Hi,
Based on comments in a recent ct grid meeting i've been playing around with the terena certificates. This nice service enables members of accredited organisations to apply for a certificate while using their home instutions credential to identify themselves.
I have requested a certificate en succesfully became a member of a VO. Be carefull: Changing your certificate dn would mean you will have problems accessing your previous data.
https://tcs-escience-portal.terena.org/about_nren.php
I have one question: are these fully qualified certificates for grid use, or are their any differences? Are their any issues we would have to reckon with? Does anybody have experiences with job-submission using a terena certificate?
Thanks for your thoughts,
Tom
Available identity providers NIKHEF SARA SURFNET TERENA TUDELFT Universiteit Tilburg Vrije universiteit
Tom Visser Phone: +31617411603 Mail: tom.visser@sara.nl SARA Computing & Networking Services High Performance Computing and Visualization http://www.sara.nl
Hi Tom, all,
On 2010-08-25 13:39, Tom Visser wrote: ...
I have requested a certificate en succesfully became a member of a VO. Be carefull: Changing your certificate dn would mean you will have problems accessing your previous data.
https://tcs-escience-portal.terena.org/about_nren.php
I have one question: are these fully qualified certificates for grid use, or are their any differences? Are their any issues we would have to reckon with? Does anybody have experiences with job-submission using a terena certificate?
The main caveat you already found: the ownership of data when you have stored data without VOMS attributes. If you have your data at SARA, you need not worry: it is accessible to everyone in the VO, so once you add your new DN tothe VO it will continue to work. dCache at RUG-CIT should be the same. Similarly for data stored at Nikhef (DPM), as long as you have the default ACLs applied. (if you don't know what that means, you're OK ;-) Otherwise, the eScience Personal TCS certificates are absolutely the same, and work fine for job submission, monitoring and web application tasks like GGUS.
You can get a TERENA eScience cert now if your organsation is on the list that Tom sent, AND you have a valid enrolment there (i.e. you are an employee, or had your photo-ID checked by your home organisation at some point in time) Otherwise: ask your local IT helpdesk to pester them to sign up to TCS!
To add your new DN for the grid use: - if you are in one of the national VOs, re-register at the VO management server at https://voms.grid.sara.nl:8443/vomses and select your VO. Use your NEW certificate to connect, and register again with the VO. The VO manager will activate your new certificate.
- if you are in one of the VOs hosted at CERN, go to the VOMRS interface https://lcg-voms.cern.ch:8443/vo/VONAME/vomrs using your EXISTING certificate, and with replacing VONAME with the name of your VO. There, from the left-hand menu, you can unfold "add certificate" under member info. Choose "/C=NL/O=TERENA/CN=TERENA eScience Personal CA" as the CA for your new DN and submit your additional certificate. It will become active immediately.
Other systems usually allow to to change your DN as well (such as GGUS). Request help from grid.support@{sara,nikhef}.nl if you need help...
Enjoy the new TCS service!
DavidG.
Thanks for your thoughts,
Tom
Available identity providers NIKHEF SARA SURFNET TERENA TUDELFT Universiteit Tilburg Vrije universiteit
Tom Visser Phone: +31617411603 Mail: tom.visser@sara.nl SARA Computing & Networking Services High Performance Computing and Visualization http://www.sara.nl
ct-grid mailing list ct-grid@nikhef.nl https://mailman.nikhef.nl/mailman/listinfo/ct-grid
Dear all,
After some querying emails and talks, I wanted to let you know the status of the Terena certificates;
# we've noticed that the WMS has problems coping with this type of certificates.
GGUS ticket: https://gus.fzk.de/ws/ticket_info.php?ticket=67040
# Also we are campaigning to get more idp's connected; in short: if you are making use of the Surfnet certificate service (also for personal and servercerts), and if your organisation is a member of the Surffederation your institute can make use of this; I am aware that at least AMC, Leiden University, University Twente, University of Utrecht (not a complete list) are eligible.
Contact @ surfnet for these matters is: joost.vandijk@surfnet.nlmailto:joost.vandijk@surfnet.nl
[cid:image001.png@01CBC45E.C9835B30]
The advantage of this services is that you can obtain an X509 grid certificate in a couple of minutes, by making use of your home institutions credentials;
I sincerely hope we can get more institutes connected; and the WMS problems will be fixed soon.
Thanks,
Regards,
Tom
Tom Visser
Phone: +31617411603
Mail: tom.visser@sara.nlmailto:tom.visser@sara.nl
chat: tom.visser.sara@gmail.commailto:tom.visser.sara@gmail.com
SARA Computing & Networking Services
High Performance Computing and Visualization
-----Original Message-----
From: ct-grid-bounces@nikhef.nl [mailto:ct-grid-bounces@nikhef.nl] On Behalf
Of David Groep
Sent: woensdag 25 augustus 2010 14:12
To: ct-grid@nikhef.nl
Subject: Re: [Ct-grid] terena certificates
Hi Tom, all,
On 2010-08-25 13:39, Tom Visser wrote:
...
I have requested a certificate en succesfully became a member of a VO.
Be carefull: Changing your certificate dn would mean you will have problems
accessing your previous data.
I have one question: are these fully qualified certificates for grid use, or
are their any differences? Are their any issues we would have to reckon
with? Does anybody have experiences with job-submission using a terena
certificate?
The main caveat you already found: the ownership of data when you have
stored data without VOMS attributes. If you have your data at SARA,
you need not worry: it is accessible to everyone in the VO, so once you
add your new DN tothe VO it will continue to work. dCache at RUG-CIT should
be the same.
Similarly for data stored at Nikhef (DPM), as long as you have the default
ACLs applied. (if you don't know what that means, you're OK ;-)
Otherwise, the eScience Personal TCS certificates are absolutely the same,
and work fine for job submission, monitoring and web application tasks like
GGUS.
You can get a TERENA eScience cert now if your organsation is on the list
that Tom sent, AND you have a valid enrolment there (i.e. you are an employee,
or had your photo-ID checked by your home organisation at some point in time)
Otherwise: ask your local IT helpdesk to pester them to sign up to TCS!
To add your new DN for the grid use:
- if you are in one of the national VOs, re-register at the VO management
server at
https://voms.grid.sara.nl:8443/vomses
and select your VO. Use your NEW certificate to connect, and register
again with the VO. The VO manager will activate your new certificate.
- if you are in one of the VOs hosted at CERN, go to the VOMRS interface
https://lcg-voms.cern.ch:8443/vo/VONAME/vomrs
using your EXISTING certificate, and with replacing VONAME with the name
of your VO. There, from the left-hand menu, you can unfold "add
certificate" under member info.
Choose "/C=NL/O=TERENA/CN=TERENA eScience Personal CA" as the CA for your
new DN and submit your additional certificate. It will become active
immediately.
Other systems usually allow to to change your DN as well (such as GGUS).
Request help from grid.support@{sara,nikhef}.nlmailto:grid.support@%7bsara,nikhef%7d.nl if you need help...
Enjoy the new TCS service!
DavidG.
Thanks for your thoughts,
Tom
Available identity providers
NIKHEF
SARA
SURFNET
TERENA
TUDELFT
Universiteit Tilburg
Vrije universiteit
Tom Visser
Phone: +31617411603
Mail: tom.visser@sara.nlmailto:tom.visser@sara.nl
SARA Computing & Networking Services
High Performance Computing and Visualization
ct-grid mailing list
ct-grid@nikhef.nlmailto:ct-grid@nikhef.nl
--
David Groep
** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
ct-grid mailing list
ct-grid@nikhef.nlmailto:ct-grid@nikhef.nl
-
David Groep -
Tom Visser