Background

This script utilizes four roles intended to demonstrate the platform:

  1. U1: An unprivileged, existing member of MyCO
  2. U2: An unprivileged new member who will be added to MyCO and made a COU Admin
  3. P1: The MyCO CO Admin
  4. P2: The CMP Admin

It is possible to run this demo with one person performing all four roles, or with four people each performing one role, or with two people each performing two roles. Where a person performs more than one role, it may make sense to use protectnetwork identities for the unprivileged roles and organizational identifies for the privileged roles.

An abbreviated demo only uses two roles (P2 and presenter's choice of U1 or U2), and therefore covers slightly less.

The login identity or EPPN (such as foo@idp.protectnetwork.org or bar@internet2.edu) associated with each role will be referred to as a "login" for short, eg: U1 login.

The "Demo IDMS" refers to the COmanage Gears demonstration installation available at https://demo.co.internet2.edu/gears.

The "Demo Wiki" refers to the Dokuwiki demonstration installation available at https://demo.co.internet2.edu/dokuwiki.

Presenter Requirements

The following must be done for each presenter once (not once per presentation):

  1. Each presenter who will perform U1, P1, or P2 must have the organizational identity for the U1/P1/P2 login they will use for the demo added to the Demo IDMS.
    1. "Organizational Identities" -> "Add a New Organizational Person"
    2. Be sure to add an email address (so the identity can be invited to MyCO).
    3. Be sure to add the EPPN as an identifier and check the "login" box so it can be used to login to the Demo IDMS.
  2. Each U1 or P1 login organizational identity must be invited to MyCO.
  3. Each P2 login organizational identity must be invited to COmanage.
  4. Each U1 login MyCO identity must be added to the group MyCO:dokuwiki.
  5. Each P1 login MyCO identity must be added to the group MyCO:admin.
  6. Each P2 login COmanage identity must be added to the group COmanage:admin.

Pre-Demo Checklist

  1. If P1 login also ordinarily has CMP Admin privileges (ie: is a member of COmanage:admin), remove the COmanage:admin group membership.
  2. Delete demo group MyCO:North American Researchers if it exists.
  3. Remove U2 login from MyCO and delete the organizational identity from the Demo IDMS.
  4. Delete any previous demo pages from the Demo Wiki.
  5. Remove U2 from the group MyCO:admin:TestCOU2.

Introduction (5 min)

  1. roll call
  2. validation of sound quality
  3. review of purpose of the demo
  4. pause for questions at end of every section

Domain and Language (10 min)

  1. show Intake and Enrollment flow diagrams
    1. "These are the most common paths for getting individuals in to a VO, based on our discussions to date"
    2. "How this is looks to the users of the CMP may vary. We'll look at what COmanage itself would look like out of the box, then look at how it might be implemented behind the scenes in a more branded, portal environment."
  2. Note that ideally, all this presupposes participating institutions are part of a federation

COmanage demo site (35 min)

Content

Standard Demo

Abbreviated Demo

User Perspective

  1. U1 logs in (talk about federated identity, eventually talk about Shib and/or Social Identity)
  2. display home identity, group membership, CO identity
  3. log in to wiki (observe that no password was required; used existing session)
  4. create a new group, "North American Researchers" (admin will need to manage the wiki to make "North American Researchers" a publicly usable group; talk here about app domestication)
  5. transition screenshare to P1 if appropriate

If performing U1:

  1. Perform steps 1-4
  2. Switch to P2

CO Admin Perspective

  1. P1 logs in as CO admin (see additional 4 menu items)
  2. invite and enroll U2 as user, make sure to add email address, and protectnetwork identity to the org identity. make sure to add a role in TestCOU2
  3. add U2 to group MyCO:Dokuwiki to allow Dokuwiki access
  4. show how extended attributes are set up
  5. show how COUs are managed
  6. add U2 to the group MyCO:admin:TestCOU2 (discuss COUs)
  7. transition screenshare to U2 if appropriate
  1. P2 logs in as CMP admin
  2. Explain difference between CO admin and CMP admin in terms of available functions
  3. If performing U2, steps 2-7

COU Admin Perspective

  1. U2 logs in
  2. show additional features as COU admin and how they can manage users in the COU (but not elsewhere)
  3. transition screenshare to P2 if appropriate

If performing U2:

  1. Perform steps 1-2
  2. Perform User Perspective steps 2-4
  3. Perform step 3

CO Platform Management

  1. P2 logs in
  2. show CO management
  3. show COmanage:admin and MyCO:admin groups, discuss admin permissions
  4. log in to wiki and show full list of users in their group
  5. show group made at the start of the demo in wiki, possibly create restricted wiki space, talk about real-time provisioning and deprovisioning

Perform steps 1-5

Other

Optional items if applicable to audience

  1. LDAP query
  2. REST API
  3. Discuss what kind of attributes an institution might need to release to make this useful

Closing (10 min)

  1. final questions
  2. review utility of the demo - was this useful?
  3. set up another call in 1-2 weeks to answer any questions that might have come up

Post-Demo Checklist

  1. If P1 login ordinarily has CMP Admin privileges (ie: is a member of COmanage:admin), but they were removed in the Pre-Demo Checklist, add a COmanage:admin group membership.
  2. Perform the cleanups described in the Pre-Demo Checklist so they don't have to be done next time
  • No labels