Generalized top level use case for COmanage
Research groups from Oxford University, Harvard University, and several other notable institutions form a collaboration to solve world hunger. Each institution manages the identity of the researchers associated with that institution, including authentication and attribute information, the local provisioning and deprovisioning of the user account. The collaboration cannot be housed under any one institution; it must form a separate "virtual" organization. The virtual organization relies on the information about the researchers as derived from the member institutions. Administrators of the virtual organization are responsible for authorization based on group information which may or may not be derived from information received from the member institutions; some of it may come from within the VO itself. The information in the virtual organization will in turn automatically populate/provision mailing lists, wiki space, groups, and domain science applications.
Administrators and power users will have an interface through which to manage the VO-specific groups and invitations to new researchers to join the VO. Standard users will only see that they use their home institution's credentials to log in, and that they are already provisioned in the appropriate mailing lists, wiki space, and so on.
When a researcher leaves one of the associated institutions, and that institution deprovisions their account, that information will automatically feed back to the VO which will in turn automatically deprovision their access to the VO space.