Skip to content

Latest commit

 

History

History
36 lines (28 loc) · 1.33 KB

20230926-minutes.md

File metadata and controls

36 lines (28 loc) · 1.33 KB

Authentication Working Group Minutes

Tuesday, 2023/09/26

10:00 am ET

Attendees:

Terrell Russell, Kory Draughn, Alan King, Martin Flores, Harry Kodden (SURF), Martin Golasowski (IT4I), Lukas Vojacek (IT4I), Claudio Cacciari (SURF)

Minutes

SUMMARY:

DISCUSSION

  • OIDC/OAuth2 in HTTP API
    • Active PR - irods/irods_client_http_api#75
    • Nearly feature complete, PR is out of draft
    • State is now handled via UUID
    • User mapping initially looking at custom 'irods_username' claim from provider
      • Considering an irods scope here?
    • Alternative mapping will happen in a separate PR, perhaps after initial release
    • Refresh token in a separate PR, created a new issue
  • Considering deprecating temporary passwords
    • Have contacted Maastricht about their use of this via PHP(!) and now Python
    • Use case was WebDAV usage (web portal generates and shows temp password)
      • Need native auth b/c webdav doesn't know how to PAM
      • Maastricht is PAM/SSO everywhere else
    • rcGetTemporaryPassword and rcGetTemporaryPasswordForOther
    • Possible workaround/alternate use case is to use Limited Password
    • Add LimitedPassword implementation to PRC/Jargon
      • Rework TemporaryPassword to call LimitedPassword in the server
    • SURF says Davrods can use PAM
  • Next Meeting
    • Oct 2023