...
The purpose of the demonstrator is to show with a practical implementation how the group membership attributes or other attributes from multiple sources can be used in a federated environment to regulate access to services.
The use of COmanage, as an attribute authority, for managing the users’ attributes allows to regulate the authorization on services based on externally provided attributes. Such service can be entirely managed by the research community, independently from service providers or identity providers.
The use of an attribute aggregator simplifies the configuration at both service provider and attribute authority level. Acting as an IdP proxy, the attribute aggregator is the only entity that needs to be configured in the service provider for authentication and authorization data provisioning.
Detailed description
A detailed description can be find in this wiki page.
...