LLMpediaThe first transparent, open encyclopedia generated by LLMs

COmanage Registry

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: DFN-AAI Hop 5
Expansion Funnel Raw 55 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted55
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
COmanage Registry
NameCOmanage Registry
DeveloperUniversity of Michigan, Internet2
Released2011
Programming languageJava
PlatformCross-platform
LicenseAcademic/Research-friendly (open source)

COmanage Registry

COmanage Registry is a software project for identity and collaboration management developed with contributions from academic institutions and identity federations. It provides a registry for managing communities, research groups, and organizational identities, integrating with federated identity systems and directory services. The project has been used across universities, research consortia, and international collaborations, often in conjunction with middleware and standards from the scholarly technology ecosystem.

Overview

COmanage Registry originated to support faculty, staff, and student identity workflows within higher education and research infrastructures. The project interacts with identity federations such as InCommon, eduGAIN, and with directory platforms like LDAP and Active Directory. It complements middleware and frameworks including Shibboleth, CAS, and Globus while aligning with profiles and protocols from OASIS and Internet2 initiatives. Widely cited in deployments at institutions such as the University of Michigan, it positions itself alongside projects like Identity Management solutions in the research and education sector.

Architecture and Components

COmanage Registry is implemented as a modular Java web application running on servlet containers compatible with Apache Tomcat, often deployed on operating systems like Red Hat Enterprise Linux and Debian GNU/Linux. Core components include a model for collaborative organizations, a plugins framework, and connectors to external systems such as LDAP, SAML, OAuth 2.0, and provisioning endpoints. The registry architecture leverages databases like PostgreSQL and MySQL for persistence and integrates with message-oriented middleware and logging stacks exemplified by Apache Kafka and ELK Stack in advanced deployments. Administrators commonly run it with orchestration tools such as Kubernetes or Docker for scalability.

Features and Functionality

The Registry offers features for group and membership lifecycle management, role assignment, delegated administration, and automated provisioning. It supports workflows for registration authority processes used by projects like ORCID integrations and research identity linking with Crossref metadata services. Identity federation features include support for SAML 2.0 metadata management, entity categories used by REFEDS, and consent collection aligned with GDPR considerations for European deployments. It also provides APIs and plugin points for custom business logic, enabling integration with campus systems like PeopleSoft, Banner, and research data management platforms such as Dataverse.

Deployment and Integration

Typical deployments integrate Registry with institutional identity providers (IdPs) and service providers (SPs) using SAML metadata fed into federations like InCommon or eduGAIN. It is often paired with attribute authorities and entitlement services like COmanage Attribute Authority and provisioning pipelines to Active Directory and cloud identity providers including Okta and Azure Active Directory. Integration scenarios span single sign-on setups with Shibboleth and application-level access control in systems like Moodle, Canvas, and research identity hubs such as CILogon. For large consortia, orchestration with Ansible and monitoring via Prometheus is common.

Security and Privacy

Security practices for Registry deployments follow standards from NIST and guidelines published by organizations like Internet2 and Refeds. Support for cryptographic operations leverages libraries compliant with FIPS recommendations where required. Privacy features include consent capture, audit trails, and scoped attribute release consistent with GDPR and research data protection policies applied by institutions such as NIH funded projects. Role-based access control integrates with institutional directories and identity assurance frameworks like IAP and credentialing recommendations from FICAM-aligned guidance.

Use Cases and Adoption

Common use cases include managing membership for research collaborations such as multi-institutional grants administered by organizations like NSF and consortium services supporting projects funded by Horizon Europe. Educational use cases include delegated group administration for student organizations at universities like Stanford University and University of Oxford, and cross-institutional training networks coordinated through federations such as GEANT. The registry has been adopted by national and regional research and education networks (RANs) and support centers collaborating with Internet2 and service providers integrating with platforms like Globus for data transfer.

Development and Community

Development has been community-driven with contributions from academic IT departments, research consortia, and identity federation operators. The project governance model resembles collaborative open-source governance used by organizations like Apache Software Foundation and collaborative research software initiatives such as Software Carpentry. Community activities include mailing lists, code repositories hosted on platforms similar to GitHub, and participation at conferences like Internet2 Member Meeting and EDUCAUSE events. Training and documentation efforts often involve partnerships with national federation operators and centers of expertise in identity and access management.

Category:Identity management software