This deliverable is due by M11 of the project (i.e. end of March 2018).
Authorisation Models for SPs
Summary
This deliverable should capture
Links
Working docs
Google-Doc: https://docs.google.com/document/d/1ofgSoUXI-CXO5Mqgpm-6bs_cejSdWm_wUAFcsEwbgm8
Notes for potential input:
- JWT Shared Profile for WLCG
Authors: M Martinez Pedreira, M Litmaath, P Millar, A Ceccanti, M Sallé, B Bockelman, H Short
https://docs.google.com/document/d/1XQvh2dxDivUstjQaS3K6tkpLyvXlEOR4QU8YtTzDqg4/edit?usp=sharing
Notes:- use it as a state-of-the-art analysis of currently used token-related authorisation model
- extract a shared JWT profile that is interoperable across infrastructures; this doc is already aiming for a WLCG JWT profile but I don’t know if this would cover the authorisation needs of other research communities so perhaps we need to come up with a more generic shared AARC JWT interoperable profile.
JWT is relevant for OIDC/OAuth2 relying parties. So this doc could be used as the basis for describing the token based authorisation scheme we’re looking for in AARC since there are already real use cases for it
(while XACML is a bit exotic - at least according to my understanding).
- The drafty text of AARC2-JRA1.2A
Guidelines for scalable authorisation across multi-SP environments
https://docs.google.com/document/d/17BaAp8OBUo9V3Z4iDYxfckzrEFwdIBfBrkOebp6VSIg/edit#heading=h.1cjulk67kv2d
Meetings schedule and Minutes
Date | Location | Agenda | Minutes |
---|---|---|---|
2018-01-30 10:00 (CET) | https://www.nikhef.nl/grid/video/?m=aarcjra1 | Document Kickoff | Marcus will circulate the initial ToC on Wednesday |
2018-02-13 10:00 (CET) | https://www.nikhef.nl/grid/video/?m=aarcjra1 | Finalise ToC and assign writing tasks | Received a lot of input during TIIME In the call we went through the whole ToC and discussed / updated changes Marcus will contact authors of individual sections p2p The call was missing contribution from:
|
2018-02-20 10:00 (CET) | https://www.nikhef.nl/grid/video/?m=aarcjra1 | Review Input | Most partners are contributing, The call was missing contribution from:
|
2018-02-22 | DocFest | Discuss Evolution of document | Restructure ToC to have use-cases after basic Authorisation Patterns. Optionally move Technology (section 4) to appendix, if it becomes too long |
2018-03-06 | https://www.nikhef.nl/grid/video/?m=aarcjra1 | Review Input and progress | Most input received; Low attendance of Partners - We have too much school-book like content in sections 2 and 4. We will shorten them dramatically and put links to wikipedia (where we found quite some content to be copied from !!) - @ALL: Please familiarise yourself with RFC 2753 [4], as we will use it to describe the architectures of the use-cases. (I found the introduction quite misleading. Most important are section 2 on terminology and 4 on architectures. - Again: The plan is to use one well-defined standard to describe all the different use-cases. In our section 5, we'll then try to put them into one big and consistent picture, just as we did for the blueprint. - Plan for the week is that I will work on this today and tomorrow and hand things back to you by thursday morning. We have to come to an initial draft for tuesdays call. |