (Andrea):
- Objective: “The ESCAPE project will not build new authentication mechanisms but will leverage and build on existing work to provide the secure composition of data and compute services needed to enable the data-lake vision. “
- We will adopt standards-based AAI solutions
- Andrea presents the planing for the new AAI in WLCG, main goals and challenges are:
- Delegation: provide the ability for services to act on behalf of users: support for long-running applications
- Provisioning: support provisioning/de- provisioning of identities to services/relying resources
- Token translation
- Identity harmonization & account linking
- Future token based WLCG AAI: Introduce a central VO- scoped authz service that exposes identity information, attributes and capabilities to services via JWT tokens and standard OAuth & OpenID Connect protocols. It supports Web and non-Web access, delegation and token renewal
- Compliant with AARC blueprint architecture
- Enabling technologies that are widely adopted in industry, based on standards and proven to be scalable:
- OpenID connect
- Jason Web Tokens (JWT)
- Working group to have a common profile for Token-bashed AuthN/AuthZ with the goal to rely on standards as much as possible.
- ESCAPE AAI next steps:
- Collect and understand AAI requirements across ESFRIS, current status of AAI, etc.
- Proposal covers WLCG use case, need to understand if it also covers needs from different ESFRIS in ESCAPE.
- Setup a testbed
- Estimation about the work to be done on the underlying services to adopt tokens infrastructure? done in wlcg for several storage systems, FTS, etc. Good experience and test infrastructure for TPC ongoing.
- Propose to have a Twiki page to expose current services and examples: how to get access via web, cli,..
- Andrea to fill google Doc with key questions for F2F regarding AAI
- Kai: ntr
- Andrew: ntr
- David: ntr
- Fabio: ntr
- Jordi: ntr
- Mario and Martin: ntr
- Mischa: ntr
- Paul: Agenda for F2F meeting not in place. (Xavi) Next meeting will be dedicated to this.
- Remind about the google doc and invite to send suggestions about the agenda and topics.
- Computing services for ESCAPE, anyone tried to access. Specific on WP3? These are shared services for ESCAPE project. Discuss about this in two weeks? Please sign-up for these services by following instructions here: https://indico.in2p3.fr/event/19138/
- Paul pointed out the certificate used in one of the webpages expired.
There are minutes attached to this event.