Uploaded image for project: 'SAFe Program'
  1. SAFe Program
  2. SP-3718

Token-based replacement for X.509 credential delegation

Change Owns to Parent OfsSet start and due date...
    XporterXMLWordPrintable

Details

    • Spike
    • Must have
    • PI20
    • None
    • SRCnet
    • Hide

      A credential delegation service enables service to service calls to be made with the originating user's credentials. With tokens, the scope of the token within the SRCNet ecosystem allows the SKA tokens to be used. The challenge is when making calls outside the ecosystem. In uses cases and in the architecture diagram, this is making use of external services where a user working inside SRCNet accesses authorized external resources programatically. The external resources may be 1) resources within the SRC node where the SRC node supports multiple facilities and a user has access to non-SRC data or services or 2) a completely external resource. Identifying a solution that could then be prototyped and deployed in the mini-SRCNet Demonstrator would help understand the need and identify any missing functionality to support that.
      It should be possible to do this via setting up IAM clients on the SRC IAM service and configure them for token exchange.

      Show
      A credential delegation service enables service to service calls to be made with the originating user's credentials. With tokens, the scope of the token within the SRCNet ecosystem allows the SKA tokens to be used. The challenge is when making calls outside the ecosystem. In uses cases and in the architecture diagram, this is making use of external services where a user working inside SRCNet accesses authorized external resources programatically. The external resources may be 1) resources within the SRC node where the SRC node supports multiple facilities and a user has access to non-SRC data or services or 2) a completely external resource. Identifying a solution that could then be prototyped and deployed in the mini-SRCNet Demonstrator would help understand the need and identify any missing functionality to support that. It should be possible to do this via setting up IAM clients on the SRC IAM service and configure them for token exchange.
    • Hide
      • Discussion/knowledge share around how we can configure things to use the token exchange functionality with the SRC IAM service to perform credential delegation
      • Documentation of how credential delegation can be done via token exchange in SRC IAM for future such use cases
      Show
      Discussion/knowledge share around how we can configure things to use the token exchange functionality with the SRC IAM service to perform credential delegation Documentation of how credential delegation can be done via token exchange in SRC IAM for future such use cases
    • 1.5
    • 1.5
    • 0
    • Team_PURPLE
    • Sprint 5
    • Overdue
    • PI20-PB

    Description

      Spike to explore solutions to replace IVOA CDP 1.0, an X.509-based credential delegation service, with an existing token-based service. The deliverable would be a recommendation of a token-based service to be prototyped and deployed in the mini-SRCNet Demonstrator.
       
      Section 1.10 in the attached document from INAF has good information on credential delegation and token exchange.
       

      It is perhaps possible to do the above using token exchange via Indigo IAM and this will be explored and documented.

      Attachments

        Structure

          Activity

            People

              r.bolton Bolton, Rosie
              s.gaudet Gaudet, Séverin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Feature Progress

                Story Point Burn-up: (0%)

                Feature Estimate: 1.5

                IssuesStory Points
                To Do00.0
                In Progress   00.0
                Complete00.0
                Total00.0

                Dates

                  Created:
                  Updated:

                  Structure Helper Panel