Deploying COmanage Registry by itself won't necessarily solve very many problems. As an identity lifecycle management tool, utility comes in integrating Registry with other components, with data sources, and with end-user applications. There is a wide variety of possible deployment configurations, where the right answer for any given deployment will depend on the current environment and future goals. This guide can't provide the best solution for your specific deployment, but it can provide general guidance and overviews of common deployment patterns.
The primary purpose of COmanage Registry is to provide lifecycle management over person identities associated with your organization. In the simplest case, these identities are created and manage from within registry itself. In the more complex (and typical) cases, components of an individual's overall identity can come from multiple sources, including campus databases, institutional partners, and social identity providers. It Is Registry's responsibility to merge these data sources together and to create a single view of the individual's identity within the organization.
Depending on the requirements of your organization you may want to deploy some additional components alongside Registry, including
- An LDAP server, such as OpenLDAP or389.
- A Group registry, such as Grouper.
- An Identity Match service, such as the one under development by TIER.
- A Provisioning engine, such as Apache Syncope or midPoint.
- A Message Bus, such as RabbitMQ.
While the COmanage project recommends the use of Open Source software, integration with commercial products is also possible.
Common Deployment Patterns
- Virtual Organization
- Enterprise/University Registry
- Guest Management System
- Campus Hosted Virtual Organization Platform