Information for VO administrators / Principal Investigators (PIs)#

Virtual Organisations are the key element of the authorisation in HDF.

Organisational#

To open up a new VO, please fill the VO Creation form with your email. Fill and send it to the HDF-AAI Mailinglist. Please use a digital signature to sign your email.

Once you have your VO you can convince services to support your VO.

You need to be able to authenticate with the assurance of RAF Cappuccino, i.e. you need to identify with your passport at your Identity Provider. (If you don’t understand this, you can probably ignore this statement).

Responsibility#

As an administrator of a Virtual Organisation you take a substantial share of responsibilities for a working process. The requirements come from the Services. Many services have requirements on the quality of the user identity assurance and on the general quality of the identity provider.

Depending on the service (often those that allow shell access, or data storage) this often requires the users to have shown a passport at their home-IdP and also the home-IdP to support certain security procedures.

International Users#

In HDF we want to enable users for which those criteria often aren’t met. Therefore, we offer the possibility to add all kinds of users to a VO, but we require the VO admin to guarantee, that an appropriate level of identity vetting has taken place. We are currently in the process of deriving a comprehensive set of guidelines to help VO admins to do their job.

Technical#

You can manage your VO under the /upman endpoint of unity. It allows you to invite users by email.

Policy#

As defined in the top level policy, VO admins have several tasks to fulfil:

Guidelines for VO Admins#

TBD