Introduction: CO versus COU
This document seeks to clarify the difference between a Collaborative Organization (CO) and a Collaborative Organization Unit (COU), and why a COU is more than just a group. In short, a CO is the parent organization, and the COU are the departments and working groups covered to some extent by the policies and procedures of the CO. It is the concept of groups combined with enrollment workflows, assurance levels, and the management of data and processes at different levels.
CO: A collection of people collaborating together with a common workflow for adding additional collaborators and with common policies for vetting the identities of collaborators. Virtual organizations are one possible form of Collaborative Organization. A CO provides the essential IT infrastructure supporting collaborations between people so that the traditional limitations of localized applications may be overcome.
COU: The COU is an optional construct to allow you to define an organizational structure within a CO. (e.g., a self-contained collection or department within a CO; alternatively, a collection of privileges within a CO). The workflow for enrolling people may have details specific to a COU.
If your collaboration–a single entity with common goals–has unique requirements among the different groups and/or departments regarding how participants will join those parts of your collaborations, then, you have a CO that contains COUs. If you have only one common set of policies that define how individuals are added or removed from the CO, then you do not have COU even though you may have groups for simple access control.
A CO versus a COU - A Use Case
LIGO is a virtual organization with a concrete goal (discovering gravitational waves) and specific large equipment (the detectors) to help reach that goal. LIGO, however, is not a uniform, flat organization. Within LIGO, there are several smaller organizations. These smaller organizations have specific needs regarding how new people join in their groups, and yet, these smaller organizations all have something in common - the parent organization of LIGO, where access to the equipment and the data is controlled, where agreements may be signed with new organizations wanting to be a part of (or a partner of) LIGO.
In the diagram below, the LIGO Labs is a CO. It contains the default identity management system for members of the LIGO Labs. Within the LIGO Labs, there are COU with very specific on-boarding and off-boarding policies, unique access controls, and so on.