2. Identity Registries

COmanage is an Identity Registry.

What is an identity registry?

An Identity Registry is a database for storing, curating, and managing electronic identities for people. The primary purpose for creating a registry is to manage your users’ access to electronic services.

A key benefit to storing this information in a registry rather than a file, spreadsheet or general purpose database is because registries provide pre-configured features to enable sharing of information about the registered people with “downstream” services. Registries can help manage who will gain access to these services, either directly or through a secondary system that works with COmanage.

A bit of history

Despite the usefulness of registries, there is no universal incumbent product that is used. For many years, each university wrote its own identity registry to satisfy its own local use cases; many universities still take this approach. More recently, some universities have been working together to create a “Registry for Higher Education and Research” (with mixed success). There also are newer enterprise and open source efforts have been aimed at organizations of different sizes.

Some tools in this space include:

  • COmanage
  • midPoint
  • WSO2 Identity Server
  • KeyCloak
  • OpenIAM
  • Apache Syncope
  • OpenAM
  • Microsoft AD
  • Microsoft Identity Manager 2016
  • NetIQ (Novell) Identity Manager
  • IBM Tivoli Identity Manager
  • Oracle Identity Manager
  • ForgeRock Identity Platform

COmanage as an Identity Registry and more

COmanage is a Collaboration Management Platform (CMP) designed and built for federated identity environments. These CMP tools provide many things:

  • Identity Registry: An interface for user enrollment and management of those identities
  • Basic Group/Role Management: The ability to assign rights and permissions to people through roles, groups, etc
  • Distributed permissions: The ability to distribute the management of rights and permissions to multiple people. For example, a project’s Principal Investigator can manage the rights and permissions for his/her project group
  • Tool Integration: Integration with other tools to enable more complex and coordinated functions

COmanage is not the only CMP focused on federated identity. Examples of other services include HEXXA and PERUN.

Deployers often strongly prefer one tool over another, though at their core, each of these tools serve the same basic functions. Their differences are primarily in the emphasis each tool makes on various features, how the development of the tool is managed, and how the tool is packaged with other tools.

Since you are here, we are assuming that you have already made the choice to invest in learning COmanage.

CHECK YOUR UNDERSTANDING

Click the buttons to reveal the answers

No. There are many identity registries including the list shown above.

 

An identity registry is a component of a CMP. CMPs provide include features such as distributed management of identities.

Read more

1. Workshop Welcome 3. What is COmanage