comanage

Image with thanks to Gera Pronk.

At the VAMP2013 meeting this week, Heather Flanagan and Ben Oshrin gave an update on COmanage.  Heather starting by explaining the COmanage project intended to provide a simple platform for managing access control for virtual organisations but quickly realised that there was nothing simple about this space.  COmanage aims to provide on-the-fly provisioning tools for Virtual Organisations.  The elevator pitch is:

COmanage Registry combines group management with configurable and flexible enrollment workflows to support the quick and easy spin up of collaborations focusing on a common task or goal.

Heather explained some of the pain that virtual organisations like LIGO used to go through when signing up new member organisations that included large spreadsheets, lots of manual data entry and long delays.
One of the things problems that COManage highlighted was the ability of our community to continually reinvent the wheel.  When COManage was in early development, many organisations looked at it but said it wasn’t feature ready and went away to work on their own projects.  COManage is now feature ready, but a potential customer base is scattered and working on disparate tools with various states of readiness.  A better way of working on issues such as these within the R&E community is needed.  COManage has focused on software development based on use cases, driving development from real-life scenarios.

COManage deals with some of the thorny problems of researchers having multiple identities by using an internal Attribute Authority to link identities together – this is effectively a combination of SAML and LDAP.  It also has flexible enrollment flows allowing self signup, admin signup, requiring approvals, using default attributes etc.

Working with LIGO, the COManage project has built myLIGO 3.0, which is a full replacement for the existing home-grown identity management platform used by LIGO.  Many of the lessons learned in this process are being fed back in to the main COManage release.  This has also helped drive an approach based on ‘no-configuration files’ with a simple UI screen that should be usable “by any grad student given the job of doing this for a project”.

The audience asked what the difference was between SurfConext and COManage?  COManage was built with a focus on the back-end and SurfConext was more focused on the user experience.  Interoperability between the 2 platforms has been proved.  Both a good demonstrations of how virtual organisations can leverage identity federations whilst also addressing the need for richer attribute exchange needed for such projects.

It will be interesting to see if the work with LIGO will demonstrate the value of COManage as a tool for virtual organisations, and whether we will see any take-up within the EU funded projects represented at the VAMP and FIM4R meetings.  Is there too much of a ‘not invented here’ syndrome to overcome, or can COManage find a platform in Europe?