Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
135 lines (103 sloc) 13 KB
title teaching exercises questions objectives keypoints workshopOverviewName workshopOverviewURL lessonOverviewName lessonOverviewURL previousEpisodeName previousEpisodeURL nextEpisodeName nextEpisodeURL
Understanding CO Services
10
10
Question here
List the objectives
List the key takeaways for the episode
COmanage Workshop: Managing Identities & Collaborations
CO330 - Linking to Systems Outside of COmanage
../index.md
1. Identifiers
/_episodes/01-identifiers.md
3. About Plugins
/_episode/03-plugins

2. Understanding CO Services

COmanage supports a concept of CO Services⚙️. A CO Service represents a service or application that a CO Person⚙️ has access to by participating in the organization or collaboration. While access to the service is likely controlled by attributes stored and/or managed within COmanage, the service itself is not accessed as part of Registry. Instead, CO Services⚙️ act as inventory or catalog of available services, rendering a list of available services on a per CO Person⚙️ basis.

Hands on - Specify a CO Service for your CO

Interactive system activity

Navigate to the Identifier Assignment List

REQUIRED ROLE: CMP Administrator👑 OR CO Administrator👑

  1. If necessary, sign into COmanage and navigate to your CO⚙️
  2. Navigate to the CO Services⚙️ List by clicking on the CO Configuration link in the left menu, and clicking on the Services link to display the services List.

Add a CO Service

  1. Click the Add Service link above the table to display a CO Service configuration form.
  2. Fill in the form for your service
  • GENERAL ATTRIBUTES - This information also is used for display within the service directory.
    • Name: Provide a name for the service that will be recognizable by the people in your organization or collaboration.
    • Description: Include a description to provide additional information or context for those in your organization or collaboration that may be accessing this service.
    • Status: The two options for status are "Active" or "Suspended". Suspended services will not be available to those in your organization or collaboration.
    • Visibility: Who can see this CO Service entry. Note that administrators are not treated specially – they will only see Services in the menu and portal for which they have associated eligibilities. To see the full list of services, administrators can use the configuration menu.
      • CO Admin: Only CO Administrators👑 within the CO⚙️ can see this service
      • CO Group Member: Only members of the CO Group⚙️ associated with this service can see it
      • CO Member: Any CO Person⚙️ within the CO⚙️ can see this service
      • Unauthenticated User: Anyone can see this service
    • Logo URL: The URL for an image that represents this service. NOTE: you can serve these locally from your Registry server. If this feature is of interest, we can talk about it toward the end of the workshop if time allows.
  • RESTRICTION - The ability to restrict access to the service to subgroups of your CO⚙️
    • COU: If this service should only be available to CO People⚙️ included in a specific COU⚙️, this restriction can be added by selecting the COU⚙️ from the dropdown list.
    • Service Group: Access to this service is available only to members of this group. Note the application is ultimately responsible for its own access control. This field only needs to be defined if the service visibility is set to include only to those in the CO Group⚙️
  • ACCESS ATTRIBUTES - Information that will be used for the CO Person⚙️ to access the CO Service
    • Service Identifier Type: The Identifier⚙️ type that will be used to identify users within the system.
    • Service URL: The URL of the service.
  • CONFIGURATION ATTRIBUTES
    • Short Label: Primarily intended when using LDAP Provisioning, a short label for the service that can be used when attribute options are enabled.
    • Service Label: A protocol-specific label for the CO Service, for example, SAML Entity ID or OIDC Client ID
    • Service Contact Email: The email address of a contact responsible for managing the service.
    • Entitlement URI: The entitlement URI, as specified by [eduPerson]](http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html#eduPersonEntitlement) associated with this service. This information also is used when provisioning, for example, to LDAP.
  1. Click the ADD button to save the CO Service description and configuration.

Since we do not have any specific services set up to add to our CO⚙️, let's create a service that enables the members of our CO⚙️ to get access to the information page for this workshop. The example below, enables anyone to see the item, but only members of the open-membership "Chess Group" may access it.

Screen Shot - Add CO Service

[10]

Hands On - Viewing the CO Services

Interactive system activity

Once a CO Service is available to a CO Person⚙️, that person will see the menu pick Services appear on their left-hand menu. Clicking on this menu pick will launch the Service Portal which lists all of the services that the the CO Person⚙️ may access. If at least one CO Service is configured with Unauthenticated User visibility, then the Service Portal will be publicly accessible. Otherwise, only members of the CO can see the Service Portal.

Clicking on the globe icon shown on a service listing will launch the service. In the example that we configured above, this action will launch the COmanage class website.

Screen Shot - View Services

A CO Person⚙️ to add or remove themselves from the CO Group⚙️ associated with a CO Service directly from the Service Portal, using the Join and Leave buttons. (The Leave button is shown in the screen shot above because this user is already a member of the group.) Using Join and Leave is functionally equivalent to navigating to My Groups, finding the appropriate group, and ticking the Member button. This is only available when the CO Group⚙️ associated with a CO Service is an open group.


Terminology & resources

COmanage Objects ⚙️

OBJECT DESCRIPTION Introduced in
Identifier⚙️ Objects that enable one to connect the information stored about people within the COmanage platform to representations of the same people in systems outside of COmanage CO330-01
CO Service⚙️ Services or applications that can be configured for CO Persons⚙️ to have access to by participating in the organization or collaboration. CO330-02 (this section)
. ****** CO320 - Modeling Your Organization in COmanage ****** .
CO⚙️ any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. CO320-01
COU⚙️ an organizational structure within a CO that differs in how individuals join and/or leave the group, how applications get provisioned or deprovisioned, who manages person membership and privileges in the group, or in the information stored or used about members of the group. CO320-02
CO Group⚙️ A specific COmanage organizational structure for representing certain collections of CO Persons⚙️ CO320-03
CO Department⚙️ A COmanage object that is used to model organizational departments. They can be used to store a number of attributes about the department, including telephone numbers, email addresses, URLs, identifiers, and the sets of people associated with specific responsibilities within the department. CO320-04
. ****** CO310 - Modeling People in COmanage ****** .
CO Person⚙️ The representation of a person in COmanage CO310-01
CO Group⚙️ A specific COmanage organizational structure for representing certain collections of CO Persons⚙️ CO320-03
Organizational Identity Source⚙️ Information about a person as obtained from an external source such as LDAP, netFORUM or ORCID CO310-02
Organizational Identity Source Records⚙️ COmanage's cached value of the values at the source CO310-02
CO Person Role⚙️ The representation of a person's role in COmanage. This object describe the person's role with certain collections of people within your organization or collaboration. These objects are attached to ⚙️ CO Person objects; there may be any number of Roles. C0310-04

CO Person Roles 👑

ROLE DESCRIPTION Introduced in
. ****** CO320 - Modeling Your Organization in COmanage ****** .
CMP Administrators👑 CMP Administrators are effectively super users, with the ability to perform almost all operations on the platform. CO320-01
CO Administrators👑 CO⚙️ Administrators are super users within a CO. These individuals belong to the CO:admins group of the CO⚙️. CO320-01
System Administrators👑 System Administrators have privileges that enable them to maintain the COmanage application. CO320-01
COU Administrators👑 Individuals that have the ability to perform lifecycle management operations on the CO People⚙️ who have CO Person Roles⚙️ associated with the COU⚙️. CO320-02

Worksheets

WORKSHEET DESCRIPTION Introduced in
. ****** CO320 - Modeling Your Organization in COmanage ****** .
Modeling Organization 📝 Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together CO320
CO Planning Worksheet 📝 Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance CO320-01
COU Planning Worksheet 📝 Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance. CO320-02
CO Group Planning Worksheet 📝 Planning worksheet for creating your CO Group(s). Contains all of the configuration sections at a glance. CO320-03
. ****** CO310 - Modeling People in COmanage ****** .
Modeling People 📝 Planning sheet used in this lesson for understanding how to model people in COmanage. This sheet is used to organize how specific people and their relationships would be expressed within COmanage CO310

NEXT SECTION: 3. About Plugins

PREVIOUS SECTION: 1. Identifiers


LESSON OVERVIEW: CO330 - Linking to Systems Outside of COmanage

WORKSHOP OVERVIEW: COmanage Workshop: Managing Identities & Collaborations

You can’t perform that action at this time.