WLCG Token Usage and Discovery
Since 2017, the Worldwide LHC Computing Grid (WLCG) has been working towards enabling token based authentication and authorisation throughout its entire middleware stack. Following the publication of the WLCG Common JSON Web Token (JWT) Schema v1.0 [1] in 2019, middleware developers have been able to enhance their services to consume and validate the JWT-based [2] OAuth2.0 [3] tokens and process the authorization information they convey. Complex scenarios, involving multiple delegation steps and command line flows, are a key challenge to be addressed in order for the system to be fully operational. This paper expands on the anticipated token based workflows, with a particular focus on local storage of tokens and their discovery by services. The authors include a walk-through of this token flow in the RUCIO managed data-transfer scenario, including delegation to FTS and authorised access to storage elements. Next steps are presented, including the current target of submitting production jobs authorised by Tokens within 2021.
- Research Organization:
- Fermi National Accelerator Laboratory (FNAL), Batavia, IL (United States)
- Sponsoring Organization:
- USDOE Office of Science (SC), High Energy Physics (HEP)
- DOE Contract Number:
- AC02-07CH11359
- OSTI ID:
- 1781073
- Report Number(s):
- FERMILAB-CONF-21-078-SCD; oai:inspirehep.net:1861826
- Journal Information:
- EPJ Web Conf., Vol. 251
- Country of Publication:
- United States
- Language:
- English
| The OAuth 2.0 Authorization Framework | report | October 2012 |
WLCG Authorisation from X.509 to Tokens
|
journal | January 2020 |
CERN’s Identity and Access Management: A journey to Open Source
|
journal | January 2020 |
Similar Records
XRootD Third Party Copy for the WLCG and HL- LHC
XRootD Third Party Copy for the WLCG and HLLHC