Features

The fundamental UVOS features are:

• storing identities of grid users and other identifiable components (for example servers),
• organising identities in hierarchical groups,
• assigning arbitrary attributes to users in various ways,
• supporting registrations requests (also called as 'VO applications'),
• supporting authentication of web-browser based grid clients (from version 1.2).

UVOS exposes all those features as a remotely accessible operations (through a web services mechanism) with authorisation and authentication of access.

Typical usage patterns of the UVOS system include, but are not limited to:

• grid node access authorization support, which enables granting access to members of a particular group or owners of selected attributes,
• mapping grid user identity onto another one (usually in different format),
• storing dynamic and static information about grid entities.

The UVOS system is build upon well established standards. For instance, all query operations used by clients are available through the SAML 2 protocol. Moreover, the following optional SAML profiles are implemented to ensure interoperability:

• SAML Attribute Query Deployment Profile for X.509 Subjects,
• SAML Attribute Self-Query Deployment Profile for X.509 Subjects,
• OGSA Attribute Exchange Profile Version 1.2,
• XACML Attribute Profile.

Main components

The system is composed of the following elements (in italics there is a name of the distribution package):

UVOS server

(uvos) main part of the software implementing the functionality described above. It can be extended with additional servlet modules.

UVOS command line client (CLC) and library

(uvos-client) CLC is a simple client application which can be used both interactively and in batch mode. It is useful for administrators and allows them to invoke every UVOS operation (except of SAML query operations). However usage of CLC to perform some operations can be difficult as an interface is quite simple. The package contains also a client side library useful for developers who want to access UVOS server.

UVOS graphical management client

(VOManager) is a powerful administration utility, providing an easy to use GUI for performing most of UVOS (and its contents) management.

Web VO applications module

(uvos-webapp) is a UVOS server extension providing a web interface for users who want to apply for a VO account.

Web authentication module

(uvos-webauth, available from version 1.2) is a UVOS server extension providing implementation of HTTP POST binding of SAML Authentication protocol. More simply it is useful when portals or other WWW sites should authenticate their users using UVOS server. Such a site redirects client's web browser to the uvos-webauth, user logins there and appropriate response is returned to the originating site (where client's web browser is redirected back).

License

UVOS is distributed on the Open Source license. You can read it here: ICM license.