Versions Compared

Old Version 9

changes.mady.by.user Hannah Short

Saved on

compared with

New Version 10

changes.mady.by.user Hannah Short

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A priority for WLCG was not to reinvent the wheel, following the FIM4R recommendation to re-use shared components. Two solutions have been identified as possibilities and are currently undergoing developments; EGI-Check-in and INDIGO IAM. Both solutions have multiple reasons for enhancing their services and as such the decision was made to continue with the two options in parallel. The EGI-Check-in pilot is being driven by AARC, with RCAuth integration covered as a collaboration between the developers behind EGI-Check-In and INDIGO IAM.

The goal is to provide a self-contained AAI pilot solution that enables token based authentication and authorisation for WLCG. The two pilot services will be developed in parallel, assessed and a recommendation made to the community. Such a solution will be of wider benefit to user communities also looking to move away from x509 based authentication and authorisation, and developments in INDIGO IAM and EGI-Check-in will be relevant for a larger audience.

...

AARC BPA version:



Use Cases

(TBC, screenshots will be available in March)Videos for the AARC supported pilot for EGI-Check-in are available at https://www.dropbox.com/sh/0u9d5fzuxrjyu3k/AAClKTVLpJRC5YN2kh0JlKsGa?dl=0 

User links x509 certificate with federated credentials

StepScreenshot (TBC)Screenshots
User registers with the system using a federated accountAdmin approves registration

Image Added

Image Added

Image Added

Image Added


Image Added


User associates x509 user certificate with their accountUser is granted roles/groupsUser adds roles/groups to proxy certificate

Image AddedImage Added

User submits a physics job

registers with the system physics
StepScreenshot (TBC)
User Admin approves registrationfollows registration flow above
User User uploads SSH keyUser requests token from command line (Device Code Flow)

Image Added

Token is provisioned transparently

User submits a job in the normal way


Further information

AARC's specific role in this pilot is to coordinate the efforts, ensure that AARC recommendations are considered and to support the enhancement of EGI-Check-in. 

Was BPA useful to achieve this results? WLCG is looking at two existing AAI solutions that are broadly in line with the BPA already.

Sustainability? The aim of this pilot is to provide a recommendation for WLCG to deploy a BPA compliant AAI. This will be physically hosted at CERN. The pilot is directly useful in providing prototypes, proof of concept, and demonstrations.