Create service accounts in EGI Check-in #664
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,7 @@ | ||
| ADFS | ||
| allowfullscreen | ||
| autoplay | ||
| checkin | ||
| csr | ||
| CVMFS | ||
| dearmor | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| --- | ||
| title: Service Accounts | ||
| linkTitle: Service Accounts | ||
| type: docs | ||
| weight: 50 | ||
| description: > | ||
| Create a Service Account using EGI Check-in | ||
| --- | ||
|
|
||
|
There was a problem hiding this comment. This is currently a deprecated feature. We can document it, but it should explicitly be annotated as deprecated since we do not support it in general availability. @sebastian-luna-valero can you see if there is a Docusaurus feature which allows us to add such a warning or admonition to make it clear to readers that this feature is deprecated and unsupported? There was a problem hiding this comment. Shall we better wait for the resolution of EGIREQ-156 to move forward? If the feature is deprecated and unsupported, and the plan is to stop there, I would not even add this new page. |
||
| A Service Account is a special kind of account typically used by | ||
| an application or compute workload rather than a person. Service Accounts | ||
| are meant to represent the identity and authorization of an application | ||
| or service. They serve as a means for applications to authenticate and | ||
| interact with other systems, databases, or resources. | ||
|
|
||
| Service Accounts are particularly beneficial in scenarios where continuous | ||
| and automated operations are required, such as batch processing, | ||
| background tasks, or integration with cloud services. By using Service Accounts, | ||
| organizations can enhance security, improve efficiency, and ensure the smooth | ||
| functioning of their IT systems. | ||
|
|
||
| A Service Account can be created by registering an OIDC service with | ||
| the Client Credentials grant through the | ||
| [Federation Registry](https://aai.egi.eu/federation). | ||
|
|
||
| The required policy documents should be specified as follows: | ||
|
|
||
| * Privacy Policy: [https://aai.egi.eu/privacy/en](https://aai.egi.eu/privacy/en) | ||
| * Acceptable Use policy: [https://aai.egi.eu/ToU.html](https://aai.egi.eu/ToU.html) | ||
|
|
||
| The entitlements that need to be associated with the Service Account | ||
| can be requested by opening a GGUS ticket (see the | ||
| [Getting help section](../faq/) in the FAQ) with the | ||
| following information: | ||
|
|
||
| {{% alert title="Service Account request" color="info" %}} | ||
| Subject: **Add VO entitlement to service account** | ||
|
|
||
| I'd like to request the following entitlement values for the service account | ||
| with Client ID `<CLIENT_ID>` in the `<Production/Demo/Development>` environment | ||
| of EGI Check-in: | ||
|
|
||
| 1. `<ENTITLEMENT1>` | ||
| 2. `<ENTITLEMENT2>` | ||
| 3. `...` | ||
|
|
||
| {{% /alert %}} | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would first describe what a service account is and why it would be used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just added a brief intro, please check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, looks better! We still leave too much room for confusion though. We should provide specific scenarios - a concrete example (maybe the one in the business requirement).