tutor:VOMS
|
VOMS (Virtual Organization Membership Service) is a system for managing authorization data within multi-institutional collaborations developed by the European DataGrid Project. VOMS provides a database of user roles and capabilities and a toolset for accessing and manipulating the database and using the database contents to generate Grid credentials for users when needed. |
The VOMS database contains authorization data that defines specific capabilities and general roles for specific users. A suite of administrative tools allow administrators to assign roles to users and manipulate capability information. A command-line tool (voms-proxy-init) allows users to generate a local proxy credential based on the contents of the VOMS database. This credential includes the basic authenticaiton information that standardGrid proxy credentials contain, but it also includes role and capability information from the VOMS server. Standard Grid applications can use the credential without using the VOMS data, whereas VOMS-aware applications can use the VOMS data to make authentication decisions regarding user requests.
VOMS allows distributed collaborations to centrally manage user roles and capabilities. The VOMS user credentials provide additional role and capability data to application service providers that can then be used to make more fully-informed authorization decisions.
Links:
