SciTokens for SSH

21 views
Skip to first unread message

Basney, Jim

unread,
Jan 16, 2020, 3:42:38 PM1/16/20
to SciTokens Discussion
Hi all,

I'm pleased to share the news that Alex Gao (University of Illinois student) has added SciTokens support to the open source oauth-ssh package that Globus has donated to XSEDE. If you're willing/able to review/test it, it'd be very helpful to have your comments added to the pull request (https://github.com/XSEDE/oauth-ssh/pull/69). Since SciTokens aims to conform to standards like the WLCG Common JWT Profiles (https://doi.org/10.5281/zenodo.3460258), I'm interested in any thoughts you might have on use cases and interoperability for this capability.

Since it's currently a not-yet-accepted pull request, please consider it experimental. We'll follow-up with updates when it's available for general release.

Thanks,
Jim

Brian Bockelman

unread,
Jan 18, 2020, 4:46:01 AM1/18/20
to Basney, Jim, SciTokens Discussion
This is great progress! Thanks Alex for all your hard work on this.

In terms of use cases - is it possible to integrate this somehow with
`oidc-agent`?

Brian
> --
> You received this message because you are subscribed to the Google Groups "SciTokens Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@scitokens.org.
> To view this discussion on the web visit https://groups.google.com/a/scitokens.org/d/msgid/discuss/DM6PR11MB28750415BD1AE0275E3181A6D3360%40DM6PR11MB2875.namprd11.prod.outlook.com.

Basney, Jim

unread,
Jan 19, 2020, 12:39:18 PM1/19/20
to SciTokens Discussion
Hi Brian,

Interesting question about oidc-agent. I think there are SSH aspects and SciTokens aspects.

Does oidc-agent already work with SSH? My initial thought is that oidc-agent integration with https://github.com/XSEDE/oauth-ssh is orthogonal to the SciTokens patch (i.e., we'd want oauth-ssh to support oidc-agent with any token type/provider). If so, maybe you could open an issue about oidc-agent integration at https://github.com/XSEDE/oauth-ssh/issues. I'm happy for the SciTokens project to contribute SciTokens functionality to oauth-ssh, but I think the responsibility for overall oauth-ssh features/interop belongs to XSEDE.

Does oidc-agent already work with SciTokens? https://github.com/indigo-dc/oidc-agent/issues/225 makes me hopeful, but I'm not finding anything about SciTokens at https://indigo-dc.gitbook.io/oidc-agent/.

Regards,
Jim

________________________________________
From: Brian Bockelman <bock...@gmail.com>
Sent: Saturday, January 18, 2020 3:45 AM
To: Basney, Jim
Cc: SciTokens Discussion
Subject: Re: SciTokens for SSH

Reply all
Reply to author
Forward
0 new messages