Decide the fate of the site claim

[bbockelm]

In the first version of the claims language document, I laid out a site claim. This is meant to correspond to the idea if a site name within a grid community.

It's a problematic concept, to be honest:

• It's not a standardized attribute - we'd like to hew as closely to claims found in OAuth2 or OIDC.
• Site names are not standardized or globally unique. The correct site name depends on the context.
  • For example, do I work at University of Nebraska, Nebraska, or T2_US_Nebraska? It depends on whether you ask the OSG, the WLCG, or CMS.
  • This opens up the door to potential misconfigurations. How would you express such a thing in a config file? I think your service would have to maintain a mapping between issuer and correct site names.

The perceived value was the ability to issue a token that could interact with any storage endpoint associated with a site. However, how often do we expect to not know the correct value of aud when the token is requested (or attenuated)?