The Experiment Dashboard provides a wide range of applications for monitoring of the LHC computing activities on the WLCG infrastructure. Certain policies define privileges for data access, recording and modifications. The goal of the project is to improve the authentication and authorisation system for the Experiment Dashboard Applications.
Currently the authorisation in the Dashboard applications is based on the User’s credentials recorded in the GRID certificate. Most of applications use the X509 certificates to grant different permissions to various categories of users (like admin rights, or creation of the new metrics).
Potential improvements in this area would be to use egroups for authorisation enabling rules like ‘all people belonging to a particular
egroup will have admin rights’. Egroup is an interface to manage groups at CERN. Authorization based on egroup would provide an easy way to delegate authorization/authentication policy implementation to the group managers rather than to the support team of the monitoring services.