PoS - Proceedings of Science
Volume 434 - International Symposium on Grids & Clouds (ISGC) 2023 in conjunction with HEPiX Spring 2023 Workshop (ISGC&HEPiX2023) - Virtual Research Environment (VRE)
DIRAC: OIDC/OAuth2 based security framework
A. Tsaregorodstsev* and A. Lytovchenko
Full text: pdf
Published on: October 25, 2023
The DIRAC Interware is the framework for building distributed computing systems which allows to integrate various kinds of computing and storage resources in a transparent way from the user’s perspective. Up until recently, the client communications with DIRAC were based on a custom protocol using X.509 PKI certificates. Following the recent move towards OIDC/OAuth2 based security infrastructure, the DIRAC client/server protocol was enhanced to support both proxy certificates and tokens. The new framework has components for user authentication and authorization with respect to the DIRAC services. It also has a Token Manager service for maintaining long-living tokens necessary to support asynchronous operations on the user’s behalf. The tokens now can be used to access computing resources such as HTCondorCE and ARC Computing Elements as well as cloud sites. Enabling access to the storage resources and other third-party services is currently under intensive development.
In this paper we describe the architecture of the DIRAC security framework together with various aspects of its implementation. The choice of the solutions is largely motivated by the requirement of continuity of the DIRAC services already in production and transparency of changes for the end users. The usage of OAuth2 tokens in dedicated or multi-community DIRAC services as well as the necessity to support multiple Identity Provider services is discussed. We also provide an outlook of future development plans with the goal to achieve a complete, scalable and user-friendly security framework for the DIRAC Interware project.
DOI: https://doi.org/10.22323/1.434.0029
How to cite

Metadata are provided both in "article" format (very similar to INSPIRE) as this helps creating very compact bibliographies which can be beneficial to authors and readers, and in "proceeding" format which is more detailed and complete.

Open Access
Creative Commons LicenseCopyright owned by the author(s) under the term of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.