https://doi.org/10.1051/epjconf/202024503021
Beyond X.509: Token-based authentication and authorization in practice
INFN CNAF, Viale Berti Pichat 6/2, 40127 Bologna, Italy
* e-mail: andrea.ceccanti@cnaf.infn.it
Published online: 16 November 2020
One of the key challenges identified by the HEP R&D roadmap for software and computing is the ability to integrate heterogeneous resources in support of the computing needs of HL-LHC. In order to meet this objective, a flexible Authentication and Authorization Infrastructure (AAI) has to be in place, to allow the secure composition of computing and storage resources provisioned across heterogeneous providers (e.g., Grid, private and commercial Clouds, HPC centers). At CHEP 2018, we presented how a flexible AAI based on modern, standard Web technologies (OpenID Connect, OAuth and JSON Web Tokens) and centered on the INDIGO Identity and Access Management (IAM) service could support the transition of the WLCG infrastructure to a token-based AAI. In the meanwhile, INDIGO IAM has been selected by the WLCG Management Board as the solution that will be adopted by LHC experiments, and is also at the core of the AAI envisioned to support the computing needs of the ESCAPE project. In this contribution, which represents a follow up to last-year plenary talk, we describe the work done recently on the IAM service to support WLCG requirements.
© The Authors, published by EDP Sciences, 2020
This is an Open Access article distributed under the terms of the Creative Commons Attribution License 4.0, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
