### Applying AAOPS to the WLCG Token Profile and Kubernetes deployments EUGridPMA, 23/01/2020 Hannah Short, CERN --- # AAOPS - https://www.eugridpma.org/guidelines/aaops/ - Guidelines for operating a trusted attribute authority - "Pull model" e.g. LDAP Lookup - "Push model" e.g. OIDC Token Issuer - Plenty of practical guidance as well as numbered requirements ![](https://codimd.web.cern.ch/uploads/upload_4e39822a63a3eba884f01220c92a571d.png =300x) --- # WLCG Token Profile - Published September 2019 https://zenodo.org/record/3460258#.XihMWS2ZMUE - Defines the contents of JSON Web Tokens used within WLCG Infrastructure - Defines lifetimes of various OIDC features --- ![](https://codimd.web.cern.ch/uploads/upload_dbc796ac309de96c0ad6394f53ef49f4.png) --- # IAM Deployment - INDIGO IAM is chosen Token Issuer for WLCG - Current deployments are on Kubernetes - Is this OK? --- ### Operational Guidelines ![](https://codimd.web.cern.ch/uploads/upload_c7a98b8791f870efcada9bf1c7e6c75a.png) --- ### Timelines ![](https://codimd.web.cern.ch/uploads/upload_d946ac38c4ab78d2453861262e1ec448.png)
{"title":"Applying AAOPS to the WLCG Token Profile and Kubernetes deployments","type":"slide","slideOptions":{"transition":"slide"}}
  389 views