Uploaded image for project: 'Request For Comments'
  1. Request For Comments
  2. RFC-765

User permissions model in Science Platform services



    • Type: RFC
    • Status: Implemented
    • Resolution: Done
    • Component/s: DM
    • Labels:


      This RFC is largely informational to document a change in technical direction from a previously discussed plan. Unless you are developing Science Platform and adjacent services, it will not affect you.

      Historically the idea was that the Science Platform layer would rely on underlying infrastructure permissions. For a number of reasons, some technical and some not, we are now proceeding with a model where the service layer is responsible for authentication and the infrastructure is agnostic of the user management model. While the previous approach had the virtue of simplicity, the new approach means that:

      1. Certain service architectures (eg remote Butler) become possible
      2. Generating large number of fake accounts for scale testing becomes easy
      3. Onboarding/offboarding and other user management on a large number of heterogenous deployments (LDF, IDF, USDF, Summit, iDACs, etc) is simpler
      4. Users do not need infrastructure accounts (from the provider), just Science Platform accounts which means that scientists of all nationalities may use our services even if they are hosted in a government lab (eg SLAC)
      5. Concerns than this model would place an unsupportable burden on the A&A service have been allayed by our new service, gafaelfawr
      6. Interoperability with off-the-shelf OAuth2 services becomes easier
      7. Object Stores can be transparently substituted in services that previously relied on POSIX filesystems

      This model is already applied on Science Platform services (for example, users do not need Google accounts to use the platform deployed on IDF). We have not yet worked out the details of access to the user database tables, but have no reason to believe this approach won't work.

      Tagging all relevant parties, hopefully not a surprise to anyone at this point.


          Issue Links



              frossie Frossie Economou
              frossie Frossie Economou
              Adam Thornton, Christine Banek, Colin Slater, Dominique Boutigny, Fabio Hernandez, Fritz Mueller, Frossie Economou, Gregory Dubois-Felsmann, Hsin-Fang Chiang, Jim Bosch, Kian-Tat Lim, Richard Dubois, Russ Allbery, Simon Krughoff, Tim Jenness
              0 Vote for this issue
              15 Start watching this issue


                Planned End:


                  No builds found.