EDG Java Security - VOMS Admin

Virtual Organization Membership Service provides information on the user's relationship with her Virtual Organization: her groups, roles and capabilities.

single login using voms-proxy-init only at the beginning of the session (was grid-proxy-init)
expiration time: the authorization information is only valid for a limited period of time as the proxy certificate itself
backward compatibility: the extra VO related information is in the user's proxy certificate, which can be still used with non VOMS-aware services
multiple VOs: the user may "log-in" into multiple VOs and create an aggregate proxy certificate, which enables her to access resources in any of them

The service is basically a simple account database, which serves the information in a special format (VOMS credential). The VO manager can administrate it remotely using command line tools or a web interface.

The edg-voms-admin package

The basic functionality is implemented in C++ by INFN.

The extended functionality is implemented as a web service, with command line and web interfaces:

Admin: to provide the the administrative functionality.
Compatibility: to provide access to the user list for gridmap-file generation.
Request: to handle user requests for administrative events and provide a simple framework for administrators to process them.
History: to provide lookup functionality in a past timeframe, to answer questions like "was this user member of my VO last summer?"
Core: to provide the basic functionality for users.

Presentations

Presentation on the migration plans (2003. May, Barcelona) [ ppt, pdf ]
Presentation on the internals (2003. July, CERN) [ ppt, pdf ]
Presentation on the new EDG security architecture (2003. September, Heidelberg) [ ppt, pdf ]
VOMS and VOX status for VO managers (2003. November, CERN) [ ppt, pdf ]
VOMS Request Handling -- new user registration (2003. December, CERN) [ sxi, pdf ]
Presentation for the GridStart VO Security TWG (2004. January, Cyprus) [ ppt, pdf ]