Conveners
Macaroons
- Paul Millar (DESY)
Description
With the increasing availability of automated computing platforms (PaaS) and scientific portals, allowing scientists to focus on their scientific work instead of forcing them to become an IT expert, storage systems are no longer directly accessed by processes under the control of the user but, instead, by a chain of intermediate agents. Consequently, when it comes to authorisation, the resource owner might have to grant permissions, on behave of the user, with narrowing privileges, along that chain. To enable infrastructures to tackle this issue, dCache is implementing Macaroons, a distributed authorisation method, introduced by Google. We will provide examples on how Macaroons have been integrated into dCache and how they can be used in complex computing and storage infrastructures.
