WLCG Authorisation from X.509 to Tokens

Bockelman, Brian; Ceccanti, Andrea; Collier, Ian; Cornwall, L.; Dack, Thomas; Guenther, J.; Lassnig, M.; Litmaath, M.; Millar, Paul; Sallé, Mischa; Short, Hannah; Teheran, Jeny; Wartel, Romain

doi:10.1051/epjconf/202024503001

Cited by 9 publications

(9 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This transition will be achieved by using the OpenID Connect (OIDC) [37] identity layer on top of the OAuth2 protocol [38]. Rucio supports OIDC authentication [39] and this is already being tested in the DOMA Rucio instance [40]. In the context of ESCAPE an initial testing phase is also ongoing where those functionalities are examined with the aim of demonstrating completely X.509 free access to the resources.…”

Section: Data Lake Architecturementioning

confidence: 99%

The ESCAPE Data Lake: The machinery behind testing, monitoring and supporting a unified federated storage infrastructure of the exabyte-scale

Dona

Maria

Escape³

2021

EPJ Web Conf.

View full text Add to dashboard Cite

The EU-funded ESCAPE project aims at enabling a prototype federated storage infrastructure, a Data Lake, that would handle data on the exabyte-scale, address the FAIR data management principles and provide science projects a unified scalable data management solution for accessing and analyzing large volumes of scientific data. In this respect, data transfer and management technologies such as Rucio, FTS and GFAL are employed along with monitoring enabling solutions such as Grafana, Elasticsearch and perf- SONAR. This paper presents and describes the technical details behind the machinery of testing and monitoring of the Data Lake – this includes continuous automated functional testing, network monitoring and development of insightful visualizations that reflect the current state of the system. Topics that are also addressed include the integration with the CRIC information system as well as the initial support for token based authentication / authorization by using OpenID Connect. The current architecture of these components is provided and future enhancements are discussed.

show abstract

Section: Data Lake Architecturementioning

confidence: 99%

The ESCAPE Data Lake: The machinery behind testing, monitoring and supporting a unified federated storage infrastructure of the exabyte-scale

Dona

Maria

Escape³

2021

EPJ Web Conf.

View full text Add to dashboard Cite

show abstract

“…The WLCG Authorisation Working Group was formed in 2017, at a time when multiple activities were independently beginning to seriously consider token based authorisation. Experts from multiple domains and projects -including SciTokens [4], the INDIGO DataCloud project [5] and EGI [6] -came together to chart a path towards token based authorisation for WLCG [7]. Work to enhance software was supported by several European Commission Projects: EOSC-Hub [8], EOSC Pilot [9] and AARC2 [10].…”

Section: Contributing Groupsmentioning

confidence: 99%

WLCG Token Usage and Discovery

et al. 2021

Self Cite

View full text Add to dashboard Cite

Since 2017, the Worldwide LHC Computing Grid (WLCG) has been working towards enabling token based authentication and authorisation throughout its entire middleware stack. Following the publication of the WLCG Common JSON Web Token (JWT) Schema v1.0 [1] in 2019, middleware developers have been able to enhance their services to consume and validate the JWT-based [2] OAuth2.0 [3] tokens and process the authorization information they convey. Complex scenarios, involving multiple delegation steps and command line flows, are a key challenge to be addressed in order for the system to be fully operational. This paper expands on the anticipated token based workflows, with a particular focus on local storage of tokens and their discovery by services. The authors include a walk-through of this token flow in the RUCIO managed data-transfer scenario, including delegation to FTS and authorised access to storage elements. Next steps are presented, including the current target of submitting production jobs authorised by Tokens within 2021.

show abstract

“…Moving away from X.509 is not something experiments can do in isolation, and requires a concerted effort. Work to adopt a token AAI based on the industry standard protocols like Oauth2.0 and OpenID Connect is ongoing at the WLCG level [23].…”

Section: Authentication and Authorisation Implementationsmentioning

confidence: 99%

Evolution of ATLAS analysis workflows and tools for the HL-LHC era

et al. 2021

View full text Add to dashboard Cite

The High Luminosity LHC project at CERN, which is expected to deliver a ten-fold increase in the luminosity of proton-proton collisions over LHC, will start operation towards the end of this decade and will deliver an unprecedented scientific data volume of multi-exabyte scale. This vast amount of data has to be processed and analysed, and the corresponding computing facilities must ensure fast and reliable data processing for physics analyses by scientific groups distributed all over the world. The present LHC computing model will not be able to provide the required infrastructure growth, even taking into account the expected evolution in hardware technology. To address this challenge, several novel methods of how end-users analysis will be conducted are under evaluation by the ATLAS Collaboration. State-of-the-art workflow management technologies and tools to handle these methods within the existing distributed computing system are now being evaluated and developed. In addition the evolution of computing facilities and how this impacts ATLAS analysis workflows is being closely followed.

show abstract

WLCG Authorisation from X.509 to Tokens

Cited by 9 publications

References 3 publications

The ESCAPE Data Lake: The machinery behind testing, monitoring and supporting a unified federated storage infrastructure of the exabyte-scale

The ESCAPE Data Lake: The machinery behind testing, monitoring and supporting a unified federated storage infrastructure of the exabyte-scale

WLCG Token Usage and Discovery

Evolution of ATLAS analysis workflows and tools for the HL-LHC era

Contact Info

Product

Resources

About