Are we being paranoid?
After spending a very stimulating week at the EGI Community Forum 2012 I returned to work on Friday morning to find over 400 emails from our VOMS server stating that pretty much all our enmr.eu VO members had been suspended, including myself... Since then the number of emails has probably passed the 1000, many of them from users enquiring what's happening.
In short, this "behaviour" seems to be a "feature" of the new VOMS software. Without warning or advanced notice, all users are simply suspended, because they failed to sign the VO Acceptable User Policy (AUP) in time! It would have helped if users would have been notified they had to do that...
In trying to control the damage, we re-enabled all users, requesting that they sign the AUP. We were told we violated VO policies in doing so... I would like to see policies about services to the users, including proper notication well in advance when something like this is going to happen. Think of your bank doing the same: suspend your account without notice... You would probably switch bank pretty quickly.
We have been doing our best over the last few years to attract a new community to grid computing and promote the use of e-Infrastructure. What just happened clearly damage the image of the grid. I understand we have to worry about security, but let's not be paranoid!
There were lots of talks at the EGI Community Forum about user centric views, friendly portals and gateways, discussions about attracting new communities, e.g.the ESFRI projects... Clearly what just happened shows that we are still far from a user-centric and friendly view of grid business.
Now I am doing damage control, trying to answer the many emails of users, explaining them that this occurred outside our doing and apologizing deelply for it. Many of them encoutered problems accessing the VOMS server, a few typical issues being:
- unable to establish a secure connection (probably because of some specific security settings of the server)
- being confronted with an untrusted certificate of the server - should I trust this site?
- being abroad without access to their personal certificate and thus being unable to sign the AUP on time
- thinking that these are spam or phishing emails
I am trying to reinsure them that all is safe and helping them as much as possible. We are representing the largest VO in the life sciences area... A few more of these events and I am afraid we will loose many users.
Enough blogging for now, back to damage control.