Page tree
Skip to end of metadata
Go to start of metadata

Overview

The COmanage Registry Data Model revolves around the CO Person, which conceptually represents one person associated with a CO.

  • A COmanage installation is referred to as a Collaboration Management Platform, or CMP.
  • A CMP is a multi-tenant installation, each tenant is referred to as a Collaborative Organization or CO.
  • The core operational record of a participant within the CO is the CO Person.
    • The CO Person record maintains information that is unique to a person within the CO, such as names and identifiers.
    • An individual person should only have one CO Person record within a CO.
    • However, an individual person may participate in multiple COs housed within the same CMP, and could therefore have multiple CO Person records (each isolated from the other) within the CMP.
  • In order for a person to become a CO Person, they must first have at least one Organizational Identity, which conceptually represents their identity as asserted by a "home" or "external" institution, such as their University or a social identity provider.
    • It is possible for Org Identity records to be pooled across all COs within the CMP, however this setting is deprecated and not recommended.
    • A person's external credentials (federated or social login information) are attached to the Organizational Identity, and typically used for access to the platform's services.
  • A CO Person record is created and one or more Org Identities are linked to it. 
  • A CO Person may have one or more CO Person Roles within the CO. A CO Person Role record maintains information that is unique to a role a person has within a CO, such as title and physical address.
    • For some use cases, it is necessary for the CO to manage credentials such as SSH Keys. In this case, these Authenticators attach to the CO Person.

There are two ways to create sets of CO People within a CO.

  • CO Groups are simple collections of CO People. Any CO Person can create a CO Group.
  • CO Units (or COUs) are intended to represent an organizational hierarchy, including delegation of CO Person administration. Only CO Administrators can create COUs.
    • When COUs are enabled, CO Person Roles are attached to COUs.

Registry Data Model Relationships

See Also: Understanding Registry People Types

Tables

Registry is a database oriented application, with quite a few tables under the hood. These tables fall into a few broad categories:

  • Primary Objects: Primary objects are those that directly relate to the primary purpose of Registry: storing information about people and other entities related to the organization. Example include CO Person and CO Departments.
  • Secondary Objects: Secondary objects store additional information about Primary objects, in particular when there is a many-to-one relationship. Examples include Name and Email Address. 
  • Configuration Objects: Configuration objects primarily relate to the behavior of the application.

Table Metadata

In addition to the column definitions available for each table below, all tables have additional columns used by the framework and supporting code. These columns include

  • Timestamps managed by Cake (created, modified)
  • Columns used in support of Changelog Behavior

Table Status

The statuses for each table are defined as

  • Stable: The table definition will not change in a backwards-incompatible manner across minor releases. Stable tables may only be removed in major releases.
  • Tentative: The table definition will likely become stable, but may change in a backwards-incompatible manner across minor and patch releases. Tentative tables may be refactored or removed without notice.
  • Experimental: No specific assertion is made about the stability of the table. It may be changed significantly or even removed without notice.
  • Obsolete: The table is no longer in use as of the specified version.
  • Not Implemented: The table definition is for planning purposes only.

Major, minor, and patch releases are as defined in semantic versioning.

Table Inventory

Table Name

Table Name (v5.0.0+)

Description

Category

Status

Introduced
cm_ad_hoc_attributes
Ad Hoc Attributes
Tentativev3.3.0

cm_addresses


Addresses


Stable

v0.2
cm_co_announcement_channels
Per-CO Announcement Channels
Tentativev3.2.0
cm_co_announcements
Per-CO Announcements
Tentativev3.2.0
cm_co_announcements_widgets
Per-CO Announcements Widgets configuration
Tentativev3.2.0
cm_api_source_records
API Source Record Cache
Experimentalv3.3.0
cm_api_sources
API Organizational Identity Sources
Experimentalv3.3.0

cm_api_users

api_users

API (Programmatic) Users

Configuration

Tentative

v0.2

cm_applications


Known applications


Not Implemented, replaced by co_services


cm_attribute_enumerations
Attribute enumerations (per-CO or platform wide)
Tentativev2.0.0
cm_authentication_events
Registry authentication events
Tentativev2.0.0
cm_authenticator_statuses
Authenticator Statuses
Tentativev3.1.0
cm_authenticators 
Authenticators
Tentativev3.1.0
cm_certificate_authenticators
Certificate Authenticators
Experimentalv3.1.0
cm_certificates
Certificates
Experimentalv3.1.0
cm_clusters
Clusters
Tentativev3.3.0

cm_cmp_enrollment_attributes


CMP enrollment attribute configuration


Tentative

v0.3

cm_cmp_enrollment_configurations


CMP enrollment configuration


Tentative

v0.3

cm_co_applications


Per-CO configured applications


Not Implemented


cm_co_changelog_provisioner_exports


Obsolete as of v0.8.2v0.8

cm_co_changelog_provisioner_targets


Per-CO Changelog provisioning target configurations


Tentative

v0.8
cm_co_crowd_provisioner_targets
Per-CO Crowd provisioning target configurations
Tentativev3.2.0
cm_co_dashboard_widgets
Per-CO Dashboard Widgets
Tentativev3.2.0
cm_co_dashboardsdashboardsPer-CO DashboardsConfigurationTentativev3.2.0
cm_co_departments
Per-CO departments
Tentativev3.1.0

cm_co_directory_permissions


Per-CO restrictions on publishing of directory information


Not Implemented


cm_co_email_lists
Per-CO email lists
Tentativev3.1.0

cm_co_enrollment_attributes


Per-CO enrollment flow attribute configurations


Stable

v0.3

cm_co_enrollment_attribute_defaults


Default values for CO enrollment flow attributes configuration


Stable

v0.8.1
cm_co_enrollment_authenticators
Authenticators attached to Enrollment Flows
Experimentalv3.3.0
cm_co_enrollment_clusters
Clusters attached to Enrollment Flows
Tentativev3.3.0
cm_co_enrollment_flow_wedges
Enroller Plugins attached to Enrollment Flows
Tentativev4.0.0

cm_co_enrollment_flows


Per-CO enrollment flow configurations


Stable

v0.3
cm_co_enrollment_sources
Organizational Identity Sources attached to Enrollment Flows
Experimentalv2.0.0
cm_co_expiration_counts
Per-CO expiration counts
Tentativev2.0.0

cm_co_expiration_policies


Per-CO expiration policies


Stable

v0.9.2

cm_co_extended_attributes


Per-CO extended attributes


Stable

v0.3

cm_co_extended_types


Per-CO attribute type configurations


Stable

v0.6

cm_co_fifer_servers


Per-CO FIFER services


Not Implemented


cm_co_github_provisioner_targets


Per-CO GitHub provisioning target configurations


Tentative

v0.9.1

cm_co_grouper_provisioner_groups


Per-CO per-Grouper target Grouper group map


Tentative

v0.8.3

cm_co_grouper_provisioner_targets


Per-CO Grouper provisioning target configurations


Tentative

v0.8.3

cm_co_groups


Per-CO groups


Stable

v0.2

cm_co_group_members


Per-CO group memberships


Stable

v0.2
cm_co_group_nestings
Per-CO group nestings
Tentativev3.3.0
cm_co_group_ois_mappings
Per-CO mappings from OIS records to group memberships
Tentativev2.0.0

cm_co_homedir_provisioner_targets


Per-CO Home Directory provisioning target configurations


Experimental

v0.9

cm_co_identifier_assignments


Per-CO rules for identifier assignment


Stable

v0.6
cm_co_identifier_validators
Per-CO identifier validators
Tentativev2.0.0

cm_co_invites


Per-CO invitations to join


Tentative

v0.1
cm_co_job_history_records
Per-CO Job History Records
Tentativev2.0.0
cm_co_jobs
Per-CO Job Records
Tentativev2.0.0

cm_co_ldap_provisioner_attr_groupings


Per-CO per-LDAP target attribute grouping definitions


Stable

v0.8

cm_co_ldap_provisioner_attributes


Per-CO per-LDAP target attribute definitions


Stable

v0.8

cm_co_ldap_provisioner_dns


Per-CO per-LDAP target DN map


Stable

v0.8

cm_co_ldap_provisioner_targets


Per-CO LDAP provisioning target configurations


Stable

v0.8
cm_co_ldap_service_token_provisioner_targets
Per-CO Per-LDAP target service token provisioning configurations
Experimentalv2.0.0

cm_co_localizations


Per-CO Text Localizations


Stable

v0.8.3
cm_co_mailman_lists
Per-CO Mailman Lists
Tentativev3.1.0
cm_co_mailman_provisioner_targets
Per-CO Mailman provisioning target configurations
Tentativev3.1.0
cm_co_message_templates
Per-CO Message Templates
Tentativev2.0.0
cm_co_mid_point_provisioner_targets
Per-CO MidPoint provisioning target configuration
ExperimentalV3.3.0

cm_co_name_identifier_assignments


Per-Identifier tracking of assigned name-based sequences


Obsolete


cm_co_navigation_links


Per-CO Navigation Links


Stable

v0.8.2
cm_co_notifications_widgets
Per-CO Notifications Widgets configuration
Tentativev3.2.0

cm_co_notifications


Per-CO Notifications


Stable

v0.8.4

cm_co_nsf_demographics


Demographics for statistics


Stable

v0.3

cm_co_org_identity_links


Per-CO link to org identity


Stable

v0.3

cm_co_people


Per-CO person identity


Stable

v0.2

cm_co_person_roles


Per-CO person role identity


Stable

v0.3

cm_co_person_sources


Per-CO link from person to org person


Obsolete as of v0.3

v0.2

cm_co_petition_attributes


Per-CO enrollment petition attributes


Stable

v0.3

cm_co_petition_history_records


Per-CO enrollment petition history records


Stable

v0.3

cm_co_petitions


Per-CO enrollment petitions


Stable

v0.3
cm_co_pipelines
Per-CO pipelines
Tentativev2.0.0

cm_co_provisioning_exports


Per-CO provisioning target export record


Stable

v0.8.2

cm_co_provisioning_queued_events


Per-CO provisioning events to process


Not Implemented, replaced by cm_co_jobs

v0.8
cm_co_provisioning_target_filters

Data Filters attached to CO Provisioning Targets


Tentativev3.3.0

cm_co_provisioning_targets


Per-CO provisioning targets


Stable

v0.8

cm_co_role_assignments


Per-CO person role assignments


Not Implemented


cm_co_role_groups


Per-CO group memberships implied by role


Not implemented


cm_co_roles


Per-CO role definitions


Not Implemented


cm_co_salesforce_provisioner_targets

Per-CO Salesforce provisioning target configurations


Tentativev3.2.0

cm_co_self_service_permissions




Stable

v0.9

cm_co_sequential_identifier_assignments


Per-Identifier tracking of next values for sequentially assigned identifiers


Stable

v0.6
cm_co_service_token_settings
Per-CO service token settings
Obsolete as of v3.3.0v2.0.0
cm_co_service_tokens
Per-CO service tokens
Obsolete as of v3.3.0v2.0.0
cm_co_services
Per-CO Services
Tentativev2.0.0

cm_co_settings


Per-CO Settings


Stable

v0.9.1
cm_co_sql_provisioner_targets
Per-CO SQL provisioning target configurations
Tentativev3.3.0

cm_co_t_and_c_agreements


Per-CO Person agreements to terms and conditions


Stable

v0.8.3

cm_co_terms_and_conditions


Per-CO terms and conditions


Stable

v0.8.3
cm_co_themes
Per-CO themes
Tentativev2.0.0
cm_co_url_widgets
Per-CO URL Widgets configuration
Tentativev3.2.0

cm_configuration


COordinate configuration values


Obsolete


cm_cos

cos

Definitions of (virtual) organizations

Configuration

Stable

v0.2

cm_cous

cous

Definitions of (virtual) organization units

Configuration

Stable

v0.3
cm_data_filters
Data Filters
Tentativev3.3.0
cm_dictionaries
Dictionaries
Tentativev4.0.0
cm_dictionary_entries
Dictionary Entries
Tentativev4.0.0
cm_dictionary_identifier_validators
Dictionary Identifier Validator configurations
Tentativev4.0.0

cm_email_addresses


Email Addresses


Stable

v0.2
cm_env_sources
Env Organizational Identity Sources
Experimentalv3.1.0
cm_file_sources
File Organizational Identity Sources
Experimentalv2.0.0
cm_group_filter_rules
Group Filter Rules
Experimentalv3.3.0
cm_group_filters
Group Filters
Tentativev3.3.0
cm_group_name_filters
Group Name Filters
Tentativev3.3.0

cm_history_records


Transaction history (human readable)


Stable

v0.7
cm_http_servers
HTTP Servers
Tentativev3.2.0
cm_identifier_enroller_identifiers
Identifiers to be collected by an Identifier Enroller
Experimentalv4.0.0
cm_identifier_enrollers
Identifier Enrollers
Experimentalv4.0.0

cm_identifiers


Person identifiers, from organizational source


Stable

v0.2
cm_identity_documents
Identity Documents
Tentativev4.0.0
cm_kafka_servers
Kafka Servers
Experimentalv4.0.0
cm_ldap_identifier_validators
LDAP Identifier Validator configurations
Tentativev2.0.0
cm_ldap_servers
LDAP Servers
Tentativev3.2.0
cm_ldap_sources
LDAP Organizational Identity Sources
Experimentalv2.0.0
cm_locks
Process Locks
Tentativev3.3.0
cm_match_servers
ID Match Servers
Tentativev3.3.0
cm_meem_enrollers
MEEM Enrollers
Experimentalv4.0.0
cm_meem_mfa_statuses
MEEM MFA Status
Experimentalv4.0.0
cm_meta
Meta (platform) information
Tentativev0.9.4

cm_names


Names


Stable

v0.2
cm_nationality_enrollers
Nationality Enrollers
Tentativev4.0.0

cm_navigation_links


Navigation Links


Stable

v0.8.2
cm_net_forum_sources
netFORUM Organizational Identity Sources
Experimentalv2.0.0
cm_oauth2_servers
OAuth2 Servers
Tentativev3.2.0
cm_orcid_sources
ORCID Organizational Identity Sources
Tentative as of v3.2.0v2.0.0

cm_org_identities


Person identity, from organizational source


Stable

v0.3
cm_org_identity_source_records
Cached records from external org identity sources
Experimentalv2.0.0
cm_org_identity_sources
External sources of organizational identities
Experimentalv2.0.0
cm_organizations
Definitions of (external) organizations
Tentativev4.0.0

cm_organizations (obsolete)


Definitions of (real) organizations


Obsolete as of v2.0.0

v0.2
cm_password_authenticators
Password Authenticators
Experimentalv3.1.0
cm_passwords
Passwords
Experimentalv3.1.0

cm_permissions


Permissions for COoordinate


Not Implemented


cm_privacy_idea_authenticators
Privacy IDEA Authenticators
Experimentalv4.0.0
cm_regex_identifier_validators
Regex Identifier Validator configurations
Tentativev2.0.0
cm_salesforce_sources
Salesforce Organizational Identity Sources
Experimentalv3.1.0
cm_servers
Servers
Tentativev3.2.0
cm_sql_servers
SQL Servers
Tentativev3.2.0
cm_ssh_key_authenticators
SSH Key Authenticators
Tentativev3.3.0

cm_ssh_keys


SSH keys


Stable

v0.9

cm_telephone_numbers


Telephone numbers


Stable

v0.2

cm_test_enrollers


Test Enrollers
Experimentalv4.0.0
cm_totp_tokens
TOTP Tokens
Experimentalv4.0.0
cm_unix_cluster_accounts
Unix Cluster Accounts
Tentativev3.3.0
cm_unix_cluster_groups
Unix Cluster Groups
Tentativev3.3.0
cm_unix_clusters
Unix Clusters
Tentativev3.3.0
cm_urls
URLs
Tentativev3.1.0


  • No labels