Comparing PVA and Java VOMS-Admin functions
Following table provide key functions availability comparision in different VOMS-Admin solutions available. Functions of PVA 0.6.7, Java VOMS-Admin version 2.0.18 (reference version for PVA 0.1 implementation) and new release of Java VOMS-Admin version 2.6.1 are compared.
Provided list of features are just my own testing results of key functionality and can be extended or changed on request.
Feature | PVA 0.6.7 | Java VOMS-Admin 2.0.18 | Java VOMS-Admin 2.6.1* |
---|---|---|---|
Backend required | PHP + Apache (or any web server with SSL support like Nginx) | Java + Apache Tomcat | Java + Apache Tomcat |
Memory usage** | 90 MB | 830MB | not tested |
Averaged response time** | 1ms | 50ms | not tested |
Averaged response time (concurent)** | 2ms | 1000ms | not tested |
MySQL backend support | YES | YES | YES |
Oracle backend support | NO | YES | YES |
List served VOs | YES | YES | YES |
Display external VOMS servers | YES | NO | NO |
New member registration | YES | YES | YES |
Manage users, groups, roles and attributes | YES | YES | YES |
ACLs*** | YES (VO Preferences) | YES | YES (Personal info and Suspend) |
Transactions log | YES | NO | NO |
Replication | YES (multi-master, on demand of VO administrator using web-interface only) | NO | NO |
Event log | YES (accessible via PVA interface) | NO (Tomcat server log only) | NO (Tomcat server log only) |
Multilingual support | YES (english, ukrainian and russian translations are available) | NO (english only) | NO (english only) |
VOMSCompatibility SOAP interface | YES | YES | YES |
VOMSAdmin SOAP interfaces+ | YES | YES | YES (VOMSCertificates) |
Command line client for VO creation | YES | YES | YES |
Command line client for VO administration | YES++ (via VOMSAdmin SOAP interface) | YES (via VOMSAdmin SOAP interface) | YES (via VOMSAdmin SOAP interface) |
VO description | YES (can be changed via interface by VO admin) | NO | NO |
VO homepage URL | YES (can be changed via interface by VO admin) | NO | NO |
Request to add new VO | By VO admin via PVA interface | NO | NO |
Communication with VOMS server admin | YES (send message via PVA interface) | NO | NO |
Example EDG mkdgridmap configuration | YES (including replicas information) | YES | YES |
Example ARC nordugridmap configuration | YES (including replicas information) | NO | NO |
Leave VO | YES | NO | Apply for removal by VO admin |
Request container | NO | NO | YES |
User membership suspension | NO | NO | YES |
AUP management | NO | NO | YES |
*Java VOMS-Admin 2.6.1 was released after PVA 0.6 release candidate, so it did not tested on testbed; the source of information about available characteristics is here;
**according to performed performance testing;
***reference ACL rules are Java VOMS-Admin 2.0.x rules choosen for compatibility; additional rules specified in parenthesis.
+reference interfaces are Java VOMS-Admin 2.0.x interfaces; additional interfaces specified in parenthesis.
++PVA does not provide own command line clients; Existent voms-admin clients written in Python are compatible and can be used with PVA as is, so there is no reason to reinvent the wheel.
Notes about features, that do not supported by PVA:
1. Oracle support
Oracle is proprietary product that need to be purchased. I did not find any reason to use Oracle for VOMS purposes. VO database is small enough to operate perfectly with free MySQL backend.
Anyway, SQL interface is separate part that can be changed without affecting other PVA components. Oracle interface can be implemented in the future if it will be really necessary.
2. Request container
This feature available in latest Java VOMS-Admin only. I am keep it too long in the PVA TODO, but decided that better to implement replication rather than such option.
User roles and group membership anyway assigned (or confirmed with request available) by VO admin. Roles and groups represents rights that user have in VO, so VO Admin cannot approve role request for no special reason. This must be discussed previously on VO meetings and then role will be confirmed. So there is no much difference between assigning previously discussed role manually or apporving the request.
3. User membership suspension
This feature available in latest Java VOMS-Admin only. Interesting, but I do not think it is so important. Especially to be granted with additional permissions.
4. AUP management
This feature available in latest Java VOMS-Admin only. Interesting feature.
PVA now implement only one VO usage rules link, that can be changed in VO Preferences, but does not store AUP history. User accept AUP once, on registration process only. I will think about implementation of this feature in further versions of PVA.