Project

General

Profile

Actions

Story #11453

closed

Federated user identity which works across a network of Arvados clusters

Added by Tom Morris over 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
06/20/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
2.0

Description

Basic elements:
- a single login server which provides authentication for all clusters in the network
- a single user UUID is used across all nodes in the cluster.

API server needs two additional features:
1. Validate salted token by contacting origin cluster
2. As an origin cluster, validate a received token from a remote cluster

Validation requests return the user record which is used to populate the local user table, along with an expiration time after which revalidation should occur.

Draft: Federated identity

Migration process from local identity to network identity is separate


Subtasks 4 (0 open4 closed)

Task #11874: [Spike] Prototype federated identityResolved06/20/2017

Actions
Task #12424: Migration process to convert local user IDs to network cluster IDsClosed10/10/2017

Actions
Task #12455: Validate v2-format salted tokensResolvedTom Clegg06/20/2017

Actions
Task #12440: Review 11453-federated-tokensResolvedTom Clegg06/20/2017

Actions

Related issues 2 (0 open2 closed)

Blocks Arvados - Story #11454: Support federated search across a set of Arvados clustersResolvedLucas Di Pentima04/11/2017

Actions
Blocks Arvados - Story #12705: Documentation/helper scripts for migrating users to federated identityResolvedTom Clegg01/11/2018

Actions
Actions

Also available in: Atom PDF