Group Management Service (GMS)
This is a prototype service. Groups can be created, read, updated and deleted using two available clients: the CADC command line gmsClient or the GMS UI (authentication with CADC user/password required).
| resource | description |
|---|---|
| /gms/groups/<GROUP_NAME> | GMS group resource. Contains information regarding the group <GROUP_NAME>. <GROUP_NAME> is an unique name within the CADC GMS. Its corresponding URI that is used to refer to this group globally is ivo://cadc.nrc.ca/gms#<GROUP_NAME>. |
| /gms/members/<USER_DN> |
GMS member resource. Contains information regarding a user, including all the groups the user is member of. <USER_DN> is the X.509 Distinguished Name that identifies the user globally. |
|
/gms/groups/<GROUP_NAME>/<USER_DN> |
GMS membership resource. |
| /gms/members/<USER_DN>/<GROUP_NAME> | GMS membership resource. |
| /gms/groups?property=<value>[&property=<value>] |
GMS group search. Returns list of groups with properties that meet the specified constraints. |
| /gms/availability | VOSI availability (GET) |
Getting Access to the CADC GMS
The service only works over HTTPS. Before accessing it users need to register with CADC and open an account.
Using the service
Groups are identified with unique URIs
Ex: ivo://cadc.nrc.ca/gms#GEMINI-PI-GS-2011-Q-11
Group Members identified with their X.509 Distinguished Name
Ex: CN=Adrian Damian,OU=hia.nrc.ca,O=Grid,C=CA
Clients check user membership by accessing one of two membership resource interfaces in the resource table above.
Ex: https://dalmore/gms/groups/GEMINI-PI-GS-2011-Q-11/CN%3Dadrian%20damian%2COU%3Dhia.nrc.ca%2CO%3Dgrid%2CC%3Dca
is the URL encoded call for https://dalmore/gms/groups/GEMINI-PI-GS-2011-Q-11/CN=Adrian Damian,OU=hia.nrc.ca,O=Grid,C=CA.
Please note that only authenticated members can check their membership, so user with DN CN=Adrian Damian,OU=hia.nrc.ca,O=Grid,C=CA is authorized to make the above call.