Speaker
Valerio Venturi
(INFN)
Description
The Virtual Organization Membership Service (VOMS) is a system for managing users in
a Virtual Organization. It manages and releases user's information such as group
membership, roles, and other authorization data. VOMS was born with the aim of
supporting dynamic, fine grained, and multi-stakeholder access control to enable
coordinate sharing in virtual organizations.
The current software releases Attribute Certificates (ACs) conforming to RFC 3821. In
the most adopted use pattern, ACs are embedded in proxy certificates. This proved to
be a very convenient way of making user's attributes available for driving
authorization of grid services. In these years VOMS has established as one of the
main tools for authorization on two of the major grid infrastructure (EGEE, OSG) and
as a central component in the respective grid middlewares (gLite, VDT). VOMS is also
supported by GT4 Authorization framework.
In the last years, the Security Assertion Markup Language (SAML) has emerged as a
central standard in the field of Web Services security. We are extending VOMS to
provide SAML support. This is going to make VOMS based authorization available on a
larger number of grid middlewares, and especially on those which don't use proxy
certificates. Following this, within the OMII-Europe project, UNICORE will integrate
VOMS. Support for SAML is also going to make interoperability with Shibboleth easier.
The final aim is to
provide VOs with authorization tools that are consistent and homogeneous across
different grid middlewares and infrastructures.
Primary authors
Andrea Ceccanti
(INFN)
Antonia Ghiselli
(INFN)
Federico Stagni
(INFN)
Valerio Venturi
(INFN)
Vincenzo Ciaschini
(INFN)
