WLCG Token Usage and Discovery

Since 2017, the Worldwide LHC Computing Grid (WLCG) has been working towards enabling token based authentication and authorisation throughout its entire middleware stack. Following the publication of the WLCG Common JSON Web Token (JWT) Schema v1.0 [1] in 2019, middleware developers have been able to enhance their services to consume and validate the JWT-based [2] OAuth2.0 [3] tokens and process the authorization information they convey. Complex scenarios, involving multiple delegation steps and command line flows, are a key challenge to be addressed in order for the system to be fully operational. This paper expands on the anticipated token based workflows, with a particular focus on local storage of tokens and their discovery by services. The authors include a walk-through of this token flow in the RUCIO managed data-transfer scenario, including delegation to FTS and authorised access to storage elements. Next steps are presented, including the current target of submitting production jobs authorised by Tokens within 2021.

[1]  M. Lassnig,et al.  WLCG Authorisation from X.509 to Tokens , 2020, EPJ Web of Conferences.

[2]  Michael B. Jones,et al.  OAuth 2.0 Device Authorization Grant , 2019, RFC.

[3]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[4]  Paolo Tedesco,et al.  CERN’s Identity and Access Management: A journey to Open Source , 2020 .

[5]  Michael B. Jones,et al.  JSON Web Token (JWT) , 2015, RFC.

[6]  John Bradley,et al.  OAuth 2.0 Token Exchange , 2020, RFC.

[7]  Michael B. Jones,et al.  JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants , 2015, RFC.

[8]  P. Alam,et al.  H , 1887, High Explosives, Propellants, Pyrotechnics.

[9]  G. Fitzgerald,et al.  'I. , 2019, Australian journal of primary health.

[10]  Mine Altunay,et al.  Secure Command Line Solution for Token-based Authentication , 2021, EPJ Web of Conferences.

[11]  Michael B. Jones,et al.  The OAuth 2.0 Authorization Framework: Bearer Token Usage , 2012, RFC.

[12]  Thomas de Quincey [C] , 2000, The Works of Thomas De Quincey, Vol. 1: Writings, 1799–1820.

[13]  Danna Zhou,et al.  d. , 1840, Microbial pathogenesis.

[14]  Prabath Siriwardena,et al.  OAuth 2.0 , 2014 .