Comanage Working Group
2010 FMM in Atlanta, 1-Nov-2010
http://events.internet2.edu/2010/fall-mm/agenda.cfm?go=session&id=10001467&event=1159
Overview
Heather Flanagan, Working Group Chair, welcomed the group.
In August, the Internet2 Middleware Initiative was awarded an NSF grant, which started Sept 1, 2010. This grant will serve to fund much of the COmanage efforts for the next three years. The grant is titled "SDCI Sec Improvement: Building from Bedrock: Infrastructure Improvements for Collaboration and Science"http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=1032468
Specific VOs to be addressed first under the grant include LIGO and iPlant.
Other VOs involved in the grant include Neon and OOI. Their needs will be addressed when they are ready to move forward.
The COmanage wiki and website have recently been revamped. Heather thanked Steve Olshansky for his help.
There is new use case library at https://spaces.at.internet2.edu/display/COmanage/Use+Case+Library
The COmanage service offering isn't going to be available in the short-term. There is some interest in it, but there are questions around where it would be housed and what the service model would be.
The initial emphasis will be on getting collaboration infrastructure working for LIGO and iPlant.
Background on COmanage
The concept for COmanage started 3-4 years ago to answer the question of how to build a collaboration platform to tie together Internet2 Middleware products (Shibboleth, Grouper etc.) as well as other tools researchers use for collaboration.
Michael Gettes was the original developer and set up a mockup instance. That was a great proof of concept.
There was an attempt to develop a downloadable COmanage instance, a VM. This became a sys admin challenge rather than a collab solution. It became too big a problem for the available resources, and was shelved for the time being.
Today the focus is on solutions that groups like LIGO can stand up and manage themselves at their own institutions.
Benn's Overview
Benn Oshrin started working with the COmanage project 5-6 mos ago.
Benn has developed COmanage mockups of the COmanage COnsole. This would be a UI for managing collaboration platform users, permissions, etc. The mockups are linked from the COmanage Gears section of the wiki:
https://spaces.at.internet2.edu/display/COmanage/Home
Reference architecture is seen on the wiki:
https://spaces.at.internet2.edu/display/COmanage/Reference+Architecture
Benn has also worked on a glossary to standardize terminology:
https://spaces.at.internet2.edu/display/COmanage/Glossary
Under the COmanage brand, the space has been divided into several products:
- COmanage Gears - the technical piece dealing with identity management, including Grouper for group management, SAML (or OpenID) for authentication etc., possibly channeling thru a portal.
- Domestication of Applications
- Integration
There are 3 roles/levels of authorization in COmanage:
Random participant - generally just access the applications
Collaboration admin ("Collabmin") - can invite a new participant
COmanage admin - can provision a new collaboration environment
Details on the roles and their capabilities are found here:
https://spaces.at.internet2.edu/display/COmanage/Roles
Discussion (led by Heather)
Q: Is the work that has been described on target? Is it the kind of thing you are looking for?
Comment: Looks nice, looks like a solution to a problem a lot of us have.
Heather noted that specific use cases still need to be documented. Contributions to the use case library are encouraged.
The generalized top level use case for COmanage deals with multi-institutional collaboration. We also want to be sure the use case library reflects he needs of smaller VOs. Ensuring that domain applications work well is a priority, beyond the authentication and authorization issues.
There have been requests to design a system that will automatically infom certain collaboration members (based on their profile information) when particular data sets of interest become available. iPlant and possibly other VOs have an interest in this. This is an interesting use case.
Ken: One issue in this space is that researchers are being asked to develop and maintain their profile in too many places -- for multiple institutions and VOs. How should COmanage approach this question of profile management, identity management, and taxonomy management?
Ken: A related issue is the effort to tackle disambiguation of authors. One effort looking at this issue is ORCID.
http://www.orcid.org/
Benn: What sort of technical expertise will folks who download the ultimate COmanage package most likely possess?
A: This will vary significantly from site to site
Q: Do researchers still tend to sometimes be suspicious of Google Apps?
Response: Google apps are not set up to handle domain apps, needed for hard science collaborations.
Suggestion: On the COmanage reference architecture diagram, add an area for domain apps.
Researchers want to get their science done. They want it to be efficient and quick.
StevenC: In some areas, outside the hard sciences, the domain apps are not as big a concern.
At the last Internet2 Spring Member Meeting, there was a presentation from Pepperdine showing a method of creating a front door to Google Apps and other applications. http://www.internet2.edu/presentations/spring10/20100427-googleapps-gautsch.pdf
Q: Use of Google apps, is that generic or is it just Google apps? Is there another vendor doing what Google does?
A: People are referring to Google apps, plus the cloud in general.
Q: Should COmanage handle administration of grant research in addition to the research itself? Should we connect to FastLane?
Comment: There are fears about identities leaking out. As always, solid authenticiation and authorization is crucial.
Q: What about feeds from the student systems into the VO? Do we hae a use case for that? What about attributes that get carried along, and FERPA concerns?
Q: The Dutch are embracing the OpenSocial environment in their collab platform work. To what extent should COmanage incorporate friendly, "Facebook-like" (thumbs-up thumbs-down) type features? Also, how important is it to include other forms of idenity: Facebook and Open ID?
Comment: At Univ of Iowa, there is an interinstitutional research effort in which many people have IDs at AOL.
A fairly small population uses IDs from institutions that are InCommon members.
Comment: It will be necessary to faciliate access to the VO with various IDs
Other COmanage-related Sessions at FMM
VO/CO Topics - Interinstitutional Research and Collaboration Approaches:
http://events.internet2.edu/2010/fall-mm/agenda.cfm?go=session&id=10001349&event=1159
Domestication Stories:
http://events.internet2.edu/2010/fall-mm/agenda.cfm?go=session&id=10001348&event=1159