Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 Perun  is an identity and access management system that covers management of the whole user life cycle. Its key features are virtual organisation management, user and group management, resource management and service management. Perun has been designed to work in distributed and federated environments.


  • Licence: FreeBSD licence

  • Open source project available at https://github.com/CESNET/Perun

  • Developed by CESNET and Masaryk University in Brno, Czech Republic


Table of Contents

Features

  • Complete VO and group management

  • Identity consolidation (account linking)

  • Push mechanism for authorisation data delivery (delivering ACLs, group information to services using push)

  • Pull mechanism for authorisation data delivery via LDAP and AA

  • Provisioning/de-provisioning of the user rights on services

  • Enrolment management (customisable application forms, various enrolment flows)

  • Delegation support for VO and group management

  • Security teams support (global user banning)

  • Import and synchronisation of users/groups with existing identity and group management systems

  • Homeless users

  • Different Levels of Assurance

  • Flexible and scalable attribute release policies

  • Persistent and unique user identifiers

  • Browser & non-browser based federated access

  • Social media identities

  • Effective accounting

  • Integration with e-Government infrastructures (Ready to be supported)

Supported Standards

  •  VOOT

  • SAML2 IdP and AA (via Shibboleth IdP)

  • Various authentication protocols, primarily used in enrolment management (via Apache AuthN modules)

  • LDAP

User Interfaces and APIs

  • Web-based GUI

  • Command-line interface

  • REST-like API

  • Libraries: PHP , Perl, JavaScript and Java

Support for Virtual Organisations

  • Supports multiple VOs

  • Delegated administration of VOs and groups/subgroups

  • Does not support hierarchical VOs, but supports VO to VO synchronization

  • Support for VO registration (customizable VO application forms)

  • Support for management of resources allocated to VOs