Abstract
One of the key challenges identified by the HEP R&D roadmap for software and computing is the ability to integrate heterogeneous resources in support of the computing needs of HL-LHC. In order to meet this objective, a flexible Authentication and Authorization Infrastructure (AAI) has to be in place, to allow the secure composition of computing and storage resources provisioned across heterogeneous providers (e.g., Grid, private and commercial Clouds, HPC centers). At CHEP 2018, we presented how a flexible AAI based on modern, standard Web technologies (OpenID Connect, OAuth and JSON Web Tokens) and centered on the INDIGO Identity and Access Management (IAM) service could support the transition of the WLCG infrastructure to a token-based AAI. In the meanwhile, INDIGO IAM has been selected by the WLCG Management Board as the solution that will be adopted by LHC experiments, and is also at the core of the AAI envisioned to support the computing needs of the ESCAPE project. In this contribution, which represents a follow up to last-year plenary talk, we describe the work done recently on the IAM service to support WLCG requirements.
Highlights
Last year we presented how a flexible Authorization Infrastructure (AAI) based on modern, standard Web technologies, namely OpenID Connect [1], OAuth [2] and JSON Web Tokens (JWTs) [3], and centered on the INDIGO Identity and Access Management (IAM) service could be realized to support WLCG use cases [4].In this contribution we describe the work done in the past year to enable this vision, covering in more detail development, testing and integration activities done on the IAM service to support the requirements emerging from the WLCG Authorization working group [5, 6].The INDIGO IAM Service provides a central authorization server, dealing with user authentication, registration and high-level authorization for a Virtual Organization
At CHEP 2018, we presented how a flexible AAI based on modern, standard Web technologies (OpenID Connect, OAuth and JSON Web Tokens) and centered on the INDIGO Identity and Access Management (IAM) service could support the transition of the WLCG infrastructure to a token-based AAI
INDIGO IAM has been selected by the WLCG Management Board as the solution that will be adopted by LHC experiments, and is at the core of the AAI envisioned to support the computing needs of the ESCAPE project
Summary
Last year we presented how a flexible AAI based on modern, standard Web technologies, namely OpenID Connect [1], OAuth [2] and JSON Web Tokens (JWTs) [3], and centered on the INDIGO Identity and Access Management (IAM) service could be realized to support WLCG use cases [4]. In this contribution we describe the work done in the past year to enable this vision, covering in more detail development, testing and integration activities done on the IAM service to support the requirements emerging from the WLCG Authorization working group [5, 6]
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.