WLCG Authorisation from X.509 to Tokens

The WLCG Authorisation Working Group was formed in July 2017 with the objective to understand and meet the needs of a future-looking Authentication and Authorisation Infrastructure (AAI) for WLCG experiments. Much has changed since the early 2000s when X.509 certificates presented the most suitable...

Descripción completa

Detalles Bibliográficos
Autores principales: Bockelman, Brian, Ceccanti, Andrea, Collier, Ian, Cornwall, Linda, Dack, Thomas, Guenther, Jaroslav, Lassnig, Mario, Litmaath, Maarten, Millar, Paul, Sallé, Mischa, Short, Hannah, Teheran, Jeny, Wartel, Romain
Lenguaje:eng
Publicado: 2020
Materias:
cs.DC
Computing and Computers
cs.CR
Acceso en línea:https://dx.doi.org/10.1051/epjconf/202024503001
http://cds.cern.ch/record/2751236
_version_ 1780969178571735040
author Bockelman, Brian
Ceccanti, Andrea
Collier, Ian
Cornwall, Linda
Dack, Thomas
Guenther, Jaroslav
Lassnig, Mario
Litmaath, Maarten
Millar, Paul
Sallé, Mischa
Short, Hannah
Teheran, Jeny
Wartel, Romain
author_facet Bockelman, Brian
Ceccanti, Andrea
Collier, Ian
Cornwall, Linda
Dack, Thomas
Guenther, Jaroslav
Lassnig, Mario
Litmaath, Maarten
Millar, Paul
Sallé, Mischa
Short, Hannah
Teheran, Jeny
Wartel, Romain
author_sort Bockelman, Brian
collection CERN
description The WLCG Authorisation Working Group was formed in July 2017 with the objective to understand and meet the needs of a future-looking Authentication and Authorisation Infrastructure (AAI) for WLCG experiments. Much has changed since the early 2000s when X.509 certificates presented the most suitable choice for authorisation within the grid; progress in token based authorisation and identity federation has provided an interesting alternative with notable advantages in usability and compatibility with external (commercial) partners. The need for interoperability in this new model is paramount as infrastructures and research communities become increasingly interdependent. Over the past two years, the working group has made significant steps towards identifying a system to meet the technical needs highlighted by the community during staged requirements gathering activities. Enhancement work has been possible thanks to externally funded projects, allowing existing AAI solutions to be adapted to our needs. A cornerstone of the infrastructure is the reliance on a common token schema in line with evolving standards and best practices, allowing for maximum compatibility and easy cooperation with peer infrastructures and services. We present the work of the group and an analysis of the anticipated changes in authorisation model by moving from X.509 to token based authorisation. A concrete example of token integration in Rucio is presented.
id cern-2751236
institution Organización Europea para la Investigación Nuclear
language eng
publishDate 2020
record_format invenio
spelling cern-27512362021-08-27T03:15:55Zdoi:10.1051/epjconf/202024503001doi:10.1051/epjconf/202024503001http://cds.cern.ch/record/2751236engBockelman, BrianCeccanti, AndreaCollier, IanCornwall, LindaDack, ThomasGuenther, JaroslavLassnig, MarioLitmaath, MaartenMillar, PaulSallé, MischaShort, HannahTeheran, JenyWartel, RomainWLCG Authorisation from X.509 to Tokenscs.DCComputing and Computerscs.CRComputing and ComputersThe WLCG Authorisation Working Group was formed in July 2017 with the objective to understand and meet the needs of a future-looking Authentication and Authorisation Infrastructure (AAI) for WLCG experiments. Much has changed since the early 2000s when X.509 certificates presented the most suitable choice for authorisation within the grid; progress in token based authorisation and identity federation has provided an interesting alternative with notable advantages in usability and compatibility with external (commercial) partners. The need for interoperability in this new model is paramount as infrastructures and research communities become increasingly interdependent. Over the past two years, the working group has made significant steps towards identifying a system to meet the technical needs highlighted by the community during staged requirements gathering activities. Enhancement work has been possible thanks to externally funded projects, allowing existing AAI solutions to be adapted to our needs. A cornerstone of the infrastructure is the reliance on a common token schema in line with evolving standards and best practices, allowing for maximum compatibility and easy cooperation with peer infrastructures and services. We present the work of the group and an analysis of the anticipated changes in authorisation model by moving from X.509 to token based authorisation. A concrete example of token integration in Rucio is presented.The WLCG Authorisation Working Group was formed in July 2017 with the objective to understand and meet the needs of a future-looking Authentication and Authorisation Infrastructure (AAI) for WLCG experiments. Much has changed since the early 2000s when X.509 certificates presented the most suitable choice for authorisation within the grid; progress in token based authorisation and identity federation has provided an interesting alternative with notable advantages in usability and compatibility with external (commercial) partners. The need for interoperability in this new model is paramount as infrastructures and research communities become increasingly interdependent. Over the past two years, the working group has made significant steps towards identifying a system to meet the technical needs highlighted by the community during staged requirements gathering activities. Enhancement work has been possible thanks to externally funded projects, allowing existing AAI solutions to be adapted to our needs. A cornerstone of the infrastructure is the reliance on a common token schema in line with evolving standards and best practices, allowing for maximum compatibility and easy cooperation with peer infrastructures and services. We present the work of the group and an analysis of the anticipated changes in authorisation model by moving from X.509 to token based authorisation. A concrete example of token integration in Rucio is presented.arXiv:2007.03602oai:cds.cern.ch:27512362020
spellingShingle cs.DC
Computing and Computers
cs.CR
Computing and Computers
Bockelman, Brian
Ceccanti, Andrea
Collier, Ian
Cornwall, Linda
Dack, Thomas
Guenther, Jaroslav
Lassnig, Mario
Litmaath, Maarten
Millar, Paul
Sallé, Mischa
Short, Hannah
Teheran, Jeny
Wartel, Romain
WLCG Authorisation from X.509 to Tokens
title WLCG Authorisation from X.509 to Tokens
title_full WLCG Authorisation from X.509 to Tokens
title_fullStr WLCG Authorisation from X.509 to Tokens
title_full_unstemmed WLCG Authorisation from X.509 to Tokens
title_short WLCG Authorisation from X.509 to Tokens
title_sort wlcg authorisation from x.509 to tokens
topic cs.DC
Computing and Computers
cs.CR
Computing and Computers
url https://dx.doi.org/10.1051/epjconf/202024503001
https://dx.doi.org/10.1051/epjconf/202024503001
http://cds.cern.ch/record/2751236
work_keys_str_mv AT bockelmanbrian wlcgauthorisationfromx509totokens
AT ceccantiandrea wlcgauthorisationfromx509totokens
AT collierian wlcgauthorisationfromx509totokens
AT cornwalllinda wlcgauthorisationfromx509totokens
AT dackthomas wlcgauthorisationfromx509totokens
AT guentherjaroslav wlcgauthorisationfromx509totokens
AT lassnigmario wlcgauthorisationfromx509totokens
AT litmaathmaarten wlcgauthorisationfromx509totokens
AT millarpaul wlcgauthorisationfromx509totokens
AT sallemischa wlcgauthorisationfromx509totokens
AT shorthannah wlcgauthorisationfromx509totokens
AT teheranjeny wlcgauthorisationfromx509totokens
AT wartelromain wlcgauthorisationfromx509totokens

Ejemplares similares