Valerio Venturi (INFN)
The Virtual Organization Membership Service (VOMS) is a system for managing users in a Virtual Organization. It manages and releases user's information such as group membership, roles, and other authorization data. VOMS was born with the aim of supporting dynamic, fine grained, and multi-stakeholder access control to enable coordinate sharing in virtual organizations. The current software releases Attribute Certificates (ACs) conforming to RFC 3821. In the most adopted use pattern, ACs are embedded in proxy certificates. This proved to be a very convenient way of making user's attributes available for driving authorization of grid services. In these years VOMS has established as one of the main tools for authorization on two of the major grid infrastructure (EGEE, OSG) and as a central component in the respective grid middlewares (gLite, VDT). VOMS is also supported by GT4 Authorization framework. In the last years, the Security Assertion Markup Language (SAML) has emerged as a central standard in the field of Web Services security. We are extending VOMS to provide SAML support. This is going to make VOMS based authorization available on a larger number of grid middlewares, and especially on those which don't use proxy certificates. Following this, within the OMII-Europe project, UNICORE will integrate VOMS. Support for SAML is also going to make interoperability with Shibboleth easier. The final aim is to provide VOs with authorization tools that are consistent and homogeneous across different grid middlewares and infrastructures.