COmanage: Collaborative Organization Management
COmanage, a project funded by the NSF and Internet2, is a collaboration management platform that allows organizations to meet their science and research objectives using key collaboration tools in a secure and effective framework. By leveraging federated identity management services, the authentication and authorization of Collaborative Organization (CO) members are handled in a single, efficient process defined by the CO. This process automatically creates the accounts and access controls for tools such as wikis, calendars, conferencing tools and other domain applications that are available to organization members.
COmanage is part of the InCommon Trusted Access Platform, a community-developed open-source IAM software suite.
NSF SDCI Bedrock Award
Information about the National Science Foundation - Software Development for CyberInfrastructure (NSF-SDCI) Bedrock award, which provided major funding the COmanage project, is available on the NSF SDCI Bedrock Award page.
The COmanage Project in platform deployments around the world. The platform includes:
- The COmanage Registry, an Identity Management System (IdMS) designed for collaborative organizations
- A rich set of APIs to connect federated applications the consume attributes and access control information provied by the COmanage Registry.
The software, installation guides, best practice information, and architecture information are available on the COmanage wiki. The project uses open standards and is licensed under the Apache2 license.
NOTE WELL: All Internet2 Activities are governed by the Internet2 Intellectual Property Framework.
Development of this software is supported with current funding from Internet2 and previous contributions from Stanford University and the National Science Foundation (Grant No. OCI-0721896, OCI-0330626, OCI-1032468).
- Ability to create enrollment flows specific to an organizations requirements
- Direct provisioning of information in to an LDAP directory
- Ability to create VO-specific attributes and connect them to a federated identity
- Support for VOOT and Grouper
- Documented API for tool integration
Future releases will include:
- Audit and reporting functionality
- Time-based expiration and account de-enrollment
- Service notifications
To Subscribe to the COmanage Community List
send e-mail to "pubsympa at internet2 dot edu" with the following in the SUBJECT LINE:
"subscribe comanage-community FirstName LastName"
For more information, visit the InCommon Trusted Access Platform web presence.
What is COmanage?
COmanage, a project funded by the NSF and Internet2, is an effort to develop a set of capabilities that allow collaborative organizations (COs) to meet their science and research objectives using key collaboration tools in a secure and effective framework. By leveraging federated identity management services, authentication and authorization of CO members are handled in a single, efficient process. This process, defined by the CO, in turn automatically create the accounts and access controls for tools such as wikis, calendars, conferencing tools and other domain applications that are available to CO members.
What problem is COmanage trying to solve?
With COs often consisting of individuals from multiple institutions with different authentication infrastructures, many COs resort to creating yet another identifier for the individuals in order to enable access controls on the organization's materials and data. This proliferation of identifiers for an individual means more passwords for the individual to remember and no automated way for the CO to know when that individual leaves the home organization and the CO. The goal of COmanage is to ease the complexity of identity management for a CO by leveraging identity information from the home institutions through middleware tools such as Shibboleth Federated Single Sign-On Software and Grouper.
What is a Virtual Organization (VO) and how does it diifer from a Collaborative Organization (CO)?
A VO is a group of individuals or institutions that is focused around a particular domain science and usually uses significant resources (computers, storage, networks, etc.) beyond collaboration tools. Often, these additional resources have substantial authorization requirements, stemming from federal guidelines, audit standards, etc. From the perspective of a collaboration management platform, these terms are interchangeable.
How can COmanage help a CO?
COmanage takes much of the burden of tracking identity and authorization off the researchers by providing a platform to consolidate the identity information of CO participants and linking the collaboration tools (mailing lists, wikis, domain science apps) back to the collaboration management platform.
What applications can COmanage help manage?
Any applications that have externalized their authentication and group management requirements, such as Confluence (wiki), Sympa (mailing lists), Bedework (calendaring), and more, can be tied in to the COmanage infrastructure. COmanage can also manage SSH keys, allowing a centralized service to manage non-web access.
How long does it take to have an application manageable by COmanage?
If an application has not been designed to accept any external information, it is going to be very difficult to work in to any collaboration management platform. Other applications, ones that have already been designed with a federated model in mind, should integrate in to COmanage much more smoothly. The actual time for integration depends largely on the programming resources and community support available for any given application.
Are there places where I can use COmanage without having to set it up myself?
While there is no service model for COmanage at this time, such a model is being considered. Come back to the COmanage website or subscribe to the comanage-announce mailing list for updates. See mailing list information in the Participate tab.
What are some other collaboration management platforms?
Other collaboration management platforms include open sourced project SURFnet's OpenConext
, in the Netherlands, and Perun from CESnet
. OpenConext provides a user-friendly, feature-rich collaboration platform that can be configured to use COmanage as a powerful registry service and enrollment manager for the environment, whereas Perun can offer a separate standalone service.
Who is using COmanage?
COmanage is currently in production within several COs, including LIGO (a large science CO) and GÉANT (the pan-European research and education network that interconnects Europe’s National Research and Education Networks).
Who is supporting COmanage?
COmanage is funded by Internet2 and the NSF under an SDCI award
How active is the COmanage effort?
The development team meets regularly. See the COmanage Roadmap
for up to date information on releases and features in progress.
Where can I get more information?
Please sign up on the comanage-announce mailing list for news releases and announcements, or check back to the website for updates. See mailing list information in the Participate
tab. See the COmanage wiki.