Evaluate the possibility to use VO Manager role from AAI to give access to VO ID cards
Attributes related to the VO/group membership and role information are available in AAI. Maybe it could be used to identify VO Managers .
Syntax
An entitlement value expressing group membership and role information has the following syntax (components enclosed in square brackets are OPTIONAL):
urn:mace:egi.eu:group:<GROUP>[:<SUBGROUP>*][:role=<ROLE>]#<GROUP-AUTHORITY>
where:
-
<GROUP>
is the name of a VO, research collaboration or a top level arbitrary group. names are unique within the urn:mace:egi.eu:group namespace; - zero or more
<SUBGROUP>
components represent the hierarchy of subgroups in the ; specifying sub-groups is optional - the optional
<ROLE>
component is scoped to the rightmost (sub)group; if no group information is specified, the role applies to the VO -
<GROUP-AUTHORITY>
is a non-empty string that indicates the authoritative source for the entitlement value. For example, it can be the FQDN of the group management system that is responsible for the identified group membership information