1.
|
WLCG Authorisation from X.509 to Tokens
/ Bockelman, Brian (Unlisted, US) ; Ceccanti, Andrea (INFN, Italy) ; Collier, Ian (Daresbury) ; Cornwall, Linda (Daresbury) ; Dack, Thomas (Daresbury) ; Guenther, Jaroslav (CERN) ; Lassnig, Mario (CERN) ; Litmaath, Maarten (CERN) ; Millar, Paul (DESY) ; Sallé, Mischa (Nikhef, Amsterdam) et al.
The WLCG Authorisation Working Group was formed in July 2017 with the objective to understand and meet the needs of a future-looking Authentication and Authorisation Infrastructure (AAI) for WLCG experiments. Much has changed since the early 2000s when X.509 certificates presented the most suitable choice for authorisation within the grid; progress in token based authorisation and identity federation has provided an interesting alternative with notable advantages in usability and compatibility with external (commercial) partners. [...]
arXiv:2007.03602.-
2020 - 8 p.
- Published in : EPJ Web Conf.: 245 (2020) , pp. 03001
Fulltext: PDF;
In : 24th International Conference on Computing in High Energy and Nuclear Physics, Adelaide, Australia, 4 - 8 Nov 2019, pp.03001
|
|
2.
|
x509-free access to WLCG resources
/ Short, H (CERN) ; Manzi, A (CERN) ; De Notaris, V (CERN) ; Keeble, O (CERN) ; Kiryanov, A (CERN ; St. Petersburg, INP) ; Mikkonen, H (Helsinki Inst. of Phys.) ; Tedesco, P (CERN) ; Wartel, R (CERN)
Access to WLCG resources is authenticated using an x509 and PKI infrastructure. Even though HEP users have always been exposed to certificates directly, the development of modern Web Applications by the LHC experiments calls for simplified authentication processes keeping the underlying software unmodified. [...]
2017 - 7 p.
- Published in : J. Phys.: Conf. Ser. 898 (2017) 102001
Fulltext: PDF;
In : 22nd International Conference on Computing in High Energy and Nuclear Physics, CHEP 2016, San Francisco, Usa, 10 - 14 Oct 2016, pp.102001
|
|
3.
|
Astronomical data organization, management and access in Scientific Data Lakes
/ Grange, Y.G. (ASTRON, Dwingeloo) ; Pandey, V.N. (ASTRON, Dwingeloo) ; Espinal, X. (CERN) ; Di Maria, R. (CERN) ; Millar, A.P. (DESY)
The data volumes stored in telescope archives is constantly increasing due to the development and improvements in the instrumentation. Often the archives need to be stored over a distributed storage architecture, provided by independent compute centres. [...]
arXiv:2202.01828.-
2024 - 4 p.
- Published in : Astron. Soc. Pac. Conf. Proc.: 535 (2024) , pp. 437
Fulltext: document - PDF; 2202.01828 - PDF; External link: Preprint
In : 31st Astronomical Data Analysis Software and Systems, Cape Town, South Africa, 24 - 28 Oct 2021, pp.437
|
|
4.
|
Adoption of a token-based authentication model for the CMS Submission Infrastructure.
/ Pérez-Calero Yzquierdo, Antonio (Madrid, CIEMAT ; PIC, Bellaterra) ; Mascheroni, Marco (UC, San Diego) ; Kizinevic, Edita (CERN) ; Khan, Farrukh Aftab (Fermilab) ; Kim, Hyunwoo (Fermilab) ; Flechas, Maria Acosta (Fermilab) ; Tsipinakis, Nikos (CERN) ; Haleem, Saqib (NCP, Islamabad) ; Würthwein, Frank (UC, San Diego)
/CMS Collaboration
The CMS Submission Infrastructure (SI) is the main computing resource provisioning system for CMS workloads. A number of HTCondor pools are employed to manage this infrastructure, which aggregates geographically distributed resources from the WLCG and other providers. [...]
arXiv:2405.14644.-
Geneva : CERN, 2024 - 6 p.
- Published in : EPJ Web Conf. 295 (2024) 04003
Fulltext: 2405.14644 - PDF; CR2023_170 - PDF; 24a38f66866e5065c5b8cfa45016bee6 - PDF; document - PDF; External link: Fermilab Library Server
In : 26th International Conference on Computing in High Energy & Nuclear Physics, Norfolk, Virginia, Us, 8 - 12 May 2023, pp.04003
|
|
5.
|
|
Authentication and Authorization for the WLCG
/ Dack, Tom (speaker) (Science and Technology Facilities Council STFC (GB))
This lecture will introduce the concepts of authentication and authorisation and their importance to modern research infrastructures. This will then be built upon by providing an overview of the existing WLCG authentication and authorisation infrastructure (AAI), before taking a deeper look at the token based AAI the grid is currently transitioning towards, covering the motivations for change, the technologies underpinning the design, and key workflows.
The exercise class for this lecture will provide attendees with the opportunity to obtain tokens from an issuer, and then extract information from the token. [...]
2023 - 3666.
Inverted CSC; Inverted CERN School of Computing 2023
External links: Talk details; Event details
In : Inverted CERN School of Computing 2023
|
|
6.
|
WLCG Transition from X.509 to Tokens. Status, Plans, and Timeline
/ Dack, Thomas (Rutherford Appleton Laboratory) ; Agostini, Federica (INFN, CNAF) ; Basney, Jim (NCSA, Urbana) ; Cornwall, Linda (Rutherford Appleton Laboratory) ; De Stefano, John Steven, Jr (Brookhaven) ; Dykstra, Dave (Fermilab) ; Giacomini, Francesco (INFN, CNAF) ; Litmaath, Maarten (CERN) ; Miccoli, Roberta (INFN, CNAF) ; Sallé, Mischa (Nikhef, Amsterdam) et al.
Since 2017, the Worldwide LHC Computing Grid (WLCG) has been working towards enabling token-based authentication and authorization throughout its entire middleware stack. Following the initial publication of the WLCG Token Schema v1.0 in 2019, OAuth2.0 token workflows have been integrated across grid middleware. [...]
FERMILAB-CONF-24-0578-CSAID.-
2024 - 6 p.
- Published in : EPJ Web Conf. 295 (2024) 04054
Fulltext: PDF; Fulltext from Publisher: PDF; External link: Fermilab Library Server
In : 26th International Conference on Computing in High Energy & Nuclear Physics, Norfolk, Virginia, Us, 8 - 12 May 2023, pp.04054
|
|
7.
|
|
Secure Command Line Solution for Token-based Authentication
/ Dykstra, Dave (speaker) (Fermi National Accelerator Lab. (US))
The WLCG is modernizing its security infrastructure, replacing X.509 client authentication with the newer industry standard of JSON Web Tokens (JWTs) obtained through the Open ID Connect (OIDC) protocol. There is a wide variety of software available using the standards, but most of it is for Web browser-based applications and doesn’t adapt well to the command line-based software used heavily in High Throughput Computing (HTC). [...]
2021 - 671.
Conferences; 25th International Conference on Computing in High Energy & Nuclear Physics
External links: Talk details; Event details
In : 25th International Conference on Computing in High Energy & Nuclear Physics
|
|
8.
|
ESCAPE prototypes a data infrastructure for open science
/ Bolton, Rosie (CERN) ; Campana, Simone (CERN) ; Ceccanti, Andrea (INFN, CNAF) ; Espinal, Xavier (CERN) ; Fkiaras, Aristeidis (CERN) ; Fuhrmann, Patrick (DESY) ; Grange, Yan (ASTRON, Dwingeloo)
The European-funded ESCAPE project will prototype a shared solution to computing challenges in the context of the European Open Science Cloud. It targets Astronomy and Particle Physics facilities and research infrastructures and focuses on developing solutions for handling Exabyte scale datasets. [...]
2020 - 7 p.
- Published in : EPJ Web Conf. 245 (2020) 04019
Fulltext from publisher: PDF;
In : 24th International Conference on Computing in High Energy and Nuclear Physics, Adelaide, Australia, 4 - 8 Nov 2019, pp.04019
|
|
9.
|
A security architecture for the ALICE grid services
/ Schreiner, Steffen (CERN) ; Grigoras, Costin (CERN) ; Buchmann, Johannes (Darmstadt, Tech. U.) ; Betev, Latchezar (CERN) ; Grigoras, Alina (CERN)
Globally distributed research cyberinfrastructures, like the ALICE Grid Services, need to provide traceability and accountability of operations and internal interactions. This document presents a new security architecture for the ALICE Grid Services, allowing to establish non-repudiation with respect to creatorship and ownership of Grid files and jobs. [...]
2012 - 12 p.
- Published in : PoS: ISGC2012 (2012) , pp. 027
External link: Published version from PoS
In : International Symposium on Grids and Clouds, Taipei, Taiwan, 26 Feb - 2 Mar 2012, pp.027
|
|
10.
|
Mediated definite delegation: Certified Grid jobs in ALICE and beyond
/ Schreiner, Steffen (Unlisted, DE ; CERN ; Darmstadt, Tech. Hochsch.) ; Grigoras, Costin (CERN) ; Litmaath, Maarten (CERN) ; Betev, Latchezar (CERN) ; Buchmann, Johannes (Unlisted, DE ; Darmstadt, Tech. Hochsch.)
Grid computing infrastructures need to provide traceability and accounting of their users activity and protection against misuse and privilege escalation, where the delegation of privileges in the course of a job submission is a key concern. This work describes an improved handling of Multi-user Grid Jobs in the ALICE Grid Services. [...]
2012 - 12 p.
- Published in : J. Phys.: Conf. Ser. 396 (2012) 032096
In : Computing in High Energy and Nuclear Physics 2012, New York, NY, USA, 21 - 25 May 2012, pp.032096
|
|