Internet2

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Your organization not listed? Create a local account to use Internet2 services.

Create SiteID

Blogs

COmanage Implementation News

Feb 14, 2017, by Christopher Hubing
Tags: COmanage, Trust & Identity, Trust and Identity in Education and Research

Internet2 has taken the first steps toward implementing COmanage, an Internet2- and NSF-funded software package. We believe COmanage has the ability to better support our community as well as streamline many of our business processes. 

COmanage is one of the TIER Program components which enables cohorts within, and across, multiple institutions to self-manage, and provides support for provisioning and deprovisioning of services and access controls to a variety of resources. It is both an entity registry as well as a provisioning engine. The COmanage functionality is powerful, feature-rich and serves as a means of connecting applications together in a way that enables "virtual teams" to function autonomously. 

An early goal is to provide a mechanism for easy onboarding and offboarding of services for teams such as Internet2 Working Groups, like the ability for people to opt-in or out as needed based on the type of working group, its charter, and so on. 

COmanage has the ability to link multiple credentials into a single account. This can be very useful for our members that move between institutions. For example, a user could be invited to the COmanage system via their Penn State account, but then later they might take a position at Duke. This user could then link the original account to the new Duke account, thus retaining access to all the resources and authenticating with this new account. This system will also support linking social identities, such as Google, Facebook and Twitter. 

The following diagram illustrates linking multiple credentials to a single "CO Person" account. 

Diagram of COmanage

COmanage also has an extensible plugin system that allows one to create mechanisms such as custom provisioners. In the event a custom integration is needed, one can just write a plugin and install into the COmanage system. This is especially useful for integration with cloud services that require provisioning or licensing prior to a user logging in. For more information, refer to the documentation titled "Writing Registry Plugins."

A recent webinar and slides on Paving the Way for Research Collaboration (Aug. 2016) provides more information regarding COmanage and how it has been leveraged to support virtual organizations.

The Internet2 COmange environment will be deployed in Amazon Web Services. The goal is to automate the deployment as much as possible. In this way, we can share out the infrastructure code to others, who can then use this as a template to deploy their own COmanage infrastructure. For more information about infrastructure as code in this context please see Amazon CloudFormation. The auto-scaling and geographic redundancy features of AWS will help to ensure the performance and availability that our community expects. COmanage will be backed by a relational database running in Amazon Relational Database Services (RDS) spanning multiple availability zones with automated backups to other regions. 

We are looking forward to sharing additional information about the project as it moves forward. 

We hope to demonstrate some of the powerful capabilities at the Internet2 Global Summit, April 23-26, 2017, in Washington D.C. at the TIER Demonstration booth.  Stay tuned for more updates!