Tuesday, 20 December 2011

The Training Marketplace

Claire Devereux from the NGS introduces the EGI Training Marketplace.

The Training Marketplace is a service that allows you to search for or advertise training events and resources throughout the EGI community. These can be events or resources that may be open to absolutely anyone, just those within the EGI community, or they may be specific to a small project or to one country only. The Training Marketplace is the one-stop shop for your training needs as a user and is open and free for both academic and commercial providers to advertise in.

Since May the Training Marketplace has evolved from a simple event and material repository into a interactive site where requirements can be captured, events can be rated, and the tool can be customised and embedded into third-party websites using our gadget generator.

The following types of resources are currently supported:
  • traditional training events, usually classroom based or workshops where people attend in person. They can also include virtual events running at specific times. The difference between training events and online training is that training events have a set start and end time whereas online training is accessible either permanently or over a longer time scale.
         You can choose to display events as a list, on a calendar or on an interactive map.
  • online training, available via the web. This category covers a wealth of resources, from self-study courses that require users to log in and complete exercises at their own pace leading to a qualification, through to online tutorials that users can tap into as they wish.
  • training resources, physical resources or services available to the community to assist in training. An example of a training resource is the GILDA Certification Authority. GILDA issues temporary (14 day) personal public key certificates (compliant with the X.509 standard) in order to access the GILDA Testbed for user training.
  • the requirements area is a place for users to describe their training needs and for training providers to see if there is interest in running courses. For example, a provider may post details of potential offerings and ask those interested to visit their website for further details, to check for viability before running a course.
  • University courses is the place for higher education institutions to advertise their Masters and Doctorate training opportunities.

After attending an event or taking part in online training users can rate the event and leave their feedback, letting others know the value of their experience much in the same way are people do with online shopping nowadays.

The latest release is a step towards improving the user's experience and looking towards longer term sustainability. It includes the new online training category, much improved search functionality, notifications to authors once entries are published and an improved calendar view. We are now working improve the functionality and appearance of the Training Marketplace gadget, which allows projects or NGIs to embed the EGI Training Marketplace into their own website, pick and choose which parts to include and even skin some elements with their project colours. If you are an NGI or project we would be interested in hearing about your requirements for the gadget, so please contact us.

Thursday, 15 December 2011

CA stuff

Three almost unrelated things, except that they relate to the CA(s), somewhat technical stuff, so bear with me:
  • If you have renewed your certificate recently and found that it didn't work with VOMS, this is due to a misdesigned "feature" of VOMRS that it insists on registering not just the user name but also the issuer name as part of the account. In the Real World(tm), we can keep the issuer (ie CA) name the same all the time but this does not work with grid middleware, so we have to change issuer name whenever we roll over. The "feature" adds no extra security for grid CAs because the user name will always be unique. There is a workaround that tells the server to ignore the feature, which we thought everyone had been using for years - but this, as Steve Traylen points out, will still cause problems if your certificate expires before you can resign the AUP (surely a rare case?!) - but should otherwise work fine. The best option otherwise seems to be to get your VOMS admin (not VO admin!) to duplicate the account entries, one with each issuer name, the old and the new one. CERN (Steve) has done this with theirs, and we are checking the other ones to see if they have failed to enable skipcacheck.  I am both amazed and sorry that we have not discovered (and resolved) this sooner... but Steve is a Wizard(tm) and will fix it...  Incidentally, it is not just us, other CAs roll over too - however, many have chosen to extend the lifetime of the existing certificate instead of renaming it - this will then not cause problems with the VOMRS accounts, but it causes problems with server/client synchronisation for HTTPS instead - if the server and client (browser) are not updated in sync (and they never are), some browsers will print obscure error messages and fail to connect (as we know from past experience).
  • Oh, and another good thing is that the IGTF rules have changed - we can now make the end entity issuing CAs have longer lifetime, so we no longer have to roll over every four years.  Hooray!
  • On the subject of IGTF 1.43 release which came out recently. We're rebuilding the NGS-specific release except we are going back (or forward?) to individual RPMs instead of a single one for the lot - this means we need a couple of dependency RPMs but we should then be able to not mess with the IGTF stuff much and sites can in principle fine tune what they install. We'll have to think about the dependencies carefully.
  • Related to this (so, er, not entirely unrelated), there is this problem with the IGTF root signing policy file. We're trialing the Least Elegant Workaround(tm) this time, having discussed it at some length, by testing a self-signed version of the SLCS toplevel. This makes it independent of the root in the technical sense of building a verification path and checking signing policy files, so would slot in next to an unmodified IGTF release directly - but the downside is that we now have another self signed certificate that we'd need to establish trust in, and the fact that the policy of the SLCS branch (ie the SARoNGS CA, the CEDA CA, etc.) were supposed to be covered by the root CP. Depending on how good this looks (we're testing it from today), this may appear in 1.43.
  • Oh yes, and I know I need to get TACAR corrected and updated. This is not trivial (requires writing forms and pgp signatures) so is awaiting a slot where I have some time...
That was three things, for suitably large values of three. If you have any questions, do get in touch...

Wednesday, 14 December 2011

Return of the Champions

I’ve recently taken over the organisation of the NGS Campus Champions programme here at the NGS and last week I chaired the first meeting of the group.

Our Campus Champions come from a number of universities across the UK and are mainly representatives from IT Services.  As for their role and activities on behalf of the NGS?  Well this was one of the main things I wanted to discuss at the meeting!

Thankfully all our Campus Champions agreed with my list of proposed benefits for them (and us) of being a Champion.  In brief the NGS will provide training in using NGS resources, tools and e-infrastructure; provide access to online training materials; produce publicity material to help them publicise the NGS and their role as Champion; hold Campus Champion events at relevant events; hold bi-monthly phone calls for dissemination of news and information.

In return the Campus Champions will actively promote the NGS within their institution offering advice and advising researchers; display NGS Campus Champions publicity material; pass onto the NGS requirements from their institution and researchers; liaise between researchers, the institution and the NGS; attend the bi-monthly Campus Champions meeting.

Currently we have 14 institutions with Campus Champions but we are always looking for more!  If you are interested in becoming a Champion then please contact me.  Your site doesn’t have to be a member of the NGS for it to have a Champion.   The current list of institutions is:
  • Canterbury Christchurch              
  • University of Huddersfield          
  • University of Hull            
  • University of Liverpool
  • University of Manchester           
  • Queen Mary - University of London       
  • University of Oxford        
  • University of Reading    
  • STFC - Daresbury Laboratory      
  • STFC - Rutherford Appleton Laboratory                
  • University of Sheffield  
  • University of Surrey       
  • University of Sussex      
  • University of York
The next meeting of the Campus Champions will take place by phone in February but in the meantime I shall be making some changes to the existing Campus Champion pages on the NGS website.  Watch this space!