VOMS Communication Protocol
Communication happens via GSI or SSL, with mutual authentication, confidentiality, and integrity on.
There are two messages: First the client sends the following message:
<xml version="1.0" encoding = "US-ASCII"?>
<voms>
<command>COMMAND</command>+
<order>ORDER</order>?
<targets>TARGETS</targets>?
<lifetime>N</lifetime>?
<base64>B</base64>?
<version>V</version>?
</voms>
Where COMMAND is one of:
- Ggroupname -- Gets all group and subgroup information.
- Rrolename -- Gets all roles with name 'rolename'.
- Bgroupname:rolename -- Gets role 'rolename' in group 'groupname'.
- A -- Gets everything.
- L -- List all special queries. (deprecated)
- S -- Executes query . (deprecated)
- M -- Gets a list of all possible FQANs
- -- Gets the specified FQAN.
Where ORDER is:
groupname:rolename,...,groupname:rolename -- The listed FQAN will be first in the AC, in the specified order, the others will follow, in an unspecified order.
Where TARGET is:
target1,..,targetn -- The targets to put in the omonymous extensions. These are supposed to be fully qualified hostnames.
Where N is:
Lifetime, in seconds. Default = 86400 (24 hours)
Where B is:
- -- Asks for OpenSSL compliant Base64 encoding rather than the one specified below (requires 1.8 server)
- -- Uses the custom Base64 encoding specified below.
If missing, 0 is assumed.
Where V is the version of the message. Current version is 4. If absent, version is 1.
, , and are optional.
may be repeated any number of times.
Now, the server returns an answer, in the following format:
<xml version="1.0" encoding = "US-ASCII"?>
<vomsans>
<error> (0..1) times
<item> (0..n) times
<number>N</number>
<message>MESSAGE</message>
</item>
</error>
<bitstr>CODEDDATA</bitstr>
<ac>CODEDAC</ac>
<version>V</version>
</vomsans>
Where N is the error code, and MESSAGE the corresponding message.
CODEDAC is the 'AC returned, in base 64.
CODEDDATA is the output of the 'M', 'S', 'L' commands, in base64.
V is the version of the answer. If missing 1 is assumed, 3 is the current value.
Independent implementations of this encoding should be able to accept unexpected elements in both the request and answer messages, and ignore them.
Base 64 Custom Encoding
6 bit -> [a-zA-Z0-9[]]
Behaviour of Contact() and related calls:
Contact() does this:
- Loads the user's proxy.
- Contacts the server in mutual authentication.
- Sends the request, created taking into consideration preceding calls to SetLifetime() and Order(), if any.
- Receives an answer.
- If the answer contains an error or a warning, makes the code and message available for calls to vomsdata methods. If it is an error and not a warning, execution ends.
- Extracts the AC from the answer.
- Verifies the AC according to preceding calls to SetVerificationType()
- Puts the AC and the results of its parsing in the 'voms' vector.
-- VincenzoCiaschini - 16 Jul 2008