Conveners
Token Based Authorisation for WLCG
- Andrea Ceccanti (INFN)
- Hannah Short (CERN)
- Brian Bockelman (CERN)
- Jim Basney (National Center for Supercomputing Applications)
Description
The WLCG Authorization Working Group was formed in July 2017 with the objective to understand and meet the needs of a future-looking Authentication and Authorization Infrastructure (AAI) for Worldwide LHC Computing Grid (WLCG) experiments. Much has changed since the early 2000s when X.509 certificates presented the most suitable choice for authorization within the grid; progress in token based authorization and identity federation has provided an interesting alternative with notable advantages in usability and compatibility with external (commercial and academic) partners. The need for interoperability in this new model is paramount, as infrastructures and research communities become increasingly interdependent.
Over the past three years, the working group has made significant steps towards defining a system to meet the technical needs highlighted by the community. A token based AAI has been identified, enhanced and deployed to allow several High Energy Physics experiments to integrate their clients and middleware. Key aspects of the work have been possible thanks to externally funded projects, allowing existing AAI components to be adapted to our needs, and individual contributions at several well attended hackathons. A cornerstone of the infrastructure is the reliance on a common token schema in line with evolving standards and best practices, allowing for maximum compatibility and easy cooperation with peer infrastructures and services. This schema is being updated as the working group gains practical experience. We present the progress so far, challenges faced and a look at next steps.
