Skip to Content.
Sympa Menu

comanage-users - Draft Minutes: COmanage BoF at SMM 26-Apr-10

Subject: COmanage Users List

List archive

Draft Minutes: COmanage BoF at SMM 26-Apr-10

Chronological Thread 
  • From: Emily Eisbruch <>
  • To:
  • Subject: Draft Minutes: COmanage BoF at SMM 26-Apr-10
  • Date: Fri, 7 May 2010 10:41:57 -0400

COmanage BOF at Internet2 SMM  
Arlington, VA
Monday, 26-Apr-10


Heather Flanagan, Stanford (chair), welcomed the group.


  • How does the architecture look to you?
  • Definition of domestication?
  • Service model 
  • Issues around Configuration Management
  • Provisioning and De-provisioning
  • Do we have a system administration problem?
  • Big VOs are one thing, but what about the little VO?
  • What are other people/companies doing -- is that perhaps a better direction?

*COmanage Model*

The COmanage model includes:
  • Dashboard
  • Shib SP 
  • Shib IdP (provides attributes to applications/SPs that need them, assuming they speak SAML)
  • Grouper
  • STS
  • Ldappc (including provisioning)
  • Data Store (LDAP Directory)
Other collaboration management platforms have used the same model, but with a different data store (instead of LDAP). The Swiss have a very nice collaboration platform, but it does not handle SAML.

Q: Where does COmanage stand in regard to providing applications or not?

A: When the COmanage team worked on the VM, user-facing collaborative applications were included and we ran into difficulties. The future direction may depend on the needs of organizations that become the pilot users. 

  • Inside of COmanage there is a mix of attributes from the enterprise and the VO.
  • Permissions can originate from the VO, Grid and SSH certificates. 
  • Some organizations (such as the Grid community) prefer to have a second pass at attributes using local conditions.  

*Service Model and Hosting*
  • Should InCommon or Internet2 host COmanage, if it’s offered as a hosted service?
  • For domain science, having COmanage as a hosted service can be very attractive.
  • Supporting applications is problematic, but small VOs frequently want/need someone to support their applications
  • Can we offer a multi-tiered service? (Infrastructure, Applications, Support, with one inside the other). Then adopters could choose just what they want.
  • Tom Barton (U. Chicago, Grouper project lead) suggested that we ask ourselves what we are good at doing and focus on that (most likely that’s providing the glue in the middle, NOT the applications)

Scott Koranda (LIGO/U. Wisconsin - Milwaukee) suggested that providing building blocks is good. The LIGO Collaboration uses Shib and Grouper. If blocks are built with the correct discreteness, it can be possible to solve multiple problems.  

Michael Gettes, MIT (developer of the COmanage proof-of-concept) stated he does not believe that a COmanage VM is needed, given the resources required to provide such a packaged product. He noted that people want a unified experience, but they don’t specifically need a VM.   

It was noted that some organizations (like Penn State) have an IT Group that handles many VMs. Smaller institutions may prefer a cloud-based approach.

Niels van Dijk (SURFnet) commented that even if there is not a VM, it’s good to have a low threshold to entry so folks can tinker with COmanage.

*Tech Writer*

Heather stated that a tech writer has been hired to document the COmanage work that has been developed over the past few years.

*Other Approaches to Collaboration Management*

Other approaches to collaboration management were reviewed:
  • Mike Grady (UIUC) commented on the CIC’s work in Shibbolizing SharePoint. This SharePoint-enabled collaborative workspace has worked well, supporting several hundred collaboration groups.
  • Project Oz at Duke uses Grouper to manage collaborative tool suites for courses 

Q: Do we need to be sure various collaboration platforms can talk to each other?

A: This could involve ensuring that data can be moved back and forth between platforms. It could also involve ensuring a consistent user interface experience, which does seem like a good goal. 

Q: Should we resurrect SPML?

A: TomB noted that the new Ldappc uses SPML. University of Memphis plans to replace the Nexus system with the new Ldappc.

Emily Eisbruch, Technology Transfer Analyst
office: +1-734-352-4996 | mobile +1-734-730-5749

Visit our website:
Follow us on Twitter:
Become a Fan on Facebook:


  • Draft Minutes: COmanage BoF at SMM 26-Apr-10, Emily Eisbruch, 05/07/2010

Archive powered by MHonArc 2.6.16.

Top of Page