Virtual sites are a mechanism to arbitrarily group service endpoints together. The service endpoints themselves will still belong to (non-virtual) sites. This feature has originally been requested at https://rt.egi.eu/rt/Ticket/Display.html?id=987.
Virtual Site Entity
A virtual site is a new GOCDB entity containing the following information:
- Contact E-Mail
- Monitored flag (Y/N)
- Child service endpoints
- Roles held over the virtual site
A service endpoint may belong to many virtual sites and a virtual site may have many child service endpoints. The existing cardinality between (non-virtual) sites and service endpoints remains: a service endpoint may only have one parent (non-virtual) site.
We will introduce two new PI queries containing virtual site information:
- vsitename - Only return info for a specific virtual site
- scope - Only return virtual sites that are (In)visible to EGI
Example Output: XML
- dn - Limit results to user with given certificate DN
Example output: XML
When a user creates a virtual site they will be granted the role "Virtual Site Administrator" over the site. Other users will be able to request a "Virtual Site Administrator" role over the virtual site and the administrator will be able to accept or reject these requests as they see fit using the standard role management mechanism.
Any user can create a virtual site. When adding service endpoints to the site we will show a message saying: "Before adding service endpoints to this virtual site please ensure you have permission from the affected service endpoint administrators". We recommend this is defined as a formal procedure for creating a virtual site.
The following changes will be made to support virtual sites in the user interface:
- New link: "Add Virtual Site" added to the left hand menu bar
- New link: "View Virtual Sites" added to the left hand menu bar
- When viewing a virtual site the properties listed in "Virtual Site Entity" above will be shown
- My Sites will show virtual sites administered by the current user
- A virtual site cannot have a child service endpoint that doesn't have a parent site.
- A role granted over a virtual site doesn't give any permission over child service endpoints.