Versions Compared

Old Version 6

changes.mady.by.user Massimo Sgaravatto

Saved on

compared with

New Version 7

changes.mady.by.user Massimo Sgaravatto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you are not sure about a request, please ask Massimo Sgaravatto.

Then you should check if the user requesting the new project is compliant with the INFN policies. This means that the user must be registered in INFN-AAI and:

  • he/she must have a verified digital identity (LoA2)
  • he/she must declare to have read and accepted the INFN rules for the use of IT resources
  • he/she must have followed the "Corso di Sicurezza Informatica - BASE"

Actually the third bullet is not a strict requirement: if all the requirements but the last one are met, the request can be accepted, but please notify the user that he/she must follow the course within 30 days.


To check e.g. if the user whose family name is 'Sgaravatto' is compliant with all the 3  rules, you can execute this ldapsearch query:

Code Block
languagebash
$ ldapsearch -x -LLL -Z -h ds2.infn.it -b ou=People,dc=infn,dc=it "(&(sn=*sgaravatto*)(eduPersonAssurance=urn:mace:infn.it:loa2)(schacUserStatus=urn:schac:userStatus:it:infn.it:disciplinareict:approvato+on=202*)(schacUserStatus=urn:schac:userStatus:it:infn.it:formazione:sicurezzainformatica-base:superato+on*))"

This will return a result, only if the 3 requirements are met


Code Block
languagebash
l: pd
givenName: Massimo
sn: Sgaravatto
cn: Massimo Sgaravatto
telephoneNumber: +390499677360
mail: Massimo.Sgaravatto@pd.infn.it


If a result is not returned, check if the first 2 requirement (the "LoA2: stuff and if the user has accepted the INFN rules on IT resource usage). The query will be:


Code Block
languagebash
$ ldapsearch -x -LLL -Z -h ds2.infn.it -b ou=People,dc=infn,dc=it "(&(sn=sgaravatto)(eduPersonAssurance=urn:mace:infn.it:loa2)(schacUserStatus=urn:schac:userStatus:it:infn.it:disciplinareict:approvato+on=202*))"

If a result is returned, this means that the user didn't follow the course. In this case the request can be accepted, but please notify the user via e-mail that he/she must follow the course within 30 days.

The text of the e-mail can be something like:


We received your request for the creation of a new project for the CloudVeneto infrastructure . 
Since you requested the access to INFN resources, please note what is reported at:

http://userguide.cloudveneto.it/en/latest/Registration.html#prerequisites-for-using-infn-resources

In particular we noticed that you didn't follow the IT Security course. This must be done within 30 days.
To follow the course, please go to:

https://elearning.infn.it/course/view.php?id=105

Regards
The CloudVeneto support team


If the project can be created, ask the user who submitted the request:

...