Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create service accounts in EGI Check-in #664

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/actions/spelling/expect.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
ADFS
allowfullscreen
autoplay
checkin
csr
CVMFS
dearmor
Expand Down
2 changes: 1 addition & 1 deletion content/en/users/aai/check-in/faq/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
title: Frequently Asked Questions
linkTitle: FAQ
type: docs
weight: 40
weight: 60
aliases:
- /users/check-in/faq
description: >
Expand Down
47 changes: 47 additions & 0 deletions content/en/users/aai/check-in/service-accounts/_index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
title: Service Accounts
linkTitle: Service Accounts
type: docs
weight: 50
description: >
Create a Service Account using EGI Check-in
---

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would first describe what a service account is and why it would be used.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just added a brief intro, please check

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks better! We still leave too much room for confusion though. We should provide specific scenarios - a concrete example (maybe the one in the business requirement).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is currently a deprecated feature. We can document it, but it should explicitly be annotated as deprecated since we do not support it in general availability. @sebastian-luna-valero can you see if there is a Docusaurus feature which allows us to add such a warning or admonition to make it clear to readers that this feature is deprecated and unsupported?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we better wait for the resolution of EGIREQ-156 to move forward? If the feature is deprecated and unsupported, and the plan is to stop there, I would not even add this new page.

A Service Account is a special kind of account typically used by
an application or compute workload rather than a person. Service Accounts
are meant to represent the identity and authorization of an application
or service. They serve as a means for applications to authenticate and
interact with other systems, databases, or resources.

Service Accounts are particularly beneficial in scenarios where continuous
and automated operations are required, such as batch processing,
background tasks, or integration with cloud services. By using Service Accounts,
organizations can enhance security, improve efficiency, and ensure the smooth
functioning of their IT systems.

A Service Account can be created by registering an OIDC service with
the Client Credentials grant through the
[Federation Registry](https://aai.egi.eu/federation).

The required policy documents should be specified as follows:

* Privacy Policy: [https://aai.egi.eu/privacy/en](https://aai.egi.eu/privacy/en)
* Acceptable Use policy: [https://aai.egi.eu/ToU.html](https://aai.egi.eu/ToU.html)

The entitlements that need to be associated with the Service Account
can be requested by opening a GGUS ticket (see the
[Getting help section](../faq/) in the FAQ) with the
following information:

{{% alert title="Service Account request" color="info" %}}
Subject: **Add VO entitlement to service account**

I'd like to request the following entitlement values for the service account
with Client ID `<CLIENT_ID>` in the `<Production/Demo/Development>` environment
of EGI Check-in:

1. `<ENTITLEMENT1>`
2. `<ENTITLEMENT2>`
3. `...`

{{% /alert %}}
Loading