COmanage Developers List

[Ken Klingenstein <>]

Alex,
  I'm answering your inquiry about COmanage, and hoping to connect  
you in the process with some folks in Europe who can also engage you  
as we move forward. A few of us have previously noted Lifewatch as an  
important archetype of the community we want to serve - it was good to  
get your note.
  First of all, I'd like to point you to a BoF at the upcoming Terena  
meeting next week about COmanage and its ilk. (http://tnc2010.terena.org/schedule/meetings/index.php?event_id=20 
). A number of the folks who can talk in depth about your questions  
will be there, and I'll mention your interest there. While the BoF is  
generic in its collaboration management platforms, several folks there  
are involved with COmanage type deployments in Europe.
  As to the status of COmanage, a word of context and then an answer.  
COmanage is as much an architecture as it is an implementation. So it  
takes several forms - as an instance assembled from servers hosting  
the elemental parts of COmanage, as a VM, as a VM in a cloud offering,  
as a national service built from server farms. With that context,  
COmanage is moving forward with increasing velocity as people realize  
that access control to applications is the natural extension of  
federated identity. Most of the work right now is on service instances  
- the Dutch are doing two national services (one for eResearch, which  
will include collab and domain apps, and one - called COIN - for the  
broad education community that will include identity and access  
control for apps hosted within the community); in the US we've heard  
that the Teragrid is setting up a service as well. That suggests  
integration with Grids - we already have a mechanism (called GridShib)  
that can produce X.509 certs for Grid use from a collection of  
attributes and identity housed in a COmanage type store. There has  
also been a fair bit of work done in federating SSH, but the group  
elements aren't there yet. As for clouds, its pretty widely written  
these days that federated identity is the standard access mechanism  
for them, and we're starting to engage some cloud providers (e.g.  
Google) about bringing in external group information. (The Dutch have  
already built a connector.)
  In the US, we've done little with social networking (except for a  
beta version of OpenId now in the Shib IdP). However the Dutch have  
done a lot more, integrating OpenSocial into their GUI and tools. We  
plan on following their work.
  We've recently hired someone to work much more actively on COmanage  
(it was largely volunteer effort in the US previously) and expect a  
lot of progress in the next few months on domesticated applications,  
GUI's, etc. Probably produce a VM in the process, though VM's in a  
volatile development period have a short shelf life.
  One thing you didn't mention, and that probably matters in a  
project as large as Lifewatch, is automatic provisioning and  
deprovisioning. That's coming in a release soon, and will prove  
useful. Not many people think about deprovisioning...
  On the COmanage-dev list cc'ed above are a number of sharp  
technical folks (including the Dutch) who can help in our conversations.
  Thanks for your interest.
                Ken