VOMS administration
===================

Akos will call a meeting with all VO managers,i.e. the members of mailing lists
project-lcg-vo-[VO_name]-admin@cern.ch in order to gather requirements for 
the user registration flow.  VO data
Remarks concerning the functionality of VOMS UI and update procedure should be 
submitted with Bugzilla, e.g. http://marianne.in2p3.fr/datagrid/bugzilla/show_bug.cgi?id=2178



The mapping of VOMS credentials (VO, Group, Role) to Unix accounts and filesystem groups
========================================================================================




This is a well known problem: users belonging to the same VO can do any kind of
nasty things to each other's files. As you probably have noticed, the
/flatfiles/SE00/<VO> directories are set 775 as there is no easy way to manage
this issue.

Even if we synchronized the pool account mapping between SE and CE, this
will not help much: the cert->poolaccount mapping has to be reset (by
hand :( !!!) once in while if all the pool accounts are used. If this
happens, your user A would suddently find herself mapped to, e.g.,
dteam008 and, if she did protect her files with 700, she would not be
able to access them anymore.

The only solution to this would be certificate-driven ACLs for files
and/or finer grained VOMS access control.