Author:
Bockelman Brian,Ceccanti Andrea,Dack Thomas,Dykstra Dave,Litmaath Maarten,Sallé Mischa,Short Hannah
Abstract
Since 2017, the Worldwide LHC Computing Grid (WLCG) has been working towards enabling token based authentication and authorisation throughout its entire middleware stack. Following the publication of the WLCG Common JSON Web Token (JWT) Schema v1.0 [1] in 2019, middleware developers have been able to enhance their services to consume and validate the JWT-based [2] OAuth2.0 [3] tokens and process the authorization information they convey. Complex scenarios, involving multiple delegation steps and command line flows, are a key challenge to be addressed in order for the system to be fully operational. This paper expands on the anticipated token based workflows, with a particular focus on local storage of tokens and their discovery by services. The authors include a walk-through of this token flow in the RUCIO managed data-transfer scenario, including delegation to FTS and authorised access to storage elements. Next steps are presented, including the current target of submitting production jobs authorised by Tokens within 2021.
Reference23 articles.
1. Altunay M., Bockelman B., Ceccanti A., Cornwall L., Crawford M., Crooks D., Dack T., Dykstra D., Groep D., Igoumenos I. et al. , WLCG Common JWT Profiles (2019), https://doi.org/10.5281/zenodo.3460258
2. Jones M., Bradley J., Sakimura N., JSON Web Token (JWT), RFC 7519 (2015), https://rfc-editor.org/rfc/rfc7519.txt
3. Hardt D., The OAuth 2.0 Authorization Framework, RFC 6749 (2012), https://rfc-editor.org/rfc/rfc6749.txt
4. INDIGO Identity and Access Management (IAM), https://indigo-iam.github.io/docs
5. Indigo Data Cloud, https://www.indigo-datacloud.eu
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献