Focus on:  Hide Contributions
Login

VO Standards in Authorization systems

Canada/Pacific
Description

Authentication and Authorization systems are key services offered by any kind of infrastructure to guarantee secure and granted access to resources. As discussed in the Virtual Observatory, some features are already standardized but some work have to be done in terms of interoperability of the authorizations. The main goal of this meeting would be to think, discuss and if possible evaluate a possible standard proposal in line with the current ones.

  • Monday, 18 June
    • 1
      Welcome
    • 2
      Teams

      Brief presentation of participants

    • 3
      OATs: Italian Astronomical Archives (IA2) and SKA activities

      A brief description on structure and activities carried out @OATs will be presented. Focus will be on Italian Astronomical Archives and on SKA related activities. Some consideration on the future desiderata will be reported.

    • 4
      CADC activities

      Introduction to the CADC activities and services offered to the Astronomical community

    • 10:20
      Break
    • 5
      Authentication and Authorization Use cases

      Description of some use cases (CADC and IA2). SKA requirements and other telescopes needs.

    • 6
      Discussion
    • 13:00
      Lunch
    • 7
      User Registration, Account Linking, Grouping management systems and unique identifier

      Best practices suggest to register the users of resources. Some telescope's requirements state the account linking is desirable. Are the GMSs ready for it? Grouper does not allow the account linking, for example.
      Some scientists would like to be identify by their ORCID.
      How to merge all those things together?

    • 8
      GMS as VO standard
    • 9
      Credential Delegation Protocol
    • 15:20
      Break
    • 10
      GMS and the credential delegation protocol @ CADC

      How GMS store the information about the group membership and how the credential delegation protocol is foreseen to intervene in the process.

    • 11
      Conclusions and discussion
  • Tuesday, 19 June
    • 12
      GMS and GROUPER

      How to interoperate the GMS and Grouper systems.

    • 13
      Credential delegation: X.509 vs OAuth2

      Current implementation of credential delegation is based on X.509 certificates. Is it feasible and how to use instead of X.509 a OAuth2 token? What are pro and contra (security, API reliability, complexity etc..) ?

    • 11:00
      Break
    • 14
      Discussion - Authorization sharing with the account linking

      How to include the sharing of Authorization tokens using the account linking mechanism?

    • 12:50
      Lunch
    • 15
      Discussion - Authorization sharing with the account linking - cont.
    • 15:50
      Break
    • 16
      Conclusions and any other business
Powered by Indico v3.3.2