Introduction
The shift towards federated identities and the adoption of new authorization standards by industry is a strong signal for WLCG to adapt its authorization infrastructure. It is necessary to continue to connect with users globally as well as peer organisation, infrastructures and cloud services.
Although it is clear that WLCG has to evolve away from X.509 at least for end users, there has been no community wide strategy. Several independent efforts to provide an authorization infrastructure supporting federated identity and authorization without certificates have been started and it is essential that a common vision be agreed upon. Different solutions are being implemented in the Research & Education sector and a number of translation services will be required to allow interoperable services.
The objective of this working group is to understand & meet the requirements of an
AuthZ service for WLCG experiments – focused on serving the 99% of our researchers.
There are two main activities
- Design and testing of a WLCG Membership Management and Token Translation service, facilitated by pilot projects with the support of AARC (AAI Pilot Projects)
- Definition of a token based authorization schema for downstream WLCG services and token issuers (JWT)
Contact
e-group and mailing list,
project-lcg-authz@cernNOSPAMPLEASE.ch
Face-to-Face Meetings
Video-Conference Meetings
Presentations have been recorded where possible and are available at
https://videos.cern.ch/deposit/project/aefb5d6eab4747008b54f305a9d721c5
Public Facing Documents
WG Documents
Internal / Draft documents
Related Presentations
Reference Documents