Release 1.3.0 Changes (11/29/06) ------------------------------- New features and bug fixes 1. Modification of group/group role handling (see details in http://www.uscms.org/SoftwareComputing/Grid/VO/design/draft2.pdf ) a. Each group and group role has definition (https://savannah.cern.ch/bugs/?func=detailitem&item_id=14990) that will be available to the users during selection b. An administrator has means to change the group and group role definition via VOMRS interface c. A Group role can be linked/unlinked to/from a group (https://savannah.cern.ch/bugs/?func=detailitem&item_id=15244). d. An administrator should approve restricted group and group role selection before a user becomes the valid member of the group (https://savannah.cern.ch/bugs/?func=detailitem&item_id=15011). e. A member can request re-assigning to a group and a group role via VOMRS interface. The request should be approved by an administrator f. A member assigned to a subgroup is automatically assigned to all parent groups. g. A member with Denied access to a parent group is automatically removed from all subgroups and the group roles she/he is assigned within subgroups of abovementioned group. 2. Modification of AUP handling (see details at https://savannah.cern.ch/bugs/?func=detailitem&item_id=15164): a. An AUP document may be provided either by link or stored locally. b. VOMRS checks that the document was "really" read. In case when the url is provided it verifies that the link has been pressed. In case of locally stored documents it verifies that a user scrolled the text embedded in the web page to the end of the document before it allows to accept the rules. 3. In case when a user registers a new certificate or vo admin registers a new user do not ask about certificate serial number. 4. VO amdin can add a new certificate, approve it and make it a primary certificate in one step. 5. Improved performance. 6. Use contact string for db connection and store it in vomrs.xml file rather then host and db name in order to accomodate oracle connection to multiple servers. Release 1.2.3 Changes (04/14/06) ------------------------------- New features and bug fixes 1. Web UI - allows to specified the status of the certificate in search criteria for all pages dealing with certificate 2. Web UI - shows subset of CN information instead certificate subject (DN) when selection representative, group owner, managers, etc 3. Web UI - LCG registration type do not have add Institution and Site menu and do not allow to select "institution", displays "Institute" information fetched from CERN HR DB if chosen (savannah #15134) 4. Web UI - better(?) layout for group/role selection 5. Added subset of CN information in mail subject when it is relevant (savannah bug #14653) 6. Added Registration Type for each event, so different types of registration can have its own set of events Bug fixes: 1. Fixed the generation of the link in notification email, so the "(" in the certificate subject can be handled correctly 2. Fixed some error and warning, as well as some wording and labels in help pages 3. Fixed handling of expiration date for LCG Type of registration (savannah bug #15146) 4. Implemented work around for Oracle bug (savannah bug #14286) Release 1.2.2 Changes (01/01/2006) ------------------------------- New features and bug fixes 1. Full integration with SAM 2. Web UI - Show/Hide Help option on every page 3. Web UI -"Change Email Address" - displays if email is confirmed and allows to either request new confirmation (email is sent to member) or confirm email address on behave of the member) 4. Web UI - added [+] [-] in Menu Bug fixes: 1. Group de-assignment from the Applicant was discarded when Applicant is approved (https://savannah.cern.ch/bugs/?func=detailitem&item_id=14285) 2. For LCG type of registration the selection of non-persistent data is performed only when selected 3. Fixed web services Release 1.2.1 Changes (11/15/2005) ------------------------------- New features and bug fixes 1. VOMRS glite branch is built with new version of glite-security-util-java.jar that doesn't re-order the subject of CA certificate 2. New services (GetMbrInfo) has been created for non-General types of registration. For special registration the third party source (CERN Human Resource DB, SAM DB) will be searched only if internal information is requested. 3. VO Admin can deny member application (before only Representative can do it) 4. Added Group[Roles] selection for Set Status and Set Authorization Status. Bug fixes: 1. Multiple typos in configuration scripts 2. Mysql db schema for member_groups table (The "Removed" status has been missing from enumeration of possible statuses) 3. Change the order of multipart message (plain test first, then html) Release 1.2 Changes (9/15/2005) ------------------------------- New features and bug fixes 1. VOMRS supports now two types of database: mysql and oracle 2. Group and group role selection can be perform by a candidate during phase II of registration and by member. VO Admin, Group Owner and Manager can remove member from group/ group role. Once removed member can not select the specific group or role himself 3.Email notification is sent as multipart to accommodate mail clients that doesn't display html links 4. Personal information token can provide the list of default values 5. On-line Help can be modified per vo installation 6. Select "all" option is available on some of the web ui pages 7. SAM type of registration has been implemented 8. VO Admin can delete member (bug #50) 9. VO Administrator is now has VO-Admin role automatically assigned in VOMS if VOMRS is synchronized with VOMS. Bug fixes: #42 (de)select all on subscription page #43 "Internal Server Error" when no certificates are found #44 VOMRS ignores the email confirmation flag in soap client #45 set status page is confusing #46 Some changes to the UI, based on user complaints #47 NEW Non persistent info appended to the last name of the user... #48 "Confirmation" column on the edit email web page confusing #49 Cannot access 'site personal info' Release 1.1.2 Changes (6/21/2005) ------------------------------- New features and bug fixes 1. Event message format has been changed. Each event now contains: - the email and VO administrative role of an "issuer" of event - email of a "target" member - all the links now are referenced WEB UI and not a web service - subject contains the short description of event 2. For LCG registration type the comments are now generated when there is discrepancy with orgdb and are saved in "Comments" field 3. Changing of email address is not allowed for LCG type registration 4. Aesthetic changes in WEB UI 5. Fix the bug related to group assignment/deletion 6. Verify permission setting for vomrs.xml configuration file Release 1.1.1 Changes (5/13/2005) ------------------------------- Bug fixing release. There are a few new features as well. 1. Introduced a new level for synchronization with VOMS (level #5). If synchronization is set to this level, VOMRS server first perform synchronization with VOMS and then switch to even driven synchronization. 2. Fixed handling mysql connection timeouts 3. Fixed WEB UI bug that causes VOMRS to generate exception when trying to display "search" page after a second representative is added (when VO has just one representative the drop down list is not shown in the "search" page). 4. Do not allow the date exceeds 2037/12/31 - mysql problems with Timestamp 5. Fixed javascript calendar to work for Firefox and Netscape 6. Modified vomrs_soapclient to accept X509_USER_Proxy and vo name as / 7. Modified vomrs_configure.py: - allows any length for VO Name - allows common path name in VO VOMRS url - prompts for database name name - allows to place vomrs.xml for webapps to any place - allows to place vomrs webapps log file anywhere 8. other minor bugs Release 1.1.0 Changes (4/22/2005) ------------------------------- vomrs_thirdparty changes (v1_10): --------------------------------- ./common mail-javamail.1.3.2.jar new activation-jaf.1.0.2.jar new - the above 2 provide java mail and javabean support. xmlParserAPIs.jar replaced xml-commons-apis.jar ./edg edg-java-security-1.5.9.jar upgraded from 1.5.6 edg-voms-admin-api-0.7.5.jar upgraded from 0.7.1 ./webapps xercesImpl.jar upgraded from xerces.jar ./lcg-orgdb lcg_registration.jar new, CERN ORGDB Interface ojdbc14.jar oracle client support orai18n.jar ------------------------------ 1. Added support for /etc/init.d startup/shutdown for VOMRS server. - requires linking.. ln -s $VOMRS_LOCATION/etc/init.d/vomrs /etc/init.d/vomrs - also includes an optional VOMRS_LOCATION/etc/profile.d/vomrs.sh.template script that can be copied as vomrs.sh in same ./profile.d directory. It allows for environmental setups that might be required when when starting on system boot for things like java that may not be in the environment. ------------------------------ Major new features: 1) Registration process consists of two phases 2) User e-mail verification is required during the phase I registration and before initiation of the approval process. 3) In order to avoid storing sensitive data and redundant information the mechanism that allows interfacing organizational database (ORGDB) is provided. This mechanism allows mapping of a new member to his record in ORGDB and storing just a reference to this record in vomrs db.The sensitive is collected during second phase of the registration procedure. 4) Addition of a certificate by a VO member undergoes more scrutiny and VO administration approval is required for each such addition. 5) VO membership is controlled not only by membership status but by institutional and membership expiration dates 6) The version of the Usage Rule signed by a new member is recorded. The mechanism that allows the resigning of the new version is provided. 7) Every change of the membership status or certificate status comes with an explanation (reason) that is stored in the database. 8) The synchronization mechanism with the CA certificates located in TRUSTED_CA directory is provided. 9) Multiple changes in WEB UI menus and pages. 10) Changes in vomrs.xml files. DTD is replaced by XML Schema 11) Initial configuration script has changed in order to accommodate new features. ------------------------------ The following bugs (see http://cmssrv08.fnal.gov:3080/bugzilla/) were resolved with this release. Bug Description 32 Synchronizer was failing with a NoClassDefFoundError due to a build.xml file problem. This was only a problem for an interim test release we were attempting. (RESOLVED 8/18/04) 33 The SetMbrStatus service was not allowed if VOAdmin did not also have a Representative role. This capability for the VOAdmin was added for bug 23 which allowed the VOAdmin to approve a member on behalf of a representative (see that bug 23 for details). (RESOLVED 9/28/04) * * * * * * * * * * * * * * * * * * * * * * * * * * * Release 1.0.6 Changes (9/28/04) ------------------------------- The following bugs (see http://cmssrv08.fnal.gov:3080/bugzilla/) were resolved with this release. Bug Description 32 Synchronizer was failing with a NoClassDefFoundError due to a build.xml file problem. This was only a problem for an interim test release we were attempting. (RESOLVED 8/18/04) 33 The SetMbrStatus service was not allowed if VOAdmin did not also have a Representative role. This capability for the VOAdmin was added for bug 23 which allowed the VOAdmin to approve a member on behalf of a representative (see that bug 23 for details). (RESOLVED 9/28/04) Release 1.0.5 Changes (7/26/04) ------------------------------- The following bugs (see http://cmssrv08.fnal.gov:3080/bugzilla/) were resolved with this release. Bug Description 7 Duplicate of 10 8 Duplicate of 10 9 Duplicate of 10 10 VOMS synchronizer - has too many open files Resolution is a work-around as this appears to be a VOMS problem. The work-around is to stop/start the VOMRS servers twice a day and set synchronization period to 10 min or more. (RESOLVED 7/19/04) 12 Duplicate of 18 15 Welcome page, help pop up, etc disappear from WEB UI pages as soon as web services is used or database is hosted multiple VOs. (RESOLVED 7/19/04) 17 The usage of web services was causing the database to run out of available connections. (RESOLVED 7/20/04) 18 VOMRS dies when mysql is stopped. (RESOLVED 7/20/04) 20 Additional check to make sure VOAdmin does not mistakenly change his/her own member status. Another VOAdmin or representative should do this (RESOLVED 7/16/04) 21 Fixed problem of validating the value of member_status. This was the only column of this type that did not have a validation performed. It came to light when the API was used and was not a factor in the web ui part of the system. (RESOLVED 7/16/04) 22 Fixed problem with assigning/deassigning a site administrator (roles LRP and SiteAdmin). The creation/removal of registrations table rows was incorrect. (RESOLVED 7/19/04) 23 Added the capability for the VOAdmin to update the representative phase registration_status, in effect, allowing the VOAdmin to approve a member on behalf of an institutional representative. When performed by the VOAdmin the representative id does not change. When performed by a Representative, however, that representative is now assign to the newly approved member. (RESOLVED 7/20/04) 24 Upgraded the thirdparty edg libraries (vomrs_thirdparty) to: edg-java-security-trustmanager-1.5.6.jar edg-java-security-authorization-1.5.6.jar edg-voms-admin-api-0.7.1.jar With this upgrade, the following bouncycastle library became necessary to deploy with the webapps application: bcprov-jdk14-119.jar (RESOLVED FINALLY on 7/26/04) 25 Fixed problem with ./etc/init.d/vomrs script when responding to 'no' to the "Do you want to create/recreate the configuration files for the USCMS VO" question. (RESOLVED 7/21/04) 26 The system was not allowing the representative of an applicant to be changed. Now they can. (RESOLVED 7/21/04) 28 The RemoveGroupOwner and RemoveGroupManager were failing under conditions where the group admin was assigned ar a higher level than the removal was attempted at. The system will now give an error message when this was attempted, instead a not-so-good DBError exception. (RESOLVED 7/21/04) 29 The system was incorrectly allowing the institution of a SiteAdmin or LRP to be changed while they still retained that role. It no longer allows that to occur and generates and error message. A member having these site administrator roles must first have these role(s) removed, then the institutional affiliation can be made. If they are to assume these roles at the new institution/site, they can then be re-assigned. (RESOLVED 7/21/04) 30 Not all tomcat threads were being killed when a stop was issued. It appears that any threads started in tomcat must be established as daemon threads before being started. (RESOLVED 7/26/04) Release 1.0.4 Changes (5/20/04) ------------------------------- 1. Services table - The services table has been modified to split the roles column out into a separate table (service_roles). - This forced the elimination of the use of NULL in the roles column to indicate that anyone (member or guest) could perform the service. A new role ("Visitor") was added to the Admin type set of roles to identify this type of authorized user. - A script (services.sh) will now generate the data load for the services and service_roles tables using the services_source.data file as input. This was done this way because it was deemed easier to maintain the data in a 'spreadsheet' type format. - The ServiceDescriptor class (./database) was eliminated with this movement of functionality into the Services class. - Changes were required in some of the ./database services where SELFDN and SELFCA where part of the decision criteria. 2. ServiceBroker functionality has been moved, for the most part, to the Services class (./tables). - The service authorization process has been modified such that a single service can now be identified based on the argument set and the roles of the user. This eliminates the need to iterate through all the user's roles to determine if any were successful. - If a user is not in the VOMRS database, the role assigned for authorization purposes is 'Visitor'. If a user is in the VOMRS database, but is not in 'Approved' status for the registration phase, the role assigned is 'Applicant'. This still leaves a bit of a hole when viewing the contents of the database member_roles table as a person who was a member, but is now in a non-approved registration status (Revoked,Suspended) will be treated as an Applicant although the database shows Member. The software is controlling this and not the database which is a known open issue at this time. 3. The ant build.xml file was modified: - to break the generation of javadoc into separate targets and to look for only *.java files instead of ** files which was causing the javadoc generation to fail. - a failonerror attribute was added to some of the functions (not all support it) to force a failure of the build when errors are detected. This needs to be expanded. 4. Initial configuration of a VO using VOMRS (using the vomrs_configure script): - additional descriptions of all the required data was added so the installer is more prepared - added the population of the member_subscribers for the VOAdmin. This was not performed in the previous version. ========================================================================= 04/25/04 11:00 (weigand) ------------------------ Changes made for Bug#3 ... User can't register if ' is present in his certificate subject The problem was that NOT ALL database queries were using the PreparedStatment setString method. Thanks to Gabriele Carcassi for informing us that this method handles these conditions. I still cannot find any doc saying so, but it appears to work fine. So all DB statements all go through a couple base methods that perform the setString and getString for characters and set/getInteger for numeric database values. There are a 1 or 2 exceptions to this for cases where the SQL is built dynamically, but these do not affect string type columns which would contain special characters. The tests for DN updates (./tests/MembersDNs) has been modified to use a DN with "O'Hare" embedded in it. doc/development-guidelines.txt src/fnal/vox/vomrs/tables/CAs.java src/fnal/vox/vomrs/tables/DBTablesBase.java src/fnal/vox/vomrs/tables/EventBase.java src/fnal/vox/vomrs/tables/InterfaceNotifications.java src/fnal/vox/vomrs/tables/MemberNotifications.java src/fnal/vox/vomrs/tables/Members.java src/fnal/vox/vomrs/tables/PersonalInfos.java src/fnal/vox/vomrs/tables/SiteRegistrations.java src/fnal/vox/vomrs/tables/Sites.java test/MemberDNs.tests