From EGIWiki
Jump to: navigation, search
Main operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security

Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators

<<  EGI User Start Guide

You will find what a Virtual Organisation is, how to find which one is appropriate for the user's application area, and how to apply for membership.

Virtual Organisations

A Virtual Organisation (VO) is an entity which typically corresponds to a real organisation or group of people in the real world. Membership of a VO grants specific privileges to a user. For example, a user belonging to the atlas VO will be able to read ATLAS files and to use resources reserved for the ATLAS collaboration.

To avoid problems with conflicting names, at the present, VO are registered in the style of DNS names, e.g., where newvo is a customizable name and is an existent DNS domain. However, the VOs registered before that this rule was introduced have an old-style name as short string like cms or biomed.

Becoming a member of a VO usually requires membership of the corresponding collaboration; in any case, a user must comply with the rules of the VO to gain membership. A user may be expelled from a VO for failure to comply with these rules.

It is possible to belong to more than one VO, although this is unusual.

The Registration Service

Before a user can use the EGI infrastructure, registration of some personal data and acceptance of some usage rules are necessary and the first step is getting a valid certificate. The user must also choose a VO. The VO must ensure that all of its members have provided the necessary information, which is stored in a database maintained by the VO, and that all have accepted the usage rules. The procedure to do this vary. A list of registered VOs is availble on the grid operations web site.

Note that some VOs are national and are not registered globally in EGI; in this case users should consult local documentation for information on the registration procedures.

The registration procedure normally requires the use of a web browser with the user certificate loaded, to enable the request to be properly authenticated. Browsers normally use the PKCS12 certificate format: if the certificate was issued to a user in the PEM format it has to be converted to PKCS12. The following command can be used to perform that conversion:

openssl pkcs12 -export -inkey userkey.pem -in usercert.pem \
               -out my_cert.p12 -name "My certificate"


userkey.pem is the path to the private key file;
usercert.pem is the path to the PEM certificate file;
my_cert.p12 is the path for the output PKCS12-formatfile to be created;
"My certificate" is an optional name which can be used to select this certificate in the browser after the user has uploaded it if the user has more than one certificate available.

Once in PKCS12 format, the certificate can be loaded into the browser.