Introduction

The shift towards federated identities and the adoption of new authorization standards by industry is a strong signal for WLCG to adapt its authorization infrastructure. It is necessary to continue to connect with users globally as well as peer organisation, infrastructures and cloud services.

Although it is clear that WLCG has to evolve away from X.509 at least for end users, there has been no community wide strategy. Several independent efforts to provide an authorization infrastructure supporting federated identity and authorization without certificates have been started and it is essential that a common vision be agreed upon. Different solutions are being implemented in the Research & Education sector and a number of translation services will be required to allow interoperable services.

The objective of this working group is to understand & meet the requirements of an AuthZ service for WLCG experiments focused on serving the 99% of our researchers.

There are two main activities

  1. Design and testing of a WLCG Membership Management and Token Translation service, facilitated by pilot projects with the support of AARC (AAI Pilot Projects)
  2. Definition of a token based authorization schema for downstream WLCG services and token issuers (JWT)

Contact

e-group and mailing list, project-lcg-authz@cernNOSPAMPLEASE.ch

Face-to-Face Meetings

Video-Conference Meetings

Presentations have been recorded where possible and are available at https://videos.cern.ch/deposit/project/aefb5d6eab4747008b54f305a9d721c5

WG Documents

Internal / Draft documents

Related Presentations

Reference Documents

Topic attachments
I Attachment History Action Size Date Who Comment
PDFpdf 20191105_CHEP_WLCG_AuthZ.pdf r1 manage 16690.8 K 2020-02-03 - 11:47 HannahMargaretShort CHEP2019 Slides
PDFpdf AARC-AARC2SA1PilotIntakeWLCG-070318-1102-2218.pdf r1 manage 62.2 K 2018-03-07 - 11:02 HannahMargaretShort AARC Pilot Intake Form
PDFpdf AuthZ-WG-180328.pdf r1 manage 947.4 K 2018-04-05 - 12:03 HannahMargaretShort Slides from WLCG Workshop March 2018
PDFpdf AuthZ_pre-GDB_Requirements.pdf r1 manage 80.2 K 2018-03-07 - 10:56 HannahMargaretShort AuthZ Requirements (snapshot)
PDFpdf JWT_Shared_Profile_for_WLCG.pdf r1 manage 526.9 K 2018-04-05 - 11:52 HannahMargaretShort  
PDFpdf JWT_use_within_the_Community_v1.0.pdf r1 manage 538.0 K 2018-11-12 - 09:18 HannahMargaretShort JWT Catalogue v1.0
PNGpng Screen_Shot_2018-09-20_at_12.36.42.png r1 manage 130.4 K 2018-09-20 - 12:38 HannahMargaretShort lifetime of grid jobs from CERN Batch (2 week sample)
PDFpdf WLCG_AuthZ_WG_CHEP2019_Abstract.pdf r1 manage 47.3 K 2019-04-12 - 10:28 HannahMargaretShort CHEP 2019 Abstract
PDFpdf WLCG_Authorisation_Requirements.pdf r1 manage 110.6 K 2018-09-28 - 16:10 HannahMargaretShort WLCG Requirements, frozen September 2018
PDFpdf WLCG_Authorisation_from_X_509_to_Tokens-Submitted.pdf r1 manage 328.6 K 2020-03-27 - 09:00 HannahMargaretShort CHEP2019 Proceedings
Unknown file formatdocx WLCG_Common_JWT_Profiles.docx r1 manage 77.9 K 2018-08-15 - 11:00 HannahMargaretShort JWT Schema Snapshot August 2018
PDFpdf WLCG_Token_based_Authentication__Authorisation_-_CodiMD.pdf r1 manage 37.6 K 2020-02-03 - 11:45 HannahMargaretShort Supporting material for VO Interviews
Edit | Attach | Watch | Print version | History: r32 < r31 < r30 < r29 < r28 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r32 - 2020-05-04 - HannahMargaretShort
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback