VO Standards in Authorization systems

Canada/Pacific
Description

Authentication and Authorization systems are key services offered by any kind of infrastructure to guarantee secure and granted access to resources. As discussed in the Virtual Observatory, some features are already standardized but some work have to be done in terms of interoperability of the authorizations. The main goal of this meeting would be to think, discuss and if possible evaluate a possible standard proposal in line with the current ones.

    • 09:00 09:05
      Welcome 5m
    • 09:05 09:20
      Teams 15m

      Brief presentation of participants

    • 09:20 09:50
      OATs: Italian Astronomical Archives (IA2) and SKA activities 30m

      A brief description on structure and activities carried out @OATs will be presented. Focus will be on Italian Astronomical Archives and on SKA related activities. Some consideration on the future desiderata will be reported.

    • 09:50 10:20
      CADC activities 30m

      Introduction to the CADC activities and services offered to the Astronomical community

    • 10:20 10:40
      Break 20m
    • 10:40 12:10
      Authentication and Authorization Use cases 1h 30m

      Description of some use cases (CADC and IA2). SKA requirements and other telescopes needs.

    • 12:10 13:00
      Discussion 50m
    • 13:00 14:00
      Lunch 1h
    • 14:00 14:20
      User Registration, Account Linking, Grouping management systems and unique identifier 20m

      Best practices suggest to register the users of resources. Some telescope's requirements state the account linking is desirable. Are the GMSs ready for it? Grouper does not allow the account linking, for example.
      Some scientists would like to be identify by their ORCID.
      How to merge all those things together?

    • 14:20 14:50
      GMS as VO standard 30m
    • 14:50 15:20
      Credential Delegation Protocol 30m
    • 15:20 15:30
      Break 10m
    • 15:30 16:00
      GMS and the credential delegation protocol @ CADC 30m

      How GMS store the information about the group membership and how the credential delegation protocol is foreseen to intervene in the process.

    • 16:00 16:20
      Conclusions and discussion 20m
    • 09:00 10:00
      GMS and GROUPER 1h

      How to interoperate the GMS and Grouper systems.

    • 10:00 11:00
      Credential delegation: X.509 vs OAuth2 1h

      Current implementation of credential delegation is based on X.509 certificates. Is it feasible and how to use instead of X.509 a OAuth2 token? What are pro and contra (security, API reliability, complexity etc..) ?

    • 11:00 11:20
      Break 20m
    • 11:20 12:50
      Discussion - Authorization sharing with the account linking 1h 30m

      How to include the sharing of Authorization tokens using the account linking mechanism?

    • 12:50 13:50
      Lunch 1h
    • 13:50 15:50
      Discussion - Authorization sharing with the account linking - cont. 2h
    • 15:50 16:20
      Break 30m
    • 16:20 16:40
      Conclusions and any other business 20m