VOX/VOMS deployment plan

DRAFT
Last Update: 2004-07-23

Preamble:

Readers wishing to read more about the Virtual Organisation Management System and how its evaluation, testing and deployment activity started in LCG are invited to visit the original notes on the subject. A repository of working documents, including useful references is available to anyone insterested in this activity.

Contacts:

Vincenzo.Ciaschini@cnaf.infn.it (VOMS core service development)
Maria.Dimou@cern.ch (member of the User Registration Task Force and responsible for LCG VOX/ VOMS planning, installation, evaluation)
Enrico.Ferro@pd.infn.it (VOMS - LCAS - LCMAPS integration and testing for INFN)
Joni.Hahkala@cern.ch (member of the User Registration Task Force and VOMS development coordinator in EGEE)
Dave Kelsey (Joint Security Group chair, member of the User Registration Task Force)
Tanya Levshina <tlevshin@hppc.fnal.gov> (member of the User Registration Task Force and VOX project Leader. This page can be opened by people whose certificates are registered)
Karoly.Lorentey@cern.ch (member of the User Registration Task Force and VOMS admin and registration modules' development)
Ian.Neilson@cern.ch (User Registration Task Force coordinator, LCG Security Officer)
Di.Qing@cern.ch, Marco.Serra@cern.ch (LCG testbed managers of the Certification & Testing team)
Ian Bird@cern.ch, Flavia.Donno@cern.ch, Zdenek.Sekera@cern.ch, Markus.Schulz@cern.ch (LCG deployment management)
Erwin.Laure@cern.ch,Frederic.Hemmer@cern.ch (EGEE management)

Actions:

We already run a VOMS server in the CERN Grid Deployment team, which gets automatically synchronised with the LDAP LCG VOs' data every 4 hours. Our first practical aim is to over-come the problems we are meeting so far in having a complete match of data coming from LDAP or VOMS, when generating the grid-map file from VOMS.

It is a requirement of the LCG management to establish a collaboration amongst the most complete user registration management tools, namely VOMS and VOX/VOMS, in order to achieve the full functionality needed, for use by the LCG VO managers in a non-LDAP-based future. Our immediate technical aim is to evaluate the tools' functionality and to agree on common development to achieve compliance to the User Registration and VO Membership Management Requirements.

LCG's aim was to have in Spring 2005 an operational and documented new User Registration Service (replacing https://lcg-registrar.cern.ch), fully integrated in the rest of the LCG service components, with the additional authorisation functionality in terms of user's Groups and Roles deployed.

However, the User Registration Task Force (TF) (Mandate) aims at making tools compliant to the new GDB-approved User Registration Requirements by extending their functionality according to the (also GDB-approved) proposal. The development that will be required to achieve this goal will determine the end-date of the whole process.

VOMS development activities in the EGEE framework are dictated by requirements that might be different from ours. However, in order to properly plan the development tasks, the deployment time-scale and the developer's time, we established a communication channel with our relevant partners in EGEE, which we should maintain open through-out this process.

Description Persons Completion
ldap-sync discrepancies Karoly a.s.a.p.
Investigate Bugzilla & savannah entries on bugs fixes and feature add-ons. Close or update the tickets with dates. Port to savannah what is worth keeping. Karoly End July for clean-up.
Karoly to write estimated-completion-date for the remaining tickets.
Configure our VOMS server (load your certificate to open this page), for all 5 LCG VOs, to allow client hosts to list the VOs. This doesn't seem to work fully today or it isn't completely understood. Karoly (for fixes)
Maria & Di for config.		 End August 2004
Configure testbed CEs to use the voms-generated grid-map file. Di &Marco for config.
Maria for documentation		 End August 2004
Investigate bugs of the present VOMS user registration prompt. The symptoms are currently described in email messages from Maria to Akos. They should be passed to Karoly and be entered in savannah. Maria-Karoly End August 2004
Operate on the testbed migration phase 1 (voms-generated grid-map) for 2 weeks. Understand what is the relevant approach for VOX/VOMRS, if different. Maria-Karoly-Marco-Di September 2004
Discuss the addition in the tools of new fields needed for auditing purposes (history, User_Registration_Date, VODB_Expiry_Date, Suspension status, >1 DNs). TF 15-17 September 2004
Select CVS location for uploading future code. The LCG location should be used for stuff that should work with the existing service. Code for the EGEE (future) requirements should go to another(!?) CVS. Karoly End September 2004 after Maria & Karoly discuss with Joni & Erwin.
Define which VOMS development part should be done by the 'core services team' and which by the admin. modules' developer. Split the tasklist and use savannah for progress follow-up. Karoly-Vincenzo End September 2004
VOX/VOMRS and VOMS evaluation: Make a table of features from the user and administrator point of view concerning functionality, differences and work-flow in the 2 tools. Maria-Karoly End September 2004
Check-point of progress in TF-required development TF End September 2004
Check-point of progress in VOX/VOMRS and VOMS evaluation. Maria-Karoly-Tanya beginning October 2004
Understand which services (config. files on CE, IS, UI, RB etc)need change in order to become VOMS-aware. Karoly mid-October 2004
Design a generic interface so that LCG-specific link between the VO management tools and the ORGanisational DataBase (ORGDB) can be plugged-in/out easily. In this way the same software will be used by non-LCG (EGEE etc) VOs. Karoly Draft presentation by End October 2004
Check-point of progress in TF-required development TF end-October 2004
Generate voms-proxy-init instead of grid-proxy-init ( migration phase 2 & 3) on the testbed nodes. Karoly-Maria-Marco-Di November 2004
Check-point of progress in TF-required development TF end November 2004
Investigate how the VOMS Roles, via the LCMAPS are mapped to Unix login/group information at the resource level. Maria-Karoly December 2004
Use LCAS/LCMAPS (available today on the testbed CE?) instead of the grid-map file with full VOMS functionality (Groups and Roles). Karoly with help by Marco-Di January 2005
Check-point of progress in TF-required development TF End-January 2005
Discontinue the grid-map file use on the testbed. Marco-Di February 2005
Check-point of progress in TF-required development TF End February 2005
Investigate pending issues with bugs and dependent applications, e.g. MyProxy, accounting etc. Karoly-Maria March 2005
Check-point of progress in TF-required development. TF March 2005
Introduce the service on the deployment nodes. Karoly-Maria with advice from the deployment team March 2005
Document installation, operation for VO managers and site managers. Maria March 2005

Maria Dimou, IT/GD Grid Infrastructure Services