Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
 COmanageHEXAAPerun
At a glanceImage AddedImage Added 
 Image Added

Image Added*

*this is the new ui

 
User Facing features   
user Onboarding

Configurable enrollment flows

  • self sign-up
  • email
  • conscription with approval
  • custom
  • email Invite, mass email invite
  • URL, optionally with seat limit
  • direct (by admin)
 
VO structure

(VO-s in COmanage are called COs)

  • very flexible structure, arbitrary depth group and unit hierarchy
  • separate sp permissions within units are not invented yet
  • VO and custom roles (+VO manager)
  • 2 level structure
  • roles can have their own subset of permissions within those available to the VO
 
eduGAIN metadata integartion-

all eduGAIN SP-s are automatically added to the system via cron+xsl script

 
SP onboardingmanual, in JRA3-developed sql db (as of v1.0.5)1) Login with any eduGAIN idp 2) select sp entityID 3) token is sent by email to contact info from metadata. The owner of those addresses becomes manager of the SP 
SP managers-(as of v1.0.5 - might be added in next version)managers can invite additional managers 
SP permissions?. It seems that we are not planning such thingSP managers can define permissions and grant them to VO-s 
Subscription to SPs? manual for now

"subscription model"

1) VO manager applies for public SP+permission 2) SP manager accepts application

"invite model"

1) contact and deal is made off-band 2) SP admin generates token for permission and sends via email/etc. 3) VO manager connects by the token

 
APIAPI for a considerable number of functions but not for templates, and other advanced stufffull API, the GUI itself uses the REST API 
custom GUIit should be possible to some extent, but no partial access
  • Custom GUI possible, enables custom workflows.
  • Example in production: NIIF HPC portal
  • API users can manage their own VO, SP, Permission (everything) but only in their own security domain - no true admin access necessary for custom GUIs
 
deprovisioningplugins?hooks, that call urls with json parameters at defined events, like user removal from group 
Development model   
Operation model   
Roadmap