Access Control using JWT across multiple services

Presented by: David Schultz

Room: 1185

Time: 11:15-11:35 AM


IceCube had a need to link multiple services together with strong access control that could be detached from a user session, i.e. computing jobs. We have built a framework for multi-service authorization using JSON Web Tokens. This allows a user to create a single token with multiple access rights, give it to a computing job, and let it talk with the services on the user’s behalf. Also mentioned in the talk are security considerations for such a system, as well as deployment experiences using Kubernetes.