https://doi.org/10.1051/epjconf/202125102028
WLCG Token Usage and Discovery
1 European Organization for Nuclear Research (CERN), Switzerland
2 Deutsches Elektronen-Synchrotron (DESY), Germany
3 Istituto Nazionale di Fisica Nucleare (INFN), Italy
4 Science and Technology Facilities Council (UKRI-STFC), United Kingdom
5 Nationaal Instituut voor Subatomaire Fysica (Nikhef), Netherlands
6 Morgridge Institute for Research, United States
7 Fermi National Accelerator Laboratory, United States
* e-mail: hannah.short@cern.ch
Published online: 23 August 2021
Since 2017, the Worldwide LHC Computing Grid (WLCG) has been working towards enabling token based authentication and authorisation throughout its entire middleware stack. Following the publication of the WLCG Common JSON Web Token (JWT) Schema v1.0 [1] in 2019, middleware developers have been able to enhance their services to consume and validate the JWT-based [2] OAuth2.0 [3] tokens and process the authorization information they convey. Complex scenarios, involving multiple delegation steps and command line flows, are a key challenge to be addressed in order for the system to be fully operational. This paper expands on the anticipated token based workflows, with a particular focus on local storage of tokens and their discovery by services. The authors include a walk-through of this token flow in the RUCIO managed data-transfer scenario, including delegation to FTS and authorised access to storage elements. Next steps are presented, including the current target of submitting production jobs authorised by Tokens within 2021.
© The Authors, published by EDP Sciences, 2021
This is an Open Access article distributed under the terms of the Creative Commons Attribution License 4.0, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
