I'm pleased to share the news that Alex Gao (University of Illinois student) has added SciTokens support to the open source oauth-ssh package that Globus has donated to XSEDE. If you're willing/able to review/test it, it'd be very helpful to have your comments added to the pull request (https://github.com/XSEDE/oauth-ssh/pull/69). Since SciTokens aims to conform to standards like the WLCG Common JWT Profiles (https://doi.org/10.5281/zenodo.3460258), I'm interested in any thoughts you might have on use cases and interoperability for this capability.
Since it's currently a not-yet-accepted pull request, please consider it experimental. We'll follow-up with updates when it's available for general release.
Thanks,
Jim
Interesting question about oidc-agent. I think there are SSH aspects and SciTokens aspects.
Does oidc-agent already work with SSH? My initial thought is that oidc-agent integration with https://github.com/XSEDE/oauth-ssh is orthogonal to the SciTokens patch (i.e., we'd want oauth-ssh to support oidc-agent with any token type/provider). If so, maybe you could open an issue about oidc-agent integration at https://github.com/XSEDE/oauth-ssh/issues. I'm happy for the SciTokens project to contribute SciTokens functionality to oauth-ssh, but I think the responsibility for overall oauth-ssh features/interop belongs to XSEDE.
Does oidc-agent already work with SciTokens? https://github.com/indigo-dc/oidc-agent/issues/225 makes me hopeful, but I'm not finding anything about SciTokens at https://indigo-dc.gitbook.io/oidc-agent/.
Regards,
Jim
________________________________________
From: Brian Bockelman <bock...@gmail.com>
Sent: Saturday, January 18, 2020 3:45 AM
To: Basney, Jim
Cc: SciTokens Discussion
Subject: Re: SciTokens for SSH