### Applying AAOPS to the WLCG Token Profile and Kubernetes deployments
EUGridPMA, 23/01/2020
Hannah Short, CERN
---
# AAOPS
- https://www.eugridpma.org/guidelines/aaops/
- Guidelines for operating a trusted attribute authority
- "Pull model" e.g. LDAP Lookup
- "Push model" e.g. OIDC Token Issuer
- Plenty of practical guidance as well as numbered requirements

---
# WLCG Token Profile
- Published September 2019 https://zenodo.org/record/3460258#.XihMWS2ZMUE
- Defines the contents of JSON Web Tokens used within WLCG Infrastructure
- Defines lifetimes of various OIDC features
---

---
# IAM Deployment
- INDIGO IAM is chosen Token Issuer for WLCG
- Current deployments are on Kubernetes
- Is this OK?
---
### Operational Guidelines

---
### Timelines

{"title":"Applying AAOPS to the WLCG Token Profile and Kubernetes deployments","type":"slide","slideOptions":{"transition":"slide"}}