These should all be covered in the documents I sent. The strongest
use of VOMS is in the context of large-scale virtual organizations,
typically those associated with EGEE, Open Science Grid, PRAGMA and
other large-scale projects.
The minimal configuration of VOMS should be covered in the latter of
the two documents I sent. You will need a database to implement VOMS
- usually MySQL or Oracle. Note that voms is the membership service,
not the enforcement point. Its function is to allow users who are
part of yoru organization to register their associated certificates,
and once approved by the appropriate VOMS administrator (or others
within the VO assigned this role within VOMS to make such approvals),
then the server can take a proxy request and return a proxy in the
form of an extended attribute certificate, or (as we saw) a SAML
assertion.
The authorization associated with use of the above occurs within the
authorization structure of the resource to which the user presents
this credential. There are many authorization infrastructures in
existence that can consume a VOMS-supplied credential to enforce VO
membership at the location of the consuming resource. In Open Science
Grid, this is done using the "VO services" (formerly Privilege)
infrastructure, comprising GUMS, PRIMA, etc. The authorization
infrastructure of EGEE-related projects is currently undergoing a
transformation to a new design; in the past it has used tools like
LCAS and LCMAPS to do this.
Much of the above can be more complicated than minimally needed. If
you just want to install VOMS to try it out with minimal complication,
you can use the Virtual Data Toolkit (VDT) pre-packaged installation:
http://vdt.cs.wisc.edu/
specifically
http://vdt.cs.wisc.edu/components/voms.html
Alan
On Jan 27, 2009, at 11:18 AM, Jan Muhammad wrote:
What are the Pre-requisite for VOMS setup?
VOMS components to Install (PIP/PDP)---- This is almost there in
documents sent on gt-user list.
Where to store VOMS Server generated attributes (MySQL or local
File System)?
