Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "GOCDB/Release4/Development/VSites"

From EGIWiki
Jump to navigation Jump to search
Line 61: Line 61:
# VOs and VSites: ATP uses a similar concept to VSites called [[https://twiki.cern.ch/twiki/bin/view/Main/ATPVOFeeds#ATP_VO_TOPOLOGY_FEEDS VO Topology Feeds]] to group services according to supported VO; [[https://twiki.cern.ch/twiki/pub/Main/ATPVOFeeds/atp_vo_feed_example.xml a single VO feed XML file]] defines which GOCDB services are supported by that particular VO. VSites could be used to reproduce this functionality if VO names are supported in GOCDB. Q. Is this required ?
# VOs and VSites: ATP uses a similar concept to VSites called [[https://twiki.cern.ch/twiki/bin/view/Main/ATPVOFeeds#ATP_VO_TOPOLOGY_FEEDS VO Topology Feeds]] to group services according to supported VO; [[https://twiki.cern.ch/twiki/pub/Main/ATPVOFeeds/atp_vo_feed_example.xml a single VO feed XML file]] defines which GOCDB services are supported by that particular VO. VSites could be used to reproduce this functionality if VO names are supported in GOCDB. Q. Is this required ?
-->
-->
# Will this design work for operational tools?
# Will this design work for the other operational tools?
# With this implementation, can VSites be monitored?
# With this implementation, can VSites be monitored?
# With this implementation, can VSites appear in the dashboard?
# With this implementation, can VSites appear in the dashboard?
# Will this work for the ATP folks (notice, we do not define any VO names)?
# Will this work for the ATP folks (notice, we do not define any VO names)?

Revision as of 16:34, 25 January 2012

<< Back to GOCDB/Documentation_Index
<< Back to GOCDB/Release4/Development

Virtual Sites

Introduction

Virtual sites are a mechanism to arbitrarily group existing service endpoints together. The service endpoints themselves will still belong to their parent (non-virtual/physical) sites. This feature has originally been requested at https://rt.egi.eu/rt/Ticket/Display.html?id=987.

Virtual Site Entity

A virtual site is a new GOCDB entity containing the following information:

  • Name
  • Description
  • Contact E-Mail
  • Monitored flag (Y/N)
  • Child service endpoints
  • Roles held over the virtual site

Cardinality

A single service endpoint may belong to many parent VSites and a VSite may have many child service endpoints. The existing cardinality between (non-virtual) sites and service endpoints remains: a service endpoint may only have one parent (non-virtual) site.

Vsites.png

PI Queries

We will introduce two new PI queries containing virtual site information:

get_virtual_sites

Parameters:

  • vsitename - Only return info for a specific virtual site
  • scope - Only return virtual sites that are (In)visible to EGI

Example Output: XML

get_virtual_sites_roles

Parameters:

  • dn - Limit results to user with given certificate DN

Example output: XML

Roles

When a user creates a virtual site they will be granted the role "Virtual Site Administrator" over the site. Other users will be able to request a "Virtual Site Administrator" role over the virtual site and the administrator will be able to accept or reject these requests as they see fit using the standard role management mechanism.

Security

Any user can create a virtual site. When adding service endpoints to the site we will show a message saying: "Before adding service endpoints to this virtual site please ensure you have permission from the affected service endpoint administrators". We recommend this is defined as a formal procedure for creating a virtual site. The premise is that a user creating a virtual site can easily be held accountable for their actions.

User Interface

The following changes will be made to support virtual sites in the user interface:

  • New link: "Add Virtual Site" added to the left hand menu bar
  • New link: "View Virtual Sites" added to the left hand menu bar
  • When viewing a virtual site the properties listed in "Virtual Site Entity" above will be shown
  • My Sites will show virtual sites administered by the current user

Limitations

  • A virtual site cannot have a child service endpoint that doesn't already have a parent site.
  • A role granted over a virtual site does NOT give any permission over child service endpoints.

Questions

  1. Will this design work for the other operational tools?
  2. With this implementation, can VSites be monitored?
  3. With this implementation, can VSites appear in the dashboard?
  4. Will this work for the ATP folks (notice, we do not define any VO names)?