DRAFT Proposal to the 2004-07-13 Grid Deployment Board (GDB)

by the Task Force for meeting LCG User Registration and VO management requirements

1. Meet the robust registration process as now proposed in the Requirements document https://edms.cern.ch/file/428034/2/LCG_User_Registration.pdf.
2. Investigate the use of existing sources of membership information. Given the existence of an ORGanisational DataBase (ORGDB) everywhere and, for the LCG Grid specifically, due to the rule that LHC collaborators have to register in the CERN HR database, this will be the only ORGDB considered by the TF.
3. Achieve all possible compatibility between the requirements and existing proposed solutions, namely, investigate the technicalities of VOMS and VOX/VOMRS interfacing to ORGDB.
   

Actions performed so far by the TF:

• Spoke with the ORGDB experts i.e. the CERN HR database administrators, the PIE interface technical managers, the Head of the Users' Office (UO).
• Contacted the LHC Experiments’ Computing Coordinators via a Questionnaire, answered by the experiments' secretariats, in order for us to understand the current User Registration procedures in ORGDB.
• Evaluated the usability of ORGDB as an information source for LCG membership data.
• Started investigating ways to interface existing tools’ (VOMS and VOMRS) with ORGDB.
• Prepared this proposal.
  

Definitions, relevant to this proposal taken from the Registration Requirements document:
o Personal user data: Family Name, Given Name, Institute name (i.e. the user’s employing institute), Contact Phone number.
o Registration Data: Authentication (AuthN) related information, i.e. Personal user data, Email address, DistinguishedName (DN) extracted from a valid personal digital certificate issued by his/her Certification Authority (CA).
o Site: An institute which is providing one or more Services to the Grid.
o VO Database: Authorisation (AuthZ) related information, i.e. the user's role(s) in the VO. His/her access rights to a resource and on data stored at it will depend on this information.
o VO manager: The responsible person recording in the VO Database, after appropriate checks, the status of a member of the VO, i.e. performing user entries, assignment of roles, information updates and user removals. The VO management function can be performed by a group of persons delegated by the VO manager.
o Usage Rules: The rules (sometimes mentioned as Guidelines) governing the use of Grid resources.

The proposal:
This proposal covers the above-described Goals 1 and 2. Technical investigation for the fulfillment of Goal 3 still continues.

The LCG Requirements document explains: "The main objective of the registration process is to collect the user’s Registration Data. Duplication of Personal user data and the procedures of validation and authentication should be avoided so that Grid users register only once and their Registration data are checked only in a single place.
Robust documented verification procedures must be used to establish the link between a person, his/her Registration data and the associated AuthZ data."

The TF, trying to satisfy the requirement on non-duplication of information and procedures proposes:

1. Two databases will be involved in the Registration process:
   1. The ORGDB, containing the user's Authentication (AuthN) information.
   2. The VODB, containing the user's Authorisation (AuthZ) information.
2. Personal user Data will only reside in ORGDB but they will not be fed automatically in VODB. It will be the VO manager who will have to take action in order to enable the candidate entries. Private user information, e.g. salary, children etc, will not be accessible at all.
3. The VODB will contain the user's DN, his/her acceptance of the Usage Rules and the indication/flag showing whether he/she is in "Suspended Status". No Personal user data will be present in the VODB. These will all be linked dynamically from the ORGDB record of the user via his/her Unique IDentifier in ORGDB, which will be stored in VODB.
4. DN verification is still the responsibility of the VO manager.
5. All VODB candidates, including EXTN users, register in ORGDB before applying to the VO. Users, attempting a VODB registration, who are absent from ORGDB, will have to be prompted to register there first. Access to Registration Data for authorised public, e.g. site administrators, will be possible via queries to the VODB. No direct access to ORGDB will be allowed.
6. All re-newable users whose Participation_End_Date is reached in ORGDB will be unable to run their Grid jobs because they will be suspended automatically from VODB, unless they take the required actions to renew their ORGDB registration.
   

TF's concerns:

• The user's DN is not captured at ORGDB registration time. It is part of the Registration Data, as defined in the Requirements document, but is only present in the VODB.
• EXTN users, potentially numerous in the LCG community, who remain in CERN HR db with out-of-date information. Their ORGDB registration undergoes very little validation from the experiment secretariats e.g. the Team Leader doesn't have to sign to authorise an EXTN user entry and the UO doesn't get involved.
• Users who want to be part of a VO even if their Institute doesn't participate in it.
• Users who want to be in multiple VOs for testing purposes, affiliation not justified by their ORGDB record.
• Participation_End_Date, is not managed in ORGDB, i.e. users are not deleted when this date is reached. However, it should trigger a user renewal/removal from the VODB according to the Requirements document.
  

The Members:
Maria Dimou (LCG Registrar and DTeam VO manager, Editor), Joni Hahkala (VOMS admin. development Leader), David Kelsey (LCG Security Group Leader), Tanya Levshina (VOX Project leader), Ian Neilson (TF coordinator, LCG Security Officer).