The COPerson Object
COmanage Workshop: Managing Identities & Collaborations
CO310 - Modeling People in COmanage
2. The OrgIdentity Object
1. The CO Person
People are represented in COmanage by a
The attributes (information) stored in the
- The virtual organization or collaboration of which the person is a part
- The person's status within that organization or collaboration
- Minimal information about the person including the person's time zone, date of birth, and list of physical addresses.
- List of names
- List of identifiers
- List of email addresses
This object also is connected to several other structural items that we will talk about in this lesson, including
- External Representations - representations of the person in other contexts outside of COmanage (including real life!) These representations include attributes and information about the person related to the other context. Each
⚙️must have at least one of these, though multiple are allowed.
- Roles - the roles that the person assumes within your organization.
- Group Memberships - membership in a specific COmanage organizational object called a :gear"
CO Group. We will learn more about :gear"
CO Groupsin a later lesson.
- Authenticators - methods for the person to sign into Services
CO Person status
The status value will affect what someone is able to do, including affecting what information is shared with external systems for access and resource provisioning. We will review how status affects provisioning when we talk about provisioning in a later lesson.
Below is a list of the available statuses.
- Active: Person or Role is an active member of the organization or collaboration
- GracePeriod: Primary association with the organization has ended, but services have not yet been deprovisioned
- Suspended: Association with the organization has been (manually) temporarily suspended
- Expired: Valid through date has been reached
- PendingApproval: The enrollment flow petition is pending approval
- PendingConfirmation: An invitation or email confirmation was sent via an enrollment flow
- Invited: An invitation was sent via default enrollment
- Denied: The enrollment flow petition was denied
- Declined: The invitation sent via default enrollment was declined
- Duplicate: The record is a duplicate of another
About name attributes
About identifier attributes
The ultimate goal of identifiers is to facilitate application integration. In COmanage, each
We recommend that you configure at least one identifier for each
About email address attributes
COmanage can track email addresses. Email addresses can be verified from within COmanage (which we will not review during this workshop). Email addresses can also be used for mailing lists using the mailman provisioner (which we will review, time allowing.)
When storing email addresses, more than one can be associated with the
- official - the address to render in a directory entry, especially for use in a "To:" or "Cc:" field. LDAP attribute: mail
- personal - Alternate addresses to accept for mail delivery or forwarding. LDAP attribute: mailAlternateAddress
- delivery - the delivery location (e.g., mailbox). LDAP attribute: mailForwardingAddress
- forwarding - Address to forward mail to, perhaps if there is no delivery address, or an official or personal address is not functioning. LDAP attribute: mailForwardingAddress
About physical address attributes
This information is not used by COmanage, but since it is handy to have physical address information in your registry (for example, to share with your organization's directory), it is included. Any number of physical addresses may be associated with a :gear"
CO Person object.
Hands on - Starting our person model
As we build our understanding of how people are modeled in COmanage, we will use people in your organization as examples. In your printed packet, there are sheets for Modeling People
Think of at least three people in your organization that you can use as examples. The three that you choose should assume different roles in your organization or collaboration. Maybe they have different levels of authority, have access to different kinds of systems or services, form and manage their own groups. One of the people you choose may even work for a different organization, though collaborates with individuals in your organization.
Once you have thought about who you will use as your examples, write their names (or an alias!) on the sheets, one name per sheet. The name goes in the center circle that is labeled "CO Person".
Terminology & resources
||the representation of a person in COmanage||CO310-01 (this session)|
||a specific COmanage organizational structure for representing certain collections of
| Modeling People
||Planning sheet used in this lesson for understanding how to model people in COmanage. This sheet is used to organize how specific people and their relationships would be expressed within COmanage||CO301 (this lesson)|
NEXT SECTION: 2. The OrgIdentity Object
LESSON OVERVIEW: CO310 - Modeling People in COmanage
WORKSHOP OVERVIEW: COmanage Workshop: Managing Identities & Collaborations