Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Child pages
  • Registry Services
Skip to end of metadata
Go to start of metadata

As of v2.0.0, COmanage Registry supports a concept of CO Services. A CO Service represents a service or application that a CO Person has access to by participating in the collaboration. While access to the service is likely controlled by Registry managed attributes, the service itself is not accessed as part of Registry. Instead, CO Services act as inventory or catalog of available services, rendering a list of available services on a per CO Person basis.

CO Services are registered by a CO Administrator via the Configuration >> Services menu, and are made visible to users via both the Services menu (v2.0.x only; visible only after the first CO Service is registered) and the Service Portal (available in the main menu). CO Service attributes include

  • CO Group: Access to this service is available only to members of this group. Note the application is ultimately responsible for its own access control.
  • Service URL: The URL of the service.
  • Contact Email: The email address of a contact responsible for managing the service.
  • Entitlement URI: The entitlement URI associated with this service. Used (eg) by the LDAP Provisioning Plugin.

  • Visibility: Who can see this CO Service entry. Note that administrators are not treated specially – they will only see Services in the menu and portal for which they have associated eligibilities. To see the full list of services, administrators can use the configuration menu.

    • CO Admin: Only CO Administrators within the CO can see this service

    • CO Group Member: Only members of the associated CO Group can see this service

    • CO Person: Any CO Person within the CO can see this service

    • Unauthenticated User: Anyone can see this service

  • COU: COU this CO Service is associated with. Service Portals will be available (in the main menu) for each COU with attached services. If set, this service will not be visible in the CO's Service Portal. Available since Registry v3.1.0.
  • Service Identifier Type: Used to indicate which type of Identifier is to be used with this Service. Available since Registry v3.2.0.
  • Short Label: Primarily intended for use with the LDAP Provisioning Plugin, a short label for the service that can be used when attribute options are enabled. Available since Registry v3.2.0.

If at least one CO Service is configured with Unauthenticated User visibility, then the Service Portal will be publicly accessible. Otherwise, only members of the CO can see the Service Portal.

The Service Portal can be rendered within Registry Dashboards by using the URL Dashboard Widget.

Group Membership

As of v3.1.0, it is possible for a CO Person to add or remove themselves from the CO Group associated with a Service directly from the Service Portal, using the Join and Leave buttons. Using Join and Leave is functionally equivalent to navigating to My Groups, finding the appropriate group, and ticking the Member button. This is only available when the CO Group associated with a Service is an open group.

Administrators cannot use this interface on behalf of a CO Person, but must instead use the regular group management interfaces.


See also: cm_co_services

  • No labels