VOMS Notifications

This page is an attempt to explain the notification behaviour of VOMS admin. The base document is aimed at the current EMI-2 release of VOMS admin (2.7.0-1), but (hopefully) will be updated with changes for newer versions in the future.

It's a work in progress, the list of notifications is still incomplete.

Email notifications

VOMS admin sends email notifications to users when

• They request membership.
• They have to sign the AUP again.
• Their account gets suspended.

VOMS admin sends email notifications to VO admins when

• A user requests membership.
• Users are about to expire.
• A user got suspended.
• There are expired users.

AUP notifications

Users without a valid AUP acceptance record are notified via email and are asked to sign the AUP again. This happens under these conditions:

• There is no valid acceptance record.
• A VO admin activates a new AUP (new version). This invalidates the acceptance records of all users. Changes to the currently active AUP have no effect.
• A VO admin requests that a user signs the AUP again.
• The acceptance record has expired. The expiration date is calculated by adding the re-acceptance period (default is 365 days, can be configured by the VO admins) of the AUP to the last acceptance date.

Once the email has been sent, the user has a certain number of days (default is 15 days, can be changed on request from the VO manager) to sign the AUP, or the account is suspended (see Suspension notifications). The user can re-activate the account at any time without the help of a VO admin by signing the AUP. There is only one message sent to the user prior to account suspension.

Membership expiry notifications

In addition to the AUP lifetime (re-acceptance period), every account has a membership lifetime associated with it (default is 365 days, starting on the date the user joined the VO). The membership lifetime can only be extended by a VO admin. If the expiration date passes then the account enters a grace period (7 days by default, can be changed on the server on request of the VO manager) during which the user can still use the account. The account is suspended (see Suspension notifications) once the grace period is over. Users do not receive any prior notification about this, as they cannot do anything about it, but there are regular emails sent to the VO admins:

• If there are any expired users in the VO. This email contains two lists, one with the users which are within the grace period, and the other with the users that have already been suspended.
• If there are any users that are about to expire. This email contains a list of users which are going to expire within a defined period (default is 30 days (YAIM), or 15 days (VOMS), can be changed on the server on request of the VO manager).

Those emails are sent out once a day by default. There is an option to change that interval, but it has no effect, due to a bug. Important to note is that the last time at which those emails were sent is only stored in memory and not in the database. If the VOMS admin service is restarted (e.g., server restart, system updates, running YAIM to deploy a new VO) then the emails are sent out shortly afterwards. Therefore VO admins will be observing some inconsistency in the times at which those emails are sent.

The membership expiration can be disabled for each VO on request of a VO manager. This puts a stop to all emails mentioned in this section.

Suspension notifications

At the time a user gets suspended the system sends a message to

• The VO admins.
• The suspended user.

Both emails inform their recipients that the user's account was suspended and why. They are sent regardless of whether the suspension was done automatically by the service (e.g., failed to sign AUP) or manually by a VO admin. The user is not notified when the VO admin restores the membership.