Page History

CO Instance Management

Add Person as Registry Admin

Remove Person as Registry Admin

Provision CO

Edit CO

Deprovision CO

Provision App to CO

Provisionable apps ideally are deployable to the CO instance without manual steps, support federated authnz, etc. (are domesticated, probably packaged).  Apps include mailing list management.

Deprovision App from CO

Configure Known IdPs

Discovery Service management
Also configure known LDAP servers, attribute mappings for identity data

Person Management

Request Add Person to CO Directory

Guest might be able to self register

Add Person to CO Directory

Via invite, directory query, etc.

Edit Person

Fix name, title, etc.

Remove Person from CO Directory

Role/Group Management

Add CO Admin Role to Person

Remove CO Admin from Person

Create CO Group/Role

Possibly defined as a (partially) federated group

Remove CO Group/Role

Add Person to CO Group/Role

CO Groups could include Federated Groups

Remove Person from CO Group/Role

Provisioning

Dynamic (group based) Person Provisioning to CO Applications

Configure group to app provisioning; For now, provisioning includes (eg) : ACLs; Just-In-Time; or, Pre-provisioned

Dynamic Person Deprovisioning from CO Applications

On One Person removed from Group or CO

Ad Hoc Person Provisioning to CO Applications

Just-In-Time or Pre-provisioned

Ad Hoc Person Deprovisioning from CO Applications

On demand or Person removed from CO

Content

Login to CO Portal

Dynamically generated links to provisioned apps

Login to CO Applications

View CO Public Content

indicates target audience (anyone can view public info)

Audit

View Person History

Provisioned, added to group, etc.

Reporting

System Administration

Provision Cluster Resources (Hardware, VM, etc)

IP Address Registration/Management

Includes eg , for example, app-3.cluster.net as well as myvo.org

Application Upgrades

Or could be done by a separate App Admin

OS Upgrades

Backups