You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

 

Functional Architecture VO membership Service

source: VOpaas_architecture_v2.odp

 

 

COmanage

COmanage delivers the VO Membership service which features:

  • a registry for VO persistent Identifier
  • VO specific Workflows for onboarding
  • Limited set of attributes
  • Accessible through eduGAIN & extIDp

COmanage uses an internal MySQL database (CO-DB). In addition it provisions towards a separate AA-DB database using a provisioning adapter which will be used to push information towards the SAML and VOOT Attribute Authorities.

Next to the CO-DB and AA-DB, a ACL-DB is filled to let the VO managers select which SPs should get what data from the VO. THis information is used to filter the data in the AAs.

SAML AA

The SAML AA implements the SAML attribute Query protocol. It is basically a Shibboleth IdP which reads attribute data from MySQL.
(Example implementation, see https://wiki.surfnet.nl/display/ORCIDAA/Technical+Setup, chapter 2)

 

VOOT AA

the VOOT AA is a RESTfull, OAuth2 shielded resource providing group and attribute information using the VOOT protocol. Example implementation (https://github.com/OpenConextApps/php-voot-provider)

As its resource the AA-DB and ACL-db are used. To manage autherization, APIS can be used, however, for the pilots, it is proposed to use basic authentication (which is provided by the php-voot-provider by default)

 

 

  • No labels