The Virtual Organization Membership Service (The Virtual Organization Membership Service (VOMS ) is an Attribute Authority that asserts attributes for users, both in the form of X.509 Attribute Certificates and SAML Attribute Assertions.
It is actively developed within the Italian Grid community and released under the Apache 2.0 license.
VOMS is used in the Grid environment for authorisation purposes, serving as a central repository for Virtual Organization user authorisation information and providing support for organising users into group hierarchies, keeping track of their roles and other attributes.
The service follows an established client-server architecture and consists of:
- The VOMS core service (vomsd) that accesses a database (e.g. MySQL) shared with the administrative service (voms-admin);
The VOMS-Admin tool, a Web application used to manage users and their privileges within a VO;
Client tools and utilities (voms-proxy-init, voms-proxy-info, voms-proxy-destroy etc.) used to request a signed token (an Attribute Certificate compliant with RFC 3281) from a VOMS server, which carries the attributes that a person holds in a certain VO and is usually embedded inside an X.509 Proxy Certificate;
APIs for attribute-based authorisation available in Java and C/C++ bindings, enabling easy integration of VOMS-based authorisation in existing services.
Following figure shows the Architectural Design with VOMS-Admin:
Table of Contents
Features
...