WP2 fortnightly meeting


ESCAPE WP2 Fortnightly 6th June 2019

Present: Andrea Ceccanti, Andrew Pickford, Aris, DavidG, Eric Fede, Fabio, Jordi Delgado, Mischa Salle, Paul Millar, Rosie, Tommasso, Mario, Martin, Xavi

News (Rosie, Xavi): 

AAI - Authentication and Authorization (Andrea):

  • Objective: “The ESCAPE project will not build new authentication mechanisms but will leverage and build on existing work to provide the secure composition of data and compute services needed to enable the data-lake vision. “
  • We will adopt standards-based AAI solutions
  • Andrea presents the planing for the new AAI in WLCG, main goals and challenges are:
    • Authentication
    • Delegation: provide the ability for services to act on behalf of users: support for long-running applications
    • Provisioning: support provisioning/de- provisioning of identities to services/relying resources
    • Token translation
    • Identity harmonization & account linking
    • Authorization
    • Future token based WLCG AAI: Introduce a central VO- scoped authz service that exposes identity information, attributes and capabilities to services via JWT tokens and standard OAuth & OpenID Connect protocols. It supports Web and non-Web access, delegation and token renewal
    • Compliant with AARC blueprint architecture
  • Enabling technologies that are widely adopted in industry, based on standards and  proven to be scalable:
    • OAuth2
    • OpenID connect
    • Jason Web Tokens (JWT)
  • Working group to have a common profile for Token-bashed AuthN/AuthZ with the goal to rely on standards as much as possible.
  • ESCAPE AAI next steps:
    • Collect and understand AAI requirements across ESFRIS, current status of AAI, etc.
    • Proposal covers WLCG use case, need to understand if it also covers needs from different ESFRIS in ESCAPE.
    • Setup a testbed


  • Estimation about the work to be done on the underlying services to adopt tokens infrastructure? done in wlcg for several storage systems, FTS, etc. Good experience and test infrastructure for TPC ongoing.
  • Propose to have a Twiki page to expose current services and examples: how to get access via web, cli,..
  • Andrea to fill google Doc with key questions for F2F regarding AAI

Round table:

  • Kai: ntr
  • Andrew: ntr
  • David: ntr
  • Fabio: ntr
  • Jordi: ntr
  • Mario and Martin: ntr
  • Mischa: ntr
  • Paul: Agenda for F2F meeting not in place. (Xavi) Next meeting will be dedicated to this.
  • Rosie: 
    • Remind about the google doc and invite to send suggestions about the agenda and topics.
    • Computing services for ESCAPE, anyone tried to access. Specific on WP3? These are shared services for ESCAPE project. Discuss about this in two weeks? Please sign-up for these services by following instructions here: https://indico.in2p3.fr/event/19138/
      • Paul pointed out the certificate used in one of the webpages expired.
There are minutes attached to this event. Show them.
    • 10:00 AM 10:10 AM
      News 10m
      • F2F preparations, technical input:
      Speakers: Rosie Bolton (Square Kilometre Array Organisation) , Simone Campana (CERN)
    • 10:10 AM 10:40 AM
      AAI 30m
      Speaker: Andrea Ceccanti (INFN)
    • 10:40 AM 11:00 AM
      Round Table 20m