What a Virtual Organisation is, how to find which one is appropriate for the user's application area, and how to apply for membership.
A Virtual Organisation (VO) is an entity which typically corresponds to a real organisation or group of people in the real world. Membership of a VO grants specific privileges to a user. For example, a user belonging to the atlas VO will be able to read ATLAS files and to use resources reserved for the ATLAS collaboration.
At present, VO names are generally short strings like cms or biomed. However, it is likely that future VOs will have names in the style of DNS names, e.g. newvo.cern.ch, to ensure that different VOs will always have distinct names.
Becoming a member of a VO usually requires membership of the corresponding collaboration; in any case, a user must comply with the rules of the VO to gain membership. A user may be expelled from a VO for failure to comply with these rules.
It is possible to belong to more than one VO, although this is unusual.
Before a user can use the EGEE infrastructure, registration of some personal data and acceptance of some usage rules are necessary and the first step is getting a valid certificate. The user must also choose a VO. The VO must ensure that all of its members have provided the necessary information, which is stored in a database maintained by the VO, and that all have accepted the usage rules. The procedure to do this vary. A list of registered VOs is availble on the grid operations web site.
Note that some VOs are local and are not registered with EGEE as a whole; in this case users should consult local documentation for information on the registration procedures.
As an example of a registration service, the LCG Registrar serves the VOs of the LHC experiments.
The registration procedure normally requires the use of a web browser with the user certificate loaded, to enable the request to be properly authenticated. Browsers normally use the PKCS12 certificate format: if the certificate was issued to a user in the PEM format it has to be converted to PKCS12. The following command can be used to perform that conversion:
openssl pkcs12 -export -inkey userkey.pem -in usercert.pem \
-out my_cert.p12 -name "My certificate"
where:
userkey.pem |
is the path to the private key file; |
usercert.pem |
is the path to the PEM certificate file; |
my_cert.p12 |
is the path for the output PKCS12-formatfile to be created; |
"My certificate" |
is an optional name which can be used to select this certificate in the browser after the user has uploaded it if the user has more than one certificate available. |
Once in PKCS12 format, the certificate can be loaded into the browser.
Instructions for some popular browsers are available.