Speaker
Mrs
Tanya Levshina
(FERMILAB)
Description
Currently, grid development projects require end users to be authenticated under the
auspices of a "recognized" organization, called a Virtual Organization (VO). A VO
establishes resource-usage agreements with grid resource providers. The VO is
responsible for authorizing its members and optionally assigning them to groups and
roles within the VO. This enables fine-grained authorization at grid sites as end
users can be assigned grid computing privileges according to their VO group/role.
The Virtual Organization Management Registration Service (VOMRS), developed at
Fermilab, provides a comprehensive set of services that facilitates management of VO
membership and privileges. It implements a registration workflow that requires email
verification of identity, VO usage policy acceptance, membership approval by
designated VO representatives/administrators, and allows for management of multiple
grid certificates, and the selection of group and role. VOMRS maintains a VO
membership status and a certificate level status for each member who is managed by
the VO administrators, allowing for VO-level control of a member's privileges and
membership. VOMRS provides a subscription service; email notifications are sent when
selected changes are made to information about a member's VO membership status and/or
when actions are required by members or administrators.
VOMRS is capable of interfacing to local systems with personnel information (e.g.,
the CERN Human Resource Database), and pulling relevant member information from them.
Such an interface can eliminate duplicate maintenance and be made to satisfy local
security requirements.
VOMRS membership data can be configured to synchronize with the VOMS system
(developed jointly for DataTAG by INFN and for DataGrid by CERN) with all approved
members' certificates and privileges.
The current architecture and state of deployment will be discussed.
Primary authors
Co-authors
Anne Heavey
(FERMILAB)
Dan Yocum
(FERMILAB)
Gabriele Carcassi
(BNL)
Ian Fisk
(FERMILAB)
Lothar Bauerdick
(FERMILAB)
Ruth Pordes
(FERMILAB)
