[gin-auth] Re: Nightly cron for DN list dump ?

Mon Mar 20 10:27:12 CST 2006

WooHoo !! Trying for TRIPLE POINTS, I give you Oscar Koeroo !!

Hat's off to you Oscar !  I see the webpage (nice variety of  
registrants already!) but
I'm not even able to test all the advanced modes myself to do the  
scoring ! Judges ?

Stephen got me registered as an admin on the Wiki so I'll see if I  
can get this listed there today (and for my difficulty bonus I'll try  
to edit the GIN GridForge page to link in the Wiki ;-).

Thanks !!
Dane

On Mar 17, 2006, at 6:42 AM, Oscar Koeroo wrote:

> Hi Dane and others,
>
> I've create a crontab to supply a non-secured grid-mapfile. The  
> crontab is set to execute each 6 hours of each day to provide the  
> controlled priviledge leak :-)
> The location is here: http://kuiken.nikhef.nl/gin.ggf.org/grid-mapfile
>
> I've also written my first RSS file. I hope I have understood the  
> standard correctly.
> The feed contains two channels "unsecured_gin.ggf.org" and  
> "secured_gin.ggf.org". Both have simulair settings, but the secured  
> is using the direct weblink that will be used by the mkgridmap  
> script to the XML though an HTTPS connection and the other is my  
> crontab-created grid-mapfile.
>
> It seems that Thunderbird has a minor bug. I get two messages there  
> but both are listed as Sended by 'unsecured_gin.ggf.org', clicking  
> on them work perfectly. The secure connection need a valid  
> certificate to mutually authenticate the content of the feed, de  
> default error is -12229. This is good behaviour :-)
> ps: I'll not update the secured feed because it is linked to the  
> direct database list creation method on the VOMS Admin.
>
> Comments/improvements are always welcome.
>
>
>    Oscar - your feeding VO-Admin
>
>
>
> Dane Skow wrote:
>
>>
>> Oscar,
>>
>> Would it be possible to setup a nightly cronjob to dump the DN  
>> list  from this VOMS server to a webpage someplace ? That way  
>> anyone who  has not setup the edg-makegridmapfile scripts or  
>> equivalent automata  can grab the list and manage the appropriate  
>> snippet for a  gridmapfile by hand ? That helps lower the bar for  
>> bootstrapping one  more notch.
>>
>> The UK folks have offered their WIKI server as a headquarters for   
>> this kind of contributed links. I'll send info (or Stephen will   
>> directly) with the link soon.
>>
>> Double Bonus points if you make the webpage an RSS feed ;-))  (so  
>> one  can get notice of updates)
>>
>> Cheers,
>> Dane
>>
>> On Mar 14, 2006, at 8:09 AM, Oscar Koeroo wrote:
>>
>>> Hello everybody,
>>>
>>> The GIN VO name has been change from 'GIN-GGF-ORG' to  
>>> 'gin.ggf.org'  with the approval of the security area directroy  
>>> to use the ggf.org  domain name.
>>> All other configurations and registration have stayed  
>>> persistently.  Which means, the same portnumbers do apply on the  
>>> same server with  the same certificate.
>>>
>>> Though the web site as been move to:
>>> https://kuiken.nikhef.nl:8443/voms/gin.ggf.org/
>>>
>>> The configuration for the vomses file has change to:
>>>
>>> "gin.ggf.org" "kuiken.nikhef.nl" "15050" "/O=dutchgrid/O=hosts/  
>>> OU=nikhef.nl/CN=kuiken.nikhef.nl" "gin.ggf.org"
>>>
>>> And also the legacy support interface for mkgridmap has also   
>>> changed with the URL change to:
>>> group vomss://kuiken.nikhef.nl:8443/voms/gin.ggf.org  .gin.ggf.org
>>>
>>>
>>>
>>>    Oscar - /gin.ggf.org/Role=VO-Admin
>>>
>>>
>>> Oscar Koeroo wrote:
>>>
>>>> which means that I'll change the GIN-GGF-ORG VO name to:         
>>>> "gin.ggf.org"
>>>> ... if one or both security area directors approve with the  
>>>> change  and use of the "ggf.org" domain as a suffix to the GIN VO.
>>>>
>>>>    Oscar
>>>>
>>>>
>>>> Von Welch wrote:
>>>>
>>>>>
>>>>> Works for me.
>>>>>
>>>>> Von
>>>>>
>>>>>
>>>>> On Mar 13, 2006, at 12:42 PM, Olle Mulmo wrote:
>>>>>
>>>>>>
>>>>>> FYI,
>>>>>>
>>>>>> This was discussed (again) at two consecutive EGEE meetings  
>>>>>> at  CERN  last week, ending in the draft text proposed below.
>>>>>>
>>>>>> /Olle
>>>>>>
>>>>>>
>>>>>> VO Naming
>>>>>> ---------
>>>>>> The VO name is a string, used to represent the VO in all   
>>>>>> interactions
>>>>>> with grid software, such as in expressions of policy and  
>>>>>> access   rights.
>>>>>>
>>>>>> The VO name MUST be formatted as a subdomain name as specified in
>>>>>> RFC 1034 section 3.5. The VO Manager of a VO using a thus-  
>>>>>> formatted  name
>>>>>> MUST be entitled to the use of this name, when interpreted as  
>>>>>> a   name in the Internet Domain Name System.
>>>>>> This entitlement MUST stem either from a direct delegation of   
>>>>>> the  corresponding name in the Domain Name System by an   
>>>>>> accredited  registrar for
>>>>>> the next-higher level subdomain, or from a direct delegation  
>>>>>> of the
>>>>>> equivalent name in the Domain Name System by ICANN, or from  
>>>>>> the   consent
>>>>>> of the administrative or operational contact of the next- 
>>>>>> higher   equivalent
>>>>>> subdomain name for that VO name that itself is registered  
>>>>>> with  such an
>>>>>> accredited registrar.
>>>>>>
>>>>>> Considering that RFC1034 section 3.5 states that both upper   
>>>>>> case  and lower
>>>>>> case letters are allowed, but no significance is to be  
>>>>>> attached  to  the case,
>>>>>> but that today the software handling VO names may still be  
>>>>>> case   sensisitive,
>>>>>> all VO names MUST be entirely in lower case.
>>>>>>
>>>
>