This deliverable is due by M11 of the project (i.e. end of March 2018).

Authorisation Models for SPs

Summary

This deliverable should capture

JWT Shared Profile for WLCG
Authors: M Martinez Pedreira, M Litmaath, P Millar, A Ceccanti, M Sallé, B Bockelman, H Short
https://docs.google.com/document/d/1XQvh2dxDivUstjQaS3K6tkpLyvXlEOR4QU8YtTzDqg4/edit?usp=sharing
Notes:
- use it as a state-of-the-art analysis of currently used token-related authorisation model
- extract a shared JWT profile that is interoperable across infrastructures; this doc is already aiming for a WLCG JWT profile but I don’t know if this would cover the authorisation needs of other research communities so perhaps we need to come up with a more generic shared AARC JWT interoperable profile.
- JWT is relevant for OIDC/OAuth2 relying parties. So this doc could be used as the basis for describing the token based authorisation scheme we’re looking for in AARC since there are already real use cases for it
  (while XACML is a bit exotic - at least according to my understanding).
The drafty text of AARC2-JRA1.2A
Guidelines for scalable authorisation across multi-SP environments
https://docs.google.com/document/d/17BaAp8OBUo9V3Z4iDYxfckzrEFwdIBfBrkOebp6VSIg/edit#heading=h.1cjulk67kv2d

Date

Location

Agenda

Minutes

2018-01-30 10:00 (CET)

Document Kickoff

Marcus will circulate the initial ToC on Wednesday

2018-02-13 10:00 (CET)

Finalise ToC and assign writing tasks

Received a lot of input during TIIME

In the call we went through the whole ToC and discussed / updated changes

Marcus will contact authors of individual sections p2p

The call was missing contribution from: