Overview

The COmanage Registry Data Model revolves around the CO Person, which conceptually represents one person associated with a CO.

  • A COmanage installation is referred to as a Collaboration Management Platform, or CMP.
  • A CMP is a multi-tenant installation, each tenant is referred to as a Collaborative Organization or CO.
  • The core operational record of a participant within the CO is the CO Person.
    • The CO Person record maintains information that is unique to a person within the CO, such as names and identifiers.
    • An individual person should only have one CO Person record within a CO.
    • However, an individual person may participate in multiple COs housed within the same CMP, and could therefore have multiple CO Person records (each isolated from the other) within the CMP.
  • In order for a person to become a CO Person, they must first have at least one Organizational Identity, which conceptually represents their identity as asserted by a "home" or "external" institution, such as their University or a social identity provider.
    • It is possible for Org Identity records to be pooled across all COs within the CMP, however this setting is deprecated and not recommended.
    • A person's external credentials (federated or social login information) are attached to the Organizational Identity, and typically used for access to the platform's services.
  • A CO Person record is created and one or more Org Identities are linked to it. 
  • A CO Person may have one or more CO Person Roles within the CO. A CO Person Role record maintains information that is unique to a role a person has within a CO, such as title and physical address.
    • For some use cases, it is necessary for the CO to manage credentials such as SSH Keys. In this case, these Authenticators attach to the CO Person.

There are two ways to create sets of CO People within a CO.

  • CO Groups are simple collections of CO People. Any CO Person can create a CO Group.
  • CO Units (or COUs) are intended to represent an organizational hierarchy, including delegation of CO Person administration. Only CO Administrators can create COUs.
    • When COUs are enabled, CO Person Roles are attached to COUs.

Registry Data Model Relationships

See Also: Understanding Registry People Types

Tables

Registry is a database oriented application, with quite a few tables under the hood. These tables fall into a few broad categories:

  • Primary Objects: Primary objects are those that directly relate to the primary purpose of Registry: storing information about people and other entities related to the organization. Example include CO Person and CO Departments.
  • Secondary Objects: Secondary objects store additional information about Primary objects, in particular when there is a many-to-one relationship. Examples include Name and Email Address. 
  • Configuration Objects: Configuration objects primarily relate to the behavior of the application.

Table Metadata

In addition to the column definitions available for each table below, all tables have additional columns used by the framework and supporting code. These columns include

  • Timestamps managed by Cake (created, modified)
  • Columns used in support of Changelog Behavior

Table Status

The statuses for each table are defined as

  • Stable: The table definition will not change in a backwards-incompatible manner across minor releases. Stable tables may only be removed in major releases.
  • Tentative: The table definition will likely become stable, but may change in a backwards-incompatible manner across minor and patch releases. Tentative tables may be refactored or removed without notice.
  • Experimental: No specific assertion is made about the stability of the table. It may be changed significantly or even removed without notice.
  • Obsolete: The table is no longer in use as of the specified version.
  • Not Implemented: The table definition is for planning purposes only.

Major, minor, and patch releases are as defined in semantic versioning.

Table Inventory


Table Name

Description

Status

Introduced
cm_authenticator_statusesAuthenticator StatusesTentativev3.1.0
cm_authenticators AuthenticatorsTentativev3.1.0
cm_certificate_authenticatorsCertificate AuthenticatorsExperimentalv3.1.0
cm_certificatesCertificatesExperimentalv3.1.0
cm_clustersClustersTentativev3.3.0

cm_cmp_enrollment_attributes

CMP enrollment attribute configuration

Tentative

v0.3

cm_cmp_enrollment_configurations

CMP enrollment configuration

Tentative

v0.3

cm_co_applications

Per-CO configured applications

Not Implemented


cm_co_changelog_provisioner_exports
Obsolete as of v0.8.2v0.8
cm_co_crowd_provisioner_targetsPer-CO Crowd provisioning target configurationsTentativev3.2.0
cm_co_dashboard_widgetsPer-CO Dashboard WidgetsTentativev3.2.0
cm_co_dashboardsPer-CO DashboardsTentativev3.2.0
cm_co_departmentsPer-CO departmentsTentativev3.1.0

cm_co_directory_permissions

Per-CO restrictions on publishing of directory information

Not Implemented


cm_co_email_address_widgetsPer-CO Email Address Widgets configurationExperimentalv4.1.0
cm_co_email_listsPer-CO email listsTentativev3.1.0

cm_co_enrollment_attributes

Per-CO enrollment flow attribute configurations

Stable

v0.3

cm_co_enrollment_attribute_defaults

Default values for CO enrollment flow attributes configuration

Stable

v0.8.1
cm_co_enrollment_authenticatorsAuthenticators attached to Enrollment FlowsExperimentalv3.3.0
cm_co_enrollment_clustersClusters attached to Enrollment FlowsTentativev3.3.0
cm_co_enrollment_flow_wedgesEnroller Plugins attached to Enrollment FlowsTentativev4.0.0

cm_co_enrollment_flows

Per-CO enrollment flow configurations

Stable

v0.3
cm_co_expiration_countsPer-CO expiration countsTentativev2.0.0

cm_co_expiration_policies

Per-CO expiration policies

Stable

v0.9.2

cm_co_extended_attributes

Per-CO extended attributes

Stable

v0.3

cm_co_extended_types

Per-CO attribute type configurations

Stable

v0.6

cm_co_fifer_servers

Per-CO FIFER services

Not Implemented


cm_co_github_provisioner_targets

Per-CO GitHub provisioning target configurations

Tentative

v0.9.1

cm_co_grouper_provisioner_groups

Per-CO per-Grouper target Grouper group map

Tentative

v0.8.3

cm_co_grouper_provisioner_targets

Per-CO Grouper provisioning target configurations

Tentative

v0.8.3
cm_co_group_nestingsPer-CO group nestingsTentativev3.3.0
cm_co_group_ois_mappingsPer-CO mappings from OIS records to group membershipsTentativev2.0.0

cm_co_homedir_provisioner_targets

Per-CO Home Directory provisioning target configurations

Experimental

v0.9

cm_co_identifier_assignments

Per-CO rules for identifier assignment

Stable

v0.6
cm_co_identifier_validatorsPer-CO identifier validatorsTentativev2.0.0
cm_co_jira_provisioner_targetsPer-CO Jira provisioning target configurationsTentativev4.0.0
cm_co_job_history_recordsPer-CO Job History RecordsTentativev2.0.0
cm_co_jobsPer-CO Job RecordsTentativev2.0.0

cm_co_ldap_provisioner_attr_groupings

Per-CO per-LDAP target attribute grouping definitions

Stable

v0.8

cm_co_ldap_provisioner_attributes

Per-CO per-LDAP target attribute definitions

Stable

v0.8

cm_co_ldap_provisioner_dns

Per-CO per-LDAP target DN map

Stable

v0.8

cm_co_ldap_provisioner_targets

Per-CO LDAP provisioning target configurations

Stable

v0.8
cm_co_ldap_service_token_provisioner_targetsPer-CO Per-LDAP target service token provisioning configurationsExperimentalv2.0.0

cm_co_localizations

Per-CO Text Localizations

Stable

v0.8.3
cm_co_mailman_listsPer-CO Mailman ListsTentativev3.1.0
cm_co_mailman_provisioner_targetsPer-CO Mailman provisioning target configurationsTentativev3.1.0
cm_co_message_templatesPer-CO Message TemplatesTentativev2.0.0
cm_co_mid_point_provisioner_targetsPer-CO MidPoint provisioning target configurationExperimentalV3.3.0

cm_co_name_identifier_assignments

Per-Identifier tracking of assigned name-based sequences

Obsolete


cm_co_navigation_links

Per-CO Navigation Links

Stable

v0.8.2
cm_co_notifications_widgetsPer-CO Notifications Widgets configurationTentativev3.2.0

cm_co_notifications

Per-CO Notifications

Stable

v0.8.4

cm_co_nsf_demographics

Demographics for statistics

Stable

v0.3

cm_co_org_identity_links

Per-CO link to org identity

Stable

v0.3

cm_co_person_roles

Per-CO person role identity

Stable

v0.3

cm_co_petition_attributes

Per-CO enrollment petition attributes

Stable

v0.3

cm_co_petition_history_records

Per-CO enrollment petition history records

Stable

v0.3

cm_co_petitions

Per-CO enrollment petitions

Stable

v0.3
cm_co_pipelinesPer-CO pipelinesTentativev2.0.0

cm_co_provisioning_counts

Per-provisioning target job execution counts

Stable

v4.3.0

cm_co_provisioning_exports

Per-CO provisioning target export record

Stable

v0.8.2

cm_co_provisioning_queued_events

Per-CO provisioning events to process

Not Implemented, replaced by cm_co_jobs

v0.8
cm_co_provisioning_target_filters

Data Filters attached to CO Provisioning Targets

Tentativev3.3.0

cm_co_provisioning_targets

Per-CO provisioning targets

Stable

v0.8
cm_co_recovery_widgetsPer-CO Recovery Widgets configurationExperimentalv4.1.0

cm_co_role_assignments

Per-CO person role assignments

Not Implemented


cm_co_role_groups

Per-CO group memberships implied by role

Not implemented


cm_co_roles

Per-CO role definitions

Not Implemented


cm_co_salesforce_provisioner_targets

Per-CO Salesforce provisioning target configurations

Tentativev3.2.0

cm_co_self_service_permissions


Stable

v0.9

cm_co_sequential_identifier_assignments

Per-Identifier tracking of next values for sequentially assigned identifiers

Stable

v0.6
cm_co_service_token_settingsPer-CO service token settingsObsolete as of v3.3.0v2.0.0
cm_co_service_tokensPer-CO service tokensObsolete as of v3.3.0v2.0.0
cm_co_servicesPer-CO ServicesTentativev2.0.0

cm_co_settings

Per-CO Settings

Stable

v0.9.1
cm_co_sql_provisioner_targetsPer-CO SQL provisioning target configurationsTentativev3.3.0

cm_co_t_and_c_agreements

Per-CO Person agreements to terms and conditions

Stable

v0.8.3

cm_co_terms_and_conditions

Per-CO terms and conditions

Stable

v0.8.3
cm_co_themesPer-CO themesTentativev2.0.0
cm_co_url_widgetsPer-CO URL Widgets configurationTentativev3.2.0

cm_configuration

COordinate configuration values

Obsolete


cm_configuration_labelsPer-CO Configuration LabelsExperimentalv4.4.0
cm_contacts

Contact Records intended to track information for Contacts that are not otherwise registered in Registry

Experimentalv4.4.0
cm_core_apisCore APIsTentativev4.0.0

cm_cous

Definitions of (virtual) organization units

Stable

v0.3
cm_data_filtersData FiltersTentativev3.3.0
cm_data_scrubber_filter_attributesPer-CO Data Scrubber Filter AttributesTentativev4.1.0
cm_data_scrubber_filtersPer-CO Data Scrubber FiltersTentativev4.1.0
cm_dictionariesDictionariesTentativev4.0.0
cm_dictionary_entriesDictionary EntriesTentativev4.0.0
cm_dictionary_identifier_validatorsDictionary Identifier Validator configurationsTentativev4.0.0
cm_dictionary_vettersDictionary VettersExperimentalv4.1.0
cm_elector_data_filter_precedencesPer-CO Elector Data Filter Precedence RulesExperimentalv4.1.0
cm_elector_data_filtersPer-CO Elector Data FiltersExperimentalv4.1.0
cm_email_address_widget_verificationsEmail Address Self Service Dashboard Widget VerificationsExperimentalv4.1.0

cm_email_addresses

Email Addresses

Stable

v0.2

cm_fiddle_enrollers

Fiddle Enrollers

Experimental

v4.4.0
cm_group_filter_rulesGroup Filter RulesExperimentalv3.3.0
cm_group_filtersGroup FiltersTentativev3.3.0
cm_group_name_filtersGroup Name FiltersTentativev3.3.0

cm_history_records

Transaction history (human readable)

Stable

v0.7
cm_http_serversHTTP ServersTentativev3.2.0
cm_identifier_enroller_identifiersIdentifiers to be collected by an Identifier EnrollerExperimentalv4.0.0
cm_identifier_enrollersIdentifier EnrollersExperimentalv4.0.0

cm_identifiers

Person identifiers, from organizational source

Stable

v0.2
cm_identity_documentsIdentity DocumentsTentativev4.0.0
cm_kafka_serversKafka ServersExperimentalv4.0.0
cm_kdc_serversKerberos KDC ServersTenativev4.4.0
cm_ldap_identifier_validatorsLDAP Identifier Validator configurationsTentativev2.0.0
cm_ldap_serversLDAP ServersTentativev3.2.0
cm_locksProcess LocksTentativev3.3.0
cm_match_server_attributesID Match Server AttributesTentativev4.0.0
cm_match_serversID Match ServersTentativev3.3.0
cm_meem_enrollersMEEM EnrollersExperimentalv4.0.0
cm_meem_mfa_statusesMEEM MFA StatusExperimentalv4.0.0
cm_metaMeta (platform) informationTentativev0.9.4

cm_names

Names

Stable

v0.2
cm_namespace_assigner_settingsNamespace Assigner SettingsExperimentalv4.1.0
cm_nationality_enrollersNationality EnrollersTentativev4.0.0

cm_navigation_links

Navigation Links

Stable

v0.8.2
cm_oauth2_serversOAuth2 ServersTentativev3.2.0

cm_org_identities

Person identity, from organizational source

Stable

v0.3
cm_organizationsDefinitions of (external) organizationsTentativev4.0.0

cm_organizations (obsolete)

Definitions of (real) organizations

Obsolete as of v2.0.0

v0.2
cm_password_authenticatorsPassword AuthenticatorsExperimentalv3.1.0
cm_password_reset_tokensPassword Reset TokensObsolete as of v4.1.0v4.0.0
cm_passwordsPasswordsExperimentalv3.1.0

cm_permissions

Permissions for COoordinate

Not Implemented


cm_privacy_idea_authenticatorsPrivacy IDEA AuthenticatorsExperimentalv4.0.0
cm_regex_identifier_validatorsRegex Identifier Validator configurationsTentativev2.0.0
cm_serversServersTentativev3.2.0
cm_service_eligibilitiesService EligibilitiesExperimentalv4.1.0
cm_service_eligibility_enrollers

Service Eligibility Enrollers

Experimentalv4.1.0
cm_service_eligibility_settingsService Eligibility Enroller SettingsExperimentalv4.1.0
cm_sponsor_manager_settingsSponsor Manager SettingsExperimentalv4.1.0
cm_sql_serversSQL ServersTentativev3.2.0
cm_ssh_key_authenticatorsSSH Key AuthenticatorsTentativev3.3.0

cm_ssh_keys

SSH keys

Stable

v0.9

cm_telephone_numbers

Telephone numbers

Stable

v0.2

cm_test_enrollers

Test EnrollersExperimentalv4.0.0
cm_totp_tokensTOTP TokensExperimentalv4.0.0
cm_unix_cluster_accountsUnix Cluster AccountsTentativev3.3.0
cm_unix_cluster_groupsUnix Cluster GroupsTentativev3.3.0
cm_unix_clustersUnix ClustersTentativev3.3.0
cm_urlsURLsTentativev3.1.0
cm_vetting_requestsVetting RequestsExperimentalv4.1.0
cm_vetting_resultsVetting ResultsExperimentalv4.1.0
cm_vetting_stepsVetting StepsExperimentalv4.1.0
cm_visual_compliance_vettersVisual Compliance VettersExperimentalv4.1.0

Table Inventory

OR

Core Tables

PRIMARY OBJECTS

Primary objects are those that directly relate to the primary purpose of Registry: storing information about people and other entities related to the organization. Examples include CO Person and CO Departments.

SECONDARY OBJECTS

Secondary objects store additional information about Primary objects, in particular when there is a many-to-one relationship. Examples include Name and Email Address. 

CONFIGURATION OBJECTS

Configuration objects primarily relate to the behavior of the application.

OTHER CORE OBJECTS

Plugin Tables

Tables for Available Plugins will not be created until the Plugin is activated.