Worldwide LHC Computing Grid
How WLCG is using the AARC Blueprint Architecture as a backdrop for the discussions as a reference frame for best practices.
WLCG is a global collaboration of more than 170 computing centres in 42 countries, linking up national and international grid infrastructures. The mission is to provide global computing resources to store, distribute and analyse the data generated by the Large Hadron Collider (LHC) at CERN.
The AAI challenge
When WLCG was set up in the early 2000s, the best option for authentication and authorization was personal X.509 certificates. All researchers involved in LHC experiments had to go to an accredited certification authority and get an X.509 certificate – a process which meant (in some countries) presenting proof of identity and/or employment. The system works but is time-consuming and cumbersome for everyone involved.
With the development of eduGAIN and national Identity Federations, X.509 certificates are no longer the best option. So WLCG teamed up with AARC to pilot a better solution for their Authentication and Authorization (AAI) requirements.
How did the AARC project help?
Eliminating X.509 certificates it’s a huge challenge and WLCG set up a Working Group to structure the discussion. The WLCG team did not want to reinvent the AAI wheel so they took advantage of the meetings and working groups set up by AARC to kick-start the discussions with the developers of existing tools, namely the EGI Check-in service and the INDIGO DataCloud IAM solutions.
The Blueprint Architecture provided the backdrop for the discussions as a reference frame for best practices. The AARC Guidelines have also contributed to decrease the number of unexpected occurrences.
The developers from both solutions have been working closely together during the enhancement of their respective services. In particular, the integration of RCAuth, as an x509 Certificate Authority, has been a combined effort. The final solution chosen by WLCG will include components from each solution and benefit from the collaborative approach taken by the developers.
“The BPA is a nice place to guide you to think about the bigger picture and the context in which you’re going to be implementing your AAI.”
Hannah Short, CERN Computing and WLCG