From ea4d5bdde52455715e7735dde4aa7dcccc21f482 Mon Sep 17 00:00:00 2001 From: Keith Hazelton Date: Wed, 17 Nov 2021 14:02:25 -0600 Subject: [PATCH] Update comanage-wb-registry.adoc --- comanage-wb-registry.adoc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/comanage-wb-registry.adoc b/comanage-wb-registry.adoc index 37880a6..6a01cdf 100644 --- a/comanage-wb-registry.adoc +++ b/comanage-wb-registry.adoc @@ -11,9 +11,6 @@ Assess what is involved in reconfiguring the CSP Workbench to use COmanage as Re - Reroute source systems to COmanage from midPoint - Have COmanage tell midPoint which systems to provision - TommyD: Goal: Transition COmanage from a Guest SoR to the central person registry, to populate the Grouper subject source -- Paul: If mP does all the downstream provisioning, don’t need to reroute the source systems; Switch the identifier generation to COmanage; COm handles onboarding, etc. -- BennO: What’s the functionality we’re trying to establish? Are we wiring SOR to mP and have mP send stuff to COmanage, or COmanage sending SOR data to mP; If you have upstream SoRs (PS Banner) and multiple systems need the SoR data, do you create a unified IAM source stream/interface: Fork the flow from the interface; -- KeithL: What is the overall intent? What are we trying to gain? Is it an integration problem that COm is solving - Tommy: Componentizing: Have registry do registry, and provisioner do provisioning; so consolidate SOR feeds into COmanage; - ChrisHu: Have COmanage populate ou=people? WB sub source is LDAP; Do you want to use COm 4? BennO: 4; TommyD: We have COm 4 now - TommyD: Have COm populate a db table; or have it populate an LDAP directory that’s used only for the IAM systems, not for user authN. Whichever that system is will act as the Grouper subject source and the midPoint identity source. @@ -21,6 +18,11 @@ API and SQL provisioner; has its own data model, cleans out the metadata and cre - KeithL: What are registry’s primary functions? Tommy: Id Match, identity generation/assignment, populate the Grouper subj source / midPoint person data; - ChrisHu: Get a WB branch on 4.0 for use ID Match 1.0 to be released in a week or two. Want Registry 4 with Match to make match configurable. Dump COm DB after the initial config, then re-import clean; BennO: It’s probably best for now + +- - - +git clone -b COmanageAsRegistry git@github.internet2.edu:internet2/InCommonTAP-Examples.git + + - Ethan: Lots of sleep and wait calls in our docker-compose.yml - TommyD: What does mP need for person identities? PaulC: in mP, ‘name’ needs to be a persistent person identifier; - KeithL: ‘name’ as username? Connecting to Banner use GUID or…