JRA1.1 - EMI-1 Development and Test Plans

Responsible
Vincenzo Ciaschini
Last Update
2011-03-02
(Morris Riedel)

EMI 1 Component VOMS

The Virtual Organization Membership Service (VOMS) releases signed attribute statements about individuals stating group or VO membership as well as role possession.

  • EMI Attribute Authority Solution
  • Managed by security area
  • Part of Product Team VOMS [ Details ]
  • Component in ETICS : emi.voms [ Details ]
  • Supported Platforms : SL5 - 64 Bit
  • EMI 1 Release
    • Elements
    • Most known bug fixes provided in EMI 1
      • TBD
  • SA2 Testbed
    • 2011-02-25 : Production Version deployed [ More Details ]
    • New features not already deployed, necessary for other components to test, so urgent
    • 2011-02-25 : It looks like VOMS-Admin is also not deployed on the testbedTBD : Check (Morris, Vincenzo)
  • Test Plan (former Verification and Validation Plan)
    • 2011-02-25 : Vincenzo : I just finished version 0 of the plan. Early information is there, and REST is tested.

Overall Component Status

2011-02-25_VOMS.PNG

Mandatory Features for EMI 1 - Addressed Technical Objectives

  • EMI technical objective Security Area 5 : Agreement and full support for a common single X.509 and SAML based Attribute Authority Service. (M24)
    • Addressed by developers : [In Testing and Certification]
  • EMI technical objective Cross Area 9 : The legacy Globus security infrastructure (GSI) will be replaced with a common security solution. (M24)
    • Addressed by developers : [In Testing and Certification]

Mandatory Features for EMI 1 (ready)

The following features are implemented and considered to be part of the EMI 1 release 'Kebnekaise'.

SAML-enabled VOMS-Admin version (VOMS-SAML) will be available

  • Status:Developed; now in testing and certification phase
  • Description : SAML-VOMS is provided early in EMI-1 so that other components can adopt the interface to be released in EMI2 and EMI-3;
    • VOMS-SAML is part of voms-admin. There is no client, it is a WS interface. It is actually already deployed in gLite, and so will certainly be part of EMI 1.
  • Verification: TBD (Morris, Andrea, Vincenzo) Testing strategy definition
  • Milestone 1: 12/2010 - Development in beta quality present [Achieved]
  • Milestone 2: 01/2011 - Tests in place for continous internal JRA1 testings during 02/2011 (JRA1.7, JRA1.8) [Achieved]
  • Feature Deadline : 02/2011 [Achieved]
  • Addressing EMI technical objective Security Area 5 : Agreement and full support for a common single X.509 and SAML based Attribute Authority Service. (M24)
  • Development Task Tracker : [ Details ] Add Tracker Item for year 2 (Morris, Balazs)

VOMS 2.0 release without GSI HTTPG (Globus-free client and server release)

  • Status: Developed; now in testing and certification phase
  • Description : Will simplify the installation (+ smaller size); not dependend on Globus libraries anymore
  • 2011-03-02 : Update topic delegation in context : Delegation will never be included, since it is a feature that VOMS never used anyway. Not even when it depended on the globus libraries. This is actually what made the switch feasible while keeping backwards compatibility.
    • Talk with more information : [ More Details ]
    • This is completely transparent to the user. You can connect via GSI or via SSL and will not see any difference. Essentially has been finalized for months.
  • Verification: TBD (Morris, Andrea, Vincenzo) Testing strategy definition
  • Milestone 1: 12/2010 - Development in beta quality present [Achieved]
  • Milestone 2: 01/2011 - Tests in place for continous internal JRA1 testings during 02/2011 (JRA1.7, JRA1.8) [Achieved]
  • Feature Deadline : 02/2011 [Achieved]
  • Addressing EMI technical objective Cross Area 9 : The legacy Globus security infrastructure (GSI) will be replaced with a common security solution. (M24)
  • Development Task Tracker : [ Details ] Add Tracker Item for year 2 (Morris, Balazs)

Optional Features for EMI 1 (ready)

A RESTful interface for obtaining X.509 attribute certificates will be provided.

  • Status: Developed; now in testing and certification phase
  • Description : REST interface to obtain VOMS ACs
  • Verification: TBD(Morris, Vincenzo)
  • Milestone 1: 12/2010 - Development in beta quality present [Achieved]
  • Milestone 2: 01/2011 - Tests in place for continous internal JRA1 testings during 02/2011 (JRA1.7, JRA1.8) [Achieved]
  • Feature Deadline : 02/2011 [Achieved]
  • Addressing EMI component improvements

integration of VOMRS functionalities in VOMS-Admin

  • Status: Developed; now in testing and certification phase
    • 2011-03-02: Update from Vincenzo: Certification takes longer than expected. The integration with OrgDB will not be certified for the EMI 1 release, since it will require more testing with CERN.
  • Description : VOMRS is stopping support; rationalizing support by integrating VOMRS functionalities into VOMS-Admin
    • Paper : [ More Details ]
    • 2011-02-22 : Vincenzo: Support will be added for external VO membership databases: This is the integration with OrgDB. It is described in a chep article for 2009. This functionality was originally in VOMRS.
  • Verification: TBD(Morris, Vincenzo)
  • Milestone 1: 12/2010 - Development in beta quality present [Achieved]
  • Milestone 2: 01/2011 - Tests in place for continous internal JRA1 testings during 02/2011 (JRA1.7, JRA1.8) [Achieved]
  • Feature Deadline : 02/2011 [Achieved]
  • Addressing EMI component improvements

Usability Enhancements

  • Status: Developed; now in testing and certification phase
  • Verification: not necessary, but may become another technical objective EMI-wide due to an EGI request for better error messages (TCB/PTB work)
  • Description: Usability improvements: Better error messages, cleaner handling of invalid inputs
    • No documentation - these improvements were done as part of the testing suite
  • Feature Deadline : 02/2011 [Achieved]
  • Addressing EMI component improvements

Feature Summary for EMI 1

SAML Support w/o Globus Dependencies RESTful Interface VOMRS functionalities integrated Usability Improvements
VOMS   P P   P
VOMS-Admin P     P  

P = Production Quality
experimental = Pre-Production Quality

Optional Features towards EMI 2 (planned and/or in development)

Administrative component VOMS-Admin supports common SAML Profile Development - one attribute with common SAML Profile

  • Status: Partly developled but final agreement in security group missing
  • Description: 2011-02-18 : The profile is not yet finalized in the group, so it will not be ready by Wednesday. We hope to provide an update during EMI 1's life after the finalization.
  • Addressing EMI technical objective Security Area 1 : Agreement on a minimal common set of security attributes to be used in policies. (M12)

Status Update and Tracking

...
2011-02-25 - Morris updated page with information send from Vincenzo on status of technical objectives and features (2011-02-22)
2011-03-02 - Morris updated page with information from Vincenzo about delegation and the orgdb certification progress (2011-02-25)

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r7 - 2011-03-02 - MorrisRiedelExCern
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback