[gin] Fwd: [gin-auth] The new VOMS Server for GIN is active from now

Fri Mar 10 20:54:30 CST 2006

Thanks to our friends in EGEE, we have a VOMS server up and running  
now for registering user DNs for people participating in the GIN  
bootstrapping! As discussed in Athens, this will allow us to generate  
a specific list of users from across the grids who are involved in  
the early deployment. Eventually we will want to use the production  
VOMS services for the various VOs using services across grids, but  
this will give us some time to sort out how to make that work !

Discussion about problems or questions about this VOMS service  
specifically should go to the gin-auth at ggf.org mailing list.  There  
have been several successful registrants already from multiple grids  
so the basic tests are complete.

Regards,
Dane for Oscar and gin-auth

Begin forwarded message:

> From: Oscar Koeroo <okoeroo at nikhef.nl>
> Date: March 3, 2006 7:17:31 AM CST
> To: gin-auth at ggf.org
> Subject: [gin-auth] The new VOMS Server for GIN is active from now
>
> Hi all,
>
> Trying to incorporate all ideas of the VO naming debate into a live  
> and kicking VO-name I gave it my own twist and created 'GIN-GGF- 
> ORG'. This VO name can be changed when we have a common agreement  
> on the VO naming convention.
>
> The server is 'kuiken.nikhef.nl' which is running the EGEE/Glite  
> VOMS services VOMS-Admin and the VOMS (core) daemon. This means  
> that the Fully Qualified Attribute Names (FQANs) are in the format of:
> /GIN-GGF-ORG
> /GIN-GGF-ORG/<group 1>
> /GIN-GGF-ORG/<group 1>/<sub group 1>
> /GIN-GGF-ORG/Role=VO-Admin
> /GIN-GGF-ORG/<group 1>/Role=<your role here>
>
> The set of CAs is compliant with the newest classic-IGTF which  
> should be suffient, if not, please mail me.
>
>
> Registration info:
> The URL of the website is: https://kuiken.nikhef.nl:8443/voms/GIN- 
> GGF-ORG/
> A direct link to the registration page is: https://kuiken.nikhef.nl: 
> 8443/voms/GIN-GGF-ORG/webui/request/user/create
>
> Config info:
> The link to the configuration page is: https://kuiken.nikhef.nl: 
> 8443/voms/GIN-GGF-ORG/webui/config
> Basicly the VOMS daemon is running on portnumber 15050.
>
> For voms-proxy-init (the ~/.vomses or /opt/glite/etc/vomses/GIN-GGF- 
> ORG file):
> "GIN-GGF-ORG" "kuiken.nikhef.nl" "15050" "/O=dutchgrid/O=hosts/ 
> OU=nikhef.nl/CN=kuiken.nikhef.nl" "GIN-GGF-ORG"
>
> For mkgridmap.conf:
> group vomss://kuiken.nikhef.nl:8443/voms/GIN-GGF-ORG  .GIN-GGF-ORG
>
> VOMS Host cert:
> Because there's not a common way of supplying the hostcert of the  
> VOMS server, I've attached it in the mail.
>
>
> cheers,
>
>    Oscar "/GIN-GGF-ORG/Role=VO-Admin" Koeroo
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 841 (0x349)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=NL, O=NIKHEF, CN=NIKHEF medium-security  
> certification auth
>         Validity
>             Not Before: Dec  9 00:00:00 2005 GMT
>             Not After : Dec  9 18:24:27 2006 GMT
>         Subject: O=dutchgrid, O=hosts, OU=nikhef.nl,  
> CN=kuiken.nikhef.nl
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (2048 bit)
>                 Modulus (2048 bit):
>                     00:c1:3b:56:f7:35:83:e8:7b:71:52:b9:74:91:0f:
>                     1f:09:1b:98:c3:b6:ce:f0:66:19:91:61:59:a3:57:
>                     33:e1:e5:b5:24:56:57:5b:96:c3:7b:6a:ce:ec:4f:
>                     70:6e:ab:00:7a:17:00:9c:9f:53:60:8e:21:ac:0f:
>                     40:06:87:4c:ba:fc:61:a6:83:6c:22:ca:40:52:cd:
>                     94:30:cc:60:30:c8:3a:47:00:21:bd:e7:c1:52:8d:
>                     25:33:62:ec:cf:2c:9d:dd:f5:73:de:d4:29:fe:49:
>                     99:f2:93:a1:b9:20:f1:44:d9:9d:c3:bc:53:af:45:
>                     97:06:1a:42:30:81:69:9b:db:a9:07:98:4a:c3:8d:
>                     77:22:1b:19:5b:6c:c5:54:16:ce:88:9b:3d:af:0a:
>                     2c:73:b9:19:58:7d:59:9d:5e:ea:39:10:c1:a0:e4:
>                     af:03:1c:b3:84:ff:f3:2f:d2:00:8c:ef:f3:f0:bf:
>                     7c:61:99:b7:5c:84:d1:d9:ef:68:17:dd:d3:f9:ec:
>                     b0:f9:38:69:b3:8f:e3:0c:3e:bf:1d:e9:75:bb:18:
>                     b1:40:e3:9b:a4:81:b0:28:14:3c:cf:f7:3c:63:3f:
>                     a2:e0:97:a8:37:9b:93:c1:9d:4b:cb:cb:16:22:a6:
>                     a5:4a:ce:9a:5f:c5:43:29:44:65:e0:3e:7a:f0:0e:
>                     27:91
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Basic Constraints: critical
>                 CA:FALSE
>             X509v3 Key Usage: critical
>                 Digital Signature, Non Repudiation, Key  
> Encipherment, Data Encipherment
>             X509v3 CRL Distribution Points:
>                 URI:http://ca.dutchgrid.nl/medium/cacrl.pem
>
>             X509v3 Certificate Policies:
>                 Policy: 1.3.6.1.4.1.10434.4.2.2.1.2.2
>
>             X509v3 Authority Key Identifier:
>                 keyid:5B:05:3A:99:C6:D5:22:BD:FD:94:80:FC: 
> 11:A8:D0:F1:71:D6:4B:A4
>                 DirName:/C=NL/O=NIKHEF/CN=NIKHEF medium-security  
> certification auth
>                 serial:00
>
>             X509v3 Subject Key Identifier:
>                 06:EC:70:D8:72:63:F4:26:03:8A:A1:61:5D:A1:0F:C9:8F: 
> 77:5E:AB
>             Netscape Cert Type:
>                 SSL Client, SSL Server, S/MIME
>             Netscape CA Policy Url:
>                 http://ca.dutchgrid.nl/medium/policy/
>             Netscape Comment:
>                 Certificate issued under DutchGrid medium-security  
> policy version 2.2;limited liabilities apply, see http:// 
> ca.dutchgrid.nl/medium/policy/ for details;Certificate Tag:  
> 409bd7a6-c13b56
>             X509v3 Subject Alternative Name:
>                 DNS:kuiken.nikhef.nl
>     Signature Algorithm: sha1WithRSAEncryption
>         79:7c:67:65:0f:21:09:07:af:39:0b:9c:1e:3f:79:cb:1e:44:
>         ee:9d:1c:74:e4:5e:16:59:88:03:55:27:5f:a5:85:0c:c9:d7:
>         dd:a5:1e:0d:fa:82:26:40:b5:fd:8b:c8:3a:f9:d4:ff:8a:12:
>         a0:4b:59:5c:77:2d:1c:f4:77:20:a4:fc:34:60:9b:72:af:53:
>         8f:f4:76:77:6d:8c:7c:d7:08:ba:da:f7:fd:15:83:d8:77:6d:
>         64:8e:31:64:be:82:85:13:9f:bf:44:d3:b5:8f:7e:ff:9e:62:
>         4d:01:e5:82:b5:46:19:c1:a6:89:80:9f:7b:d4:54:f9:bc:df:
>         b4:5a:9b:65:b6:13:2b:ae:2b:4b:c4:4c:82:84:3d:33:57:ef:
>         4a:44:3e:c7:42:25:c0:ef:0e:ca:9f:07:57:04:4b:e2:df:e7:
>         15:f9:9b:92:01:09:ad:f1:66:b1:fb:f1:6c:be:ff:e2:a8:bb:
>         07:8d:90:ae:68:41:74:bd:b3:66:44:04:c3:fd:7b:e3:cb:dc:
>         c9:9b:1f:ea:42:9f:a8:00:5d:31:5c:0b:99:fb:85:ea:70:10:
>         0f:97:94:bb:0d:dd:d3:e4:9c:66:1d:d0:06:a4:cd:df:36:e8:
>         20:c2:82:eb:ae:32:8b:2a:8c:5e:7f:8a:fa:98:98:e2:40:aa:
>         dd:62:df:b9
> -----BEGIN CERTIFICATE-----
> MIIFZzCCBE+gAwIBAgICA0kwDQYJKoZIhvcNAQEFBQAwUjELMAkGA1UEBhMCTkwx
> DzANBgNVBAoTBk5JS0hFRjEyMDAGA1UEAxMpTklLSEVGIG1lZGl1bS1zZWN1cml0
> eSBjZXJ0aWZpY2F0aW9uIGF1dGgwHhcNMDUxMjA5MDAwMDAwWhcNMDYxMjA5MTgy
> NDI3WjBTMRIwEAYDVQQKEwlkdXRjaGdyaWQxDjAMBgNVBAoTBWhvc3RzMRIwEAYD
> VQQLEwluaWtoZWYubmwxGTAXBgNVBAMTEGt1aWtlbi5uaWtoZWYubmwwggEiMA0G
> CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBO1b3NYPoe3FSuXSRDx8JG5jDts7w
> ZhmRYVmjVzPh5bUkVldblsN7as7sT3BuqwB6FwCcn1NgjiGsD0AGh0y6/GGmg2wi
> ykBSzZQwzGAwyDpHACG958FSjSUzYuzPLJ3d9XPe1Cn+SZnyk6G5IPFE2Z3DvFOv
> RZcGGkIwgWmb26kHmErDjXciGxlbbMVUFs6Imz2vCixzuRlYfVmdXuo5EMGg5K8D
> HLOE//Mv0gCM7/Pwv3xhmbdchNHZ72gX3dP57LD5OGmzj+MMPr8d6XW7GLFA45uk
> gbAoFDzP9zxjP6Lgl6g3m5PBnUvLyxYipqVKzppfxUMpRGXgPnrwDieRAgMBAAGj
> ggJEMIICQDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DA4BgNVHR8EMTAv
> MC2gK6AphidodHRwOi8vY2EuZHV0Y2hncmlkLm5sL21lZGl1bS9jYWNybC5wZW0w
> GgYDVR0gBBMwETAPBg0rBgEEAdFCBAICAQICMHoGA1UdIwRzMHGAFFsFOpnG1SK9
> /ZSA/BGo0PFx1kukoVakVDBSMQswCQYDVQQGEwJOTDEPMA0GA1UEChMGTklLSEVG
> MTIwMAYDVQQDEylOSUtIRUYgbWVkaXVtLXNlY3VyaXR5IGNlcnRpZmljYXRpb24g
> YXV0aIIBADAdBgNVHQ4EFgQUBuxw2HJj9CYDiqFhXaEPyY93XqswEQYJYIZIAYb4
> QgEBBAQDAgXgMDQGCWCGSAGG+EIBCAQnFiVodHRwOi8vY2EuZHV0Y2hncmlkLm5s
> L21lZGl1bS9wb2xpY3kvMIHIBglghkgBhvhCAQ0EgboWgbdDZXJ0aWZpY2F0ZSBp
> c3N1ZWQgdW5kZXIgRHV0Y2hHcmlkIG1lZGl1bS1zZWN1cml0eSBwb2xpY3kgdmVy
> c2lvbiAyLjI7bGltaXRlZCBsaWFiaWxpdGllcyBhcHBseSwgc2VlIGh0dHA6Ly9j
> YS5kdXRjaGdyaWQubmwvbWVkaXVtL3BvbGljeS8gZm9yIGRldGFpbHM7Q2VydGlm
> aWNhdGUgVGFnOiA0MDliZDdhNi1jMTNiNTYwGwYDVR0RBBQwEoIQa3Vpa2VuLm5p
> a2hlZi5ubDANBgkqhkiG9w0BAQUFAAOCAQEAeXxnZQ8hCQevOQucHj95yx5E7p0c
> dOReFlmIA1UnX6WFDMnX3aUeDfqCJkC1/YvIOvnU/4oSoEtZXHctHPR3IKT8NGCb
> cq9Tj/R2d22MfNcIutr3/RWD2HdtZI4xZL6ChROfv0TTtY9+/55iTQHlgrVGGcGm
> iYCfe9RU+bzftFqbZbYTK64rS8RMgoQ9M1fvSkQ+x0IlwO8Oyp8HVwRL4t/nFfmb
> kgEJrfFmsfvxbL7/4qi7B42QrmhBdL2zZkQEw/1748vcyZsf6kKfqABdMVwLmfuF
> 6nAQD5eUuw3d0+ScZh3QBqTN3zboIMKC664yiyqMXn+K+piY4kCq3WLfuQ==
> -----END CERTIFICATE-----