Speaker
Description
Authentication and authorisation for the High Energy Physics computing grid infrastructure has been based on X.509 certificates since its inception in the early 2000s. In recent years an emphasis has been placed on modernising the stack, facilitating integration with external cloud infrastructure and improving usability and security - all of which have naturally led to a transition to JWT tokens over OAuth2 and OIDC. Important questions are emerging from the operational experience of using tokens - particularly finding an appropriate balance between operations and security. We aim to solve these problems by working together with the wider TNC community (though projects such as AARC-TREE) and complete the migration to token workflows in the coming years. We will share the vision and progress so far.
