Open Office Hours - August 8

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, August 8
9:00 AM (San Francisco) | 12:00 PM (New York) | 17:00 (London)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

Topic Aperitif: Registry v5.1

Discover the new functionality in Registry v5.1. We will also be available for your other questions and topics.

Subscribe to Our Calendar

Help Shape COmanage’s Next Resources

We’re creating a new series of in-depth “deep dives” on key Registry and Match features—packed with practical guidance, case studies, and insights from the development team. Tell us which topics matter most to you, and help us make resources that meet your needs.

Take the survey →

RELEASED: Registry v4.5.0

Registry v4.5.0 was recently released. (ANNOUNCEMENT) v4.5.0 is a feature release that introduces several new capabilities and improvements:

✅ Token expiration time in OAuth2 responses

Version 4.5.0 adds support for storing Access Token expiry dates when using an OAuth Server configuration | Documentation

The OAuth2 Registry Server now supports the storage of the Access Token field,m [expires_in], in the OAuth2 Server data model. This information is stored when available upon successful OAuth2 responses as specified by RFC 6749. This improvement enables those using the COmanage Registry API to more efficiently identify expired tokens.

✅ Pipeline configuration to establish cluster objects

Version 4.5.0 adds support for establishing cluster objects via a pipeline when the CO Person is created | Documentation

Registry pipelines now allow a sync strategy that will establish cluster accounts when creating new CO Person records. Sync strategies are used to determine when a CO Person record should be created or updated by a pipeline, as well as the related objects. 

✅ Requiring MFA for Registry login

Version 4.5.0 allows a configuration to require MFA for those signing into Registry | Documentation

MFA requirements can be set at the Registry platform level through a configuration of Apache environment variables. When set, MFA is not required to access Mostly Static Public Content or when running an Enrollment Flow.

✅ Option to delete all JobShell locks

Version 4.5.0 enables one to delete all JobShell locks with a single command | Documentation

This feature adds a variable to the JobShell argument that removes a locked job. Now, in addition to the ability to add a specific lock ID to be removed, one may specify “all” to remove all locks.

See more information in the release history.

• Internet2
• The CILogon Project and the University of Illinois

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

Open Office Hours - June 13

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, June 13
9:00 AM (San Francisco) | 12:00 PM (New York) | 17:00 (London)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

Topic Aperitif: Registry v5.1

Discover the new functionality in Registry v5.1. We will also be available for your other questions and topics.

Subscribe to Our Calendar

RELEASED: Registry PE 5.1.0

Enrollment Flows have been integrated into the COmanage Registry PE! In addition to bug fixes, this new version introduces several new capabilities and improvements, including

Enrollment Flows

Version 5.1 adds Enfollment Flows to COmanage Registry PE  | Documentation

Every organization has one or more ways of bringing new people into the organization. There are several terms used to describe this process, including application, enrollment, intake, invitation, petition, and signup. These processes vary significantly across organizations.

This enhancement provides version 4.x’s popular and fully customizable mechanism for representing these processes and translating them into methods for integrating people into a CO's population. Known as Enrollment Flows, any number of these processes can be established to cover your organization’s needs. Enrollment Flows are generally intended for interactive, human-driven processes.

Env Source Plugin

Version 5.1 adds this plugin, helpful in collecting identities during Enrollment Flows | Documentation

Env Source is an External Identity Source Plugin. External Identity Sources enable the creation of People and Person Roles based on data received from an external source or System of Record. The Env Source Plugin is designed to retrieve attributes from environment variables, which are typically populated by web server authentication modules. It is designed primarily to collect identities as part of an Enrollment Flow.

Identifier Assignment Format Enhancements

Version 5.1 enhances Identifier Assignment formatting to include minimum length and transliteration support | Documentation

COmanage Registry is capable of automatically assigning Identifiers to entities within COs. Identifiers may be assigned on demand, as part of an Enrollment Flow, or as part of a Pipeline. Multiple algorithms for assigning Identifiers are supported via plugins. This enhancement extends the Format Identifier Assignment Plugin to support minimum length (requirement for the identifier to have at least a certain number of characters) and transliteration (the process of converting non-ASCII7 characters to an approximate ASCII7 representation, for example, converting ñ to n).

Identifier Mapper Pipeline Plugin

Version 5.1 adds modifications to identifiers from external identities | Documentation

This plugin provides the ability to modify identifiers obtained from external Identities to offer greater utility from COmanage Registry. In this enhancement, you can specify an identity to be flagged as one used for login. This Identifier Mapper is used with Pipelines, which connect data from External Identity Sources to Person Records.

Record Adoption

Version 5.1 enhances the  ability to transition records to Registry | Documentation

Adoption is the process of converting an External Identity to a Person. This may be useful when an External Identity Source is used to temporarily synchronize records to Registry, perhaps as part of a data migration strategy where records are transitioned to Registry as the authoritative System of Record.

See more information in the release history.

Funding for Registry PE 5.1.0 has been provided by

• The CILogon Project and the University of Illinois

• SCG Collaboration Group

• Southern Methodist University

• And an additional funder

RELEASED: Match 1.2.2

Maintenance release that addresses several bugs. See more information in the release history.

RELEASED: Registry 4.5.0 Release Candidate

We are actively seeking community review of this Release Candidate in preparation for its release. While we do not yet recommend running this Release Candidate on production services, we would appreciate any feedback from upgrading test and QA instances. After about one-two weeks, we will release another RC or the final 4.5.0 release, depending on what reports we receive. This version includes many enhancements and fixes.

Additional details can be found at https://github.com/Internet2/comanage-registry/tree/4.5.0-rc2

Training and Presentations

BaseCAMP

Laura Paglione and Graeme Varga gave a presentation to introduce COmanage Registry and Mach during BaseCAMP last week. BaseCAMP was a five-day, virtual event (Jun 2-6) designed for those new to identity and access management. We will share a copy of our slides in the Presentations section of the wiki in the coming days.

COmanage Training is Back! - June 24-26

This is your opportunity to receive COmanage training from Shayna Atkinson and Laura Paglione, covering both Registry and Match, for a single, bundled price. This three-day class will explore:

• REGISTRY
  Configure an identity registry with sophisticated lifecycle management capabilities.

• Configure Registry for your specific organizational needs

• Model your organization or collaboration

• Set up enrollment flows and automate data processing

• Manage identifiers, groups, and roles

• Provision registry data for use in other systems

• MATCH
  Minimize account duplication for members of your population using heuristic-based identity record matching against your systems of records

• Create and refine matching rules for canonical and potential matches

• Build and test datasets to validate your rules

• Gain hands-on experience with the Match API

Additional information: https://incommon.org/academy/comanage/ 

Good to see you at CommEx and TIIME

It was great to see some of you during our recent travels to the Community Exchange and TIIME Conferences in May.

COmanage Project Team members at TNC25

Benn has been at TNC25 this week. Hope you said hello if you also were there!!

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - May 9

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, May 9
9:00 AM (San Francisco) | 12:00 PM (New York) | 17:00 (London)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

Topic Aperitif: Registry v5.1

Get a sneak peek of Registry v5.1 as we prepare its release. We will also be available for your other questions and topics.

Subscribe to Our Calendar

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

COmanage at BaseCAMP

We will be presenting a session about COmanage Registry and Match during the upcoming BaseCAMP, a five-day, virtual event (Jun 2-6) designed for those new to identity and access management. The COmanage Project session is scheduled for Wednesday, June 4, 12:15 - 1:00 PM US Eastern.

Training opportunity

We have heard from a few institutions that they are seeking COmanage Registry and/or Match training. If training has been on your check list, now would be a good time to check in. Let us know on the #incommon-comanage slack channel or by emailing Laura!

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - April 11

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, April 11
9:00 AM (San Francisco) | 12:00 PM (New York) | 17:00 (London)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

Topic Aperitif: Your Questions

We will not have a specific topic this month. We will be available for your questions and topics.

Subscribe to Our Calendar

COmanage Registry v4 Maintenance Releases

On February 19 and March 26, Internet2 and the COmanage Project announced Registry releases 4.4.1 and 4.4.2 respectively. These maintenance releases contain various bug fixes. Thank you to all who have reported bugs that they have found, and Internet2 and others who have provided the financial resources to support the fixes.

Review the full release notes to upgrade to these versions, and the release announcements for v4.4.1 and v4.4.2.

Documentation update: PostgreSQL 15+ users

PostgreSQL 15 introduced a significant security change regarding the default behavior of the public schema. Prior to version 15, the public schema was accessible to all database users by default through the public schema search path. This meant any user could create objects in the public schema.

In PostgreSQL 15, this default was changed to enhance security. The public schema is no longer automatically included in the search path for new databases. Additionally, the default privileges for the public schema were modified to prevent regular users from creating objects in it without explicit permissions.

For COmanage Registry users, this means if you're upgrading to PostgreSQL 15 or higher, you'll need to ensure your database configuration explicitly grants the necessary schema permissions to your Registry database user. The COmanage documentation has been updated to reflect the needed changes:

• New Registry Setup
• Registry Installation - Database

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

COmanage at BaseCAMP

We will be presenting a session about COmanage Registry and Match during the upcoming BaseCAMP, a five-day, virtual event (Jun 2-6) designed for those new to identity and access management. The COmanage Project session is scheduled for Wednesday, June 4, 12:15 - 1:00 PM US Eastern.

Training opportunity

We have heard from a few institutions that they are seeking COmanage Registry and/or Match training. If training has been on your check list, now would be a good time to check in. Let us know on the #incommon-comanage slack channel or by emailing Laura!

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Subscribe to Our Calendar

Open Office Hours - TODAY!! February 14

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, Febuary 14
9:00 AM (San Francisco) | 12:00 PM (New York) | 17:00 (London)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

2024 Topic Aperitif: Just your questions

We will not have a specific topic this month. We will be available for your questions and topics.

Subscribe to Our Calendar

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

COMANAGE MATCH in WORKBENCH

COmanage Match was recently included in the InCommon Trusted Access Platform Workbench. On Monday, Feb 10, 2025, we held a working session to discuss use cases and configuration for this inclusion. We will share the results after our next working session. Please subscribe to our calendar (above) to include the next workbench session on your calendar.

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - January 10, 2025

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, January 10
900 AM (San Francisco) | 12:00 PM (New York) | 17:00 (London)
(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.

January 2025 Topic Aperitif: Office Hours LIVE! Redux

During Office Hours LIVE! At Technology Exchange in Boston, we talked about the launch of COmanage Registry 5.0.0 and what its upcoming releases contain and the COmanage Project support programs. Here is your chance for a recap for those who weren’t able to attend, and an opportunity to ask more questions for those who were.

Subscribe to Our Calendar

COmanage Project 2024 Year in Review

More happened during 2024 than we can fit into a newsletter, but here we share some highlights.

New Version Releases

This year we made MANY releases to both Registry v4 as well as milestone releases and the first production release of Registry v5 (PE)! Registry v5.0.0 is a significant investment in Registry’s code framework. This work includes a review of how Registry use has evolved over the past 14 years and an update of the code and data structures so that they are more effective and efficient for today’s users. To allow for regular feedback from the user community, the project team shared a series of Milestone Releases prior to the December production release.

You can find all of the details of the releases on the COmanage Roadmap page.

• Registry v5.0.0 (Dec)
  The first stable release of Registry v5.0.0. This version is intended for select early adopters with compatible use cases, and is not at feature parity with Registry v4.
  
  
• Registry v4.4.0 (Nov)
  New capabilities and improvements, INCLUDING :
• Organization Source Plugin
• KdcServer model for integrating with Kerberos KDC servers
• Eligibility Dashboard Widget Plugin for Self Service.
• Plugin connection with ORCID member API.
• Configuration Handler Plugin.
• Fiddle Enroller Plugin.
  
  
• Release v5.0.0 MR13 (Sep)
  Plugins!
  
  
• Release v4.3.5 (Aug)
  Maintenance release: bug fixes and improvements
  
  
• Registry v4.3.4 (Jun)
  Accessibility audit aimed at WCAG 2.2 AA and produced a Voluntary Product Accessibility Template (VPAT); Maintenance release: bug fixes and improvements
  
  
• Release v5.0.0 MR12 (May)
  Message templates and notifications

• Release v5.0.0 MR11 (Apr)
  External identity sources
  
  
• Registry v4.3.3 (Apr)
  Maintenance release: bug fixes and improvements

New Documentation and Materials

As we continue to improve and enhance the written resources that we provide for COmanage Project tools, we added a few new documentation types:

Recipes

First released in 2024, Recipes are a new resource type within the COmanage project documentation. They are designed to illustrate how one might combine a group of features in the COmanage tools to accomplish a specific goal or outcome. The recipes released this year:

🥣 Registry Recipe: SSH Public Key Management

🥣 Registry Recipe: Using the ORCID Member API with Registry

🥣 Registry Recipe: Core API, CO Person Management in Registry

Case Studies

In 2024 we released our first case study. Designed to illustrate the ways that users are integrating COmanage tools into their architecture, case studies highlight how institutions use Registry and Match to address real-life challenges. We have several more already queued up for 2025!

Registry 5.0.0 (PE) Technical Manual

With the next version of Registry v5.0.0, we have created a new Technical Manual to go with it. This manual will continue to grow as new functionality is added to v5+. A user guide for the updated version is under development with a first release expected early in 2025. See the Registry PE (v5.0.0) Technical Manual.

A Focus on Usability

In 2024, we spent a lot of time thinking about how folks are using our tools, and how we could improve their experience. Here are a few things that we are particularly proud of:

Registry Accessibility: WCAG Accessibility Statement and Audit

COmanage tools have always been designed with accessibility in mind. With version 4.x of Registry, we added a WCAG 2.1 AA accessibility statement to the COmanage Style Guide, and performed an accessibility audit aimed at WCAG 2.2 AA. Our Voluntary Product Accessibility Template (VPAT) contains the results of this audit. Thank you to the CILogon Project and the University of Illinois for their support in achieving this important enhancement.

User interface bulk actions

Though built in from the beginning of Registry version 5, 2024 saw the first implementation of using bulk actions within the user interface for managing group memberships. 

Copy to clipboard

A simple but helpful usability enhancement made to Registry version 5 is the ability to copy the value of a person attribute to the clipboard with a single click. This feature will also be added to Registry version 4 in early 2025.

Vue.js components

COmanage registry continues to make use of vuejs to build components to ease the user experience. Components include end-user focused dashboard widgets, the display of attributes on the Person canvas, and the person picker shown below, among others.

COmanage Support Programs

At the end of 2024, the COmanage Project launched two new support programs to ensure that both the COmanage community and YOU have the support needed to make any implementation a success

Support for the Community. The OSP.

The Operational Sustainability Programme (OSP) provides funding for the operations and infrastructure work associated with the COmanage Project. This includes bug fixes, release management, documentation, and other tasks necessary to maintain the Project. The OSP works a bit like public radio… we set a fund raising goal, and look to members of the community to help reach that goal in order to keep providing the software that you rely on. SCG manages the OSP on behalf of the COmanage Project. Contributions to the OSP accrue to the benefit of the community.

See the SCG COmanage Project Support page for more details.

Support for YOU. SCG Priority Hours.

SCG Priority Hours provide "top of the queue" support for subscribers. Available exclusively to OSP Funders, Priority Hours are an optional add-on. While SCG is unable to offer 24x7 operational support, Priority Hours receive the highest internal priority and will generally be placed at the top of the queue for response. Priority Hours may be used for any COmanage related project, though there are some limitations on use for feature development ("RFEs").

See the SCG COmanage Project Support page for more details.

Thank You to Our Supporters

We would like to express our deep gratitude to all of the institutions that have provided the financial support to enable 2024 to be such a successful year for the COmanage Project:

• The CILogon Project and the University of Illinois
• Indiana University (UITS)
• Internet2 | InCommon
• MSU (Humanities Commons)
• NIH NIAID VRO
• SCG Collaboration Group
• SLAC National Accelerator Laboratory
• Southern Methodist University
• SUNET
• Wake Forest University
• And, other funders who have asked to be thanked behind the scenes

We also would like to thank all of those who have provided support in non-financial ways including participation in our events, providing feedback, submitting bugs (and sometimes fixes!), sharing your use cases, and so much more. Open source software thrives through an engaged community, and we are thankful that you are part of ours.

That’s it for this month’s newsletter. Thank you for a fantastic 2024. We hope to see you during our next open office hours!

Open Office Hours LIVE at TechEx - December 8

This month’s Open Office Hours will be held IN PERSON during the Technology Exchange conference in Boston during lunch on Tuesday. In addition to project updates, more information and demos of Registry v5.0.0, and details about our new support programs, we will have time for your questions and discussion as usual. 

This session will not be broadcast or recorded, but we will share the slides and will reserve time at our January Office Hours for more discussion.

Tuesday, December 10, 12:10-1:40 PM
Technology Exchange Room: Suffolk (3rd Floor)

(a lunch buffet will be available outside of the room for registered participants)

2024 Topic Aperitif: COmanage Registry 5.0.0 LAUNCH!

During 2024, much of the COmanage Project development team was focused on developing the release of COmanage Registry 5.0.0. At this session, we will discuss what is in this limited-functionality launch and share what is planned for future releases. We will also share information about our two new support programs. See below for more details!

Subscribe to Our Calendar

First Stable Release of Registry v5.0.0

The COmanage Project is pleased to announce the first stable release of Registry PE, v5.0.0. This release is intended for select early adopters with compatible use cases. Registry PE v5.0.0 is not at feature parity with Registry v4. In particular, Enrollment Flows will not be available until v5.1.0.

If you will be in Boston next week, come to Open Office Hours LIVE!! to see a demo of this new version. If you are interested in participating as an early tester or early adopter, please let us know via Slack or email. You can also just dive in and let us know how it goes.

The Registry PE (v5) Technical Manual provides additional information about Registry PE, including installation instructions. Note that PE's container support is currently limited. You should be comfortable building your own containers, or you can install directly on a VM or server without using containers.

Funding for Registry PE 5.0.0 (inclusive of the Milestone Releases) has been provided by

• The CILogon Project and the University of Illinois
• Internet2
• SCG Collaboration Group
• Southern Methodist University
• SUNET
• And an additional funder

Registry v4.4.0 Release

On November 19, the COmanage Project announced the release of COmanage Registry version 4.4.0. This release includes several new capabilities and improvements. A sampling of these items:

• Organization Source Plugins - A new plugin type that enables one to add data to Registry about organizations (to complement information about the people associated with these organizations. Sample data sources might be Federation Metadata (MDQ), Research Organization Registry (ROR), and SQL or CSV files for local data sources.
• KdcServer model for integrating with Kerberos KDC servers - a new KDC server configuration enabling connections to a Kerberos key distribution center.
• Eligibility Dashboard Widget Plugin for Self-Service - Enable self-service management of COU memberships.
• Plugin connection with ORCID member API - collect ORCID Member access tokens from users that can be used outside of Registry to read Trusted data from or update ORCID Records.
• Configuration Handler Plugin - a plugin that enables the export and import of Registry CO configurations.
• Fiddle Enroller Plugin - allows an administrator to “fiddle” with enrollment petition data before it is finalized.

See the Release Announcement for a full list of improvements and updates.

A Security Advisory was posted along with this release - details can be found on the COmanage Registry Security Advisories page.

COmanage Registry v4.4.0 was made possible by contributions from several organizations, in addition to ongoing funding via Internet2 and CILogon. The project would like to thank:

• Indiana University (UITS)
• MSU (Humanities Commons)
• NIH NIAID VRO
• SLAC National Accelerator Laboratory
  

Support for the Community. The OSP.

The Operational Sustainability Programme (OSP) provides funding for the operations and infrastructure work associated with the COmanage Project. This includes bug fixes, release management, documentation, and other tasks necessary to maintain the Project. The OSP works a bit like public radio. We set a fundraising goal and look to members of the community to help reach that goal so that we can keep providing the software that you rely on. SCG manages the OSP on behalf of the COmanage Project. Contributions to the OSP accrue to the benefit of the community.

See the SCG COmanage Project Support page for more details.

Support for the Community. The OSP.

SCG Priority Hours provide "top of the queue" support for subscribers. Available exclusively to OSP Funders, Priority Hours are an optional add-on. While SCG is unable to offer 24x7 operational support, Priority Hours receive the highest internal priority and will generally be placed at the top of the queue for response. Priority Hours may be used for any COmanage-related project, though there are limitations on using them for feature development ("RFEs").

See the SCG COmanage Project Support page for more details.

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

COMANAGE AT TECHNOLOGY EXCHANGE

Don’t miss these COmanage-related sessions during Technology Exchange this December:

.

.

.

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - TODAY!! November 8

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, November 8
9:00 AM (San Francisco) | 12:00 PM (New York) | 17:00 (London)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

2024 Topic Aperitif: COmanage Registry 5.0 Update

Much of the COmanage Project development team is focused on development toward the release of COmanage Registry 5.0. We will kick off each of the Office Hours in 2024 with a brief update on the latest developments.

Subscribe to Our Calendar

Training is back! Interested?

Are you or someone on your team looking to increase your COmanage Registry or Match skills? Then, you’re not alone. There is interested in both classes, so we’re likely to run sessions in the next few weeks. If you would like to join, please reach out to Laura Paglione (lpaglione@sphericalcowgroup.com) or Jean Chorazyczewski (jeanc@internet2.edu) so we can include you in the scheduling.

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

COMANAGE AT TECHNOLOGY EXCHANGE

Don’t miss these COmanage-related sessions during Technology Exchange this December:

.

.

.

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - October 11

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, October 11 at 12:00 PM (America/New York)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

2024 Topic Aperitif: COmanage Registry 5.0 Update

Much of the COmanage Project development team is focused on development toward the release of COmanage Registry 5.0. We will kick off each of the Office Hours in 2024 with a brief update on the latest developments.

Subscribe to Our Calendar

Using COmanage tools to support a Banner to Workday Transition

In March 2024, Wake Forest University (WFU) began its production launch of COmanage Registry and Match as part of Project WakeDay, a university-wide migration from Ellucian Banner to Workday. During the evaluation and planning phases of the migration project, the team identified several functions that would be supported at different levels in Workday. The university had several goals for a solution:

• Create a central repository for all individuals associated with Wake Forest University.
• Efficiently match new individuals to existing ones across all populations to prevent duplication.
• Centrally assign unique WFU IDs to all new individuals coming into the university.
• Assign unique usernames for all individuals to be used for their email addresses.

Look at their case study to learn more about the WFU project, how they addressed their needs using COmanage tools, and the lessons they learned along the way.

Training is back! Interested?

Are you or someone on your team looking to increase your COmanage Registry or Match skills? Then, you’re not alone. There is interested in both classes, so we’re likely to run sessions in the next few weeks. If you would like to join, please reach out to Laura Paglione (lpaglione@sphericalcowgroup.com) or Jean Chorazyczewski (jeanc@internet2.edu) so we can include you in the scheduling.

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

COMANAGE AT TECHNOLOGY EXCHANGE

Don’t miss these COmanage-related sessions during Technology Exchange this December:

.

.

.

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - September 13

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, September 13 at 12:00 PM (America/New York)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

2024 Topic Aperitif: COmanage Registry 5.0 Update

Much of the COmanage Project development team is focused on development toward the release of COmanage Registry 5.0. We will kick off each of the Office Hours in 2024 with a brief update on the latest developments.

Subscribe to Our Calendar

COmanage Registry Release v4.3.5

On August 28, Internet2 and the COmanage Project announced the next Milestone Release release of COmanage Registry version 4.3.5. This release is a maintenance release. This version contains various bug fixes. Thank you to all who have reported bugs that they have found, and Internet2 and others who have provided the financial resources to support the fixes.

Review the upgrade notes and full release notes to upgrade to this version.

COmanage Registry Release v5.0.0 MR13

On September 10, the COmanage Project announced the release of COmanage Registry version 5.0.0, Milestone Release 13. This release includes

• Core Job Plugin, with support for Assigner, Provisioner, and Sync Jobs
• SQL External Identity Source Plugin
• SQL Provisioning Plugin
• Pipeline Plugins
• Person Role Mapper Pipeline Plugin
• Improvements to the People Picker
• Various bug fixes, especially for Pipelines

You can find details about this release, including how to gain access to it, in the release announcement.

Many thanks to the following organizations that provided funding for MR 13:

What is Registry v5.0.0 (aka, Registry PE)? As we mentioned in Newsletter #20, Registry v5.0.0 is a significant investment in Registry’s code framework. This work includes a review of how Registry use has evolved over the past 14 years and an update of the code and data structures so that they are more effective and efficient for today’s users. 

Updates are being managed as Milestone Releases (MR) until the first deployer is ready to go to production, at which point we will release v5.0.0 final. Each MR includes functionality that has been migrated to the new framework.  The Milestone Releases that have been completed so far:

• MR1 - Core Person Models
• MR2 - Person Roles
• MR3 - External Identities
• MR4 - Groups and COUs
• MR5 - Authorization
• MR6 - Global Search
• MR7 - Plugin Infrastructure
• MR8 - Jobs
• MR9 - Provisioning
• MR10 - Identifier Assignment
• MR11 - External Identity Sources
• MR12 - Message Templates and Notification
• MR13 - Plugins!

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - July 12

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month, we gather for the Open Office Hours, a platform where you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started. This is a great opportunity to connect with your peers, share your experiences, and learn from others.

Friday, July 12 at 12:00 PM (America/New York)

(no registration necessary)

https://us06web.zoom.us/j/86226181846?pwd=T2VCIHTbdCEuiJyHF2avVuD0FwkZGe.1

2024 Topic Aperitif: COmanage Registry 5.0 Update

Much of the COmanage Project development team is focused on development toward the release of COmanage Registry 5.0. We will kick off each of the Office Hours in 2024 with a brief update on the latest developments.

Subscribe to Our Calendar

COmanage Registry Accessibility Audit!

On June 26, Internet2 and the COmanage Project announced the release of COmanage Registry version 4.3.4. This release is a maintenance release. This version contains various bug fixes.

Thanks to funding from CILogon, the COmanage project performed an accessibility audit aimed at WCAG 2.2 AA and produced a Voluntary Product Accessibility Template (VPAT). Originally aimed at Registry version 4.4, we have accelerated the release of these important updates, which have been included in version 4.3.4.

The Web Content Accessibility Guidelines (WCAG) is an international standard designed to make web content more accessible to people with disabilities. Designed through a W3C process, WCAG aims to provide a single shared standard for web content accessibility that meets the needs of individuals, organizations, and governments internationally. Web “content” generally refers to the information in a web page or application, including

• natural information such as text, images, and sounds
• code or markup that defines structure, presentation, etc.

Review the upgrade notes and full release notes to upgrade to this version.

COmanage Project News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - June 7

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started.

Friday, June 7 at 12:00 PM (America/New York)

(no registration necessary)

https://us06web.zoom.us/j/84743471575?pwd=d29QNFM1KzEwUFZvRFg0enJ1dlNmQT09

2024 Topic Aperitif: COmanage Registry 5.0 Update

Much of the COmanage Project development team is focused on development toward the release of COmanage Registry 5.0. We will kick off each of the Office Hours in 2024 with a brief update on the latest developments.

Subscribe to Our Calendar

The Importance of Accessibility

COmanage tools have always been designed with accessibility in mind. With version 4.x of Registry, we added the following WCAG 2.1 AA accessibility statement to the COmanage Style Guide:

RELEASE: Registry v5 Milestone Release 12

In early May, we announced the latest Milestone Release for Registry v5. This release adds the following features to version PE 5:

• Message Templates
• Notifications
• Oracle SqlServers (experimental)
• SmtpServers
• Lots of frontend improvements
• Improvements to handling of status during Pipelines
• Various bug fixes, especially for Transmogrification
• Container updates

You can find details about this release, including how to gain access to it, in the release announcement. Many thanks to the following organizations that provided funding for MR 12:

• The CILogon Project and the University of Illinois
• SCG Collaboration Group
• Southern Methodist University
• And an additional funder (pending disclosure approval)

Learn more about Registry v5 Milestone Releases in Newsletter issue #20 (March 2024).

Changes to HTML markup in Registry

To better handle HTML markup in fields where it is allowed, the recently released Registry v4.3.3 makes use of the html-sanitizer library (version 1.5). This library aims to handle, clean, and sanitize HTML supplied by users to prevent the inadvertent or deliberate introduction of application security problems when the HTML is stored and displayed. 

This library has a deep understanding of HTML: it parses and rewrites the HTML DOM output, keeping only the safe elements and stripping any tag or attribute not explicitly allowed. The Registry fields that are impacted by this update include 

• Announcement header and footer fields, 
• Dashboard header and footer fields, and
• Terms and Conditions

These fields are now stripped of <script> tags and most HTML attributes on output. 

For more information about supported tags, see the configuration documentation. 

The impacted Registry fields support tags found in the ['basic', 'code', 'image', 'list', 'table', 'details', 'extra'] extensions. The Dashboards header and footer also allow <style> tags with custom CSS.

Themes, which allow for full control over the interface, are unaffected by this change and will accept <script> tags and other custom markup.

COmanage News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

That’s it for this month’s newsletter. We hope to see you during our next open office hours!

Open Office Hours - May 10 (UPDATED)

Do you have a question about deploying or configuring Registry or Match? Want to get some input on a solution architecture design? Want to hear how your colleagues in the community are solving problems similar to yours? Each month you can bring your topics for discussion to the call. No need to register or spin up a presentation (but feel free if it suits you!); just show up! A short conversation starter kicks off each session to help get the discussion started.

Friday, May 10 at 12:00 PM (America/New York)

(no registration necessary)

https://us06web.zoom.us/j/84743471575?pwd=d29QNFM1KzEwUFZvRFg0enJ1dlNmQT09

2024 Topic Aperitif: COmanage Registry 5.0 Update

Much of the COmanage Project development team is focused on development toward the release of COmanage Registry 5.0. We will kick off each of the Office Hours in 2024 with a brief update on the latest developments.

Subscribe to Our Calendar

Registry Recipe: SSH Public Key Management

Recipes are a new resource type within the COmanage project documentation. They are designed to illustrate how one might combine a group of features in the COmanage tools to accomplish a specific goal or outcome. Through a use case and generous support from CILogon, we introduce our first recipe: SSH Public Key Management!

What is Registry v5? Hasn’t this been going on for a while?

The development team has been working with early adopters on Registry v5. This version includes a migration to the latest version of the Cake PHP framework which supports our code structure. Given this significant undertaking, we are using this opportunity to evaluate how Registry use has evolved over the past 14 years and update the code and data structures so that they are more effective and efficient for today’s users. And, with Registry operating better under the hood, we also are improving Registry’s user interface to better support new and occasional users and provide easier-to-use and -understand functionality.

🥣 Registry Recipe: SSH Public Key Management

CILogon is an integrated identity and access management platform for research collaborations. It combines federated identity management (Shibboleth, InCommon) with collaborative organization management (COmanage Registry). Several research collaborations that use CILogon include researchers who need to use SSH to access their research resources. CILogon advocates for researchers to store and manage their SSH Public Keys in Registry. The system passes these public keys to LDAP, where they can be used by other tools for streamlined, secure access management, for example, in Unix cluster access. 

CILogon administrators will benefit from the step-by-step guidance provided by this new recipe. It describes how to use the SSH authenticator and LDAP provisioner plugins to collect public keys from end users and store them in LDAP, and provides examples of how LDAP might be used for dynamic public key management. 

RELEASE: Registry v4.3.3

Maintenance Release w/ Security Advisory

Recommended that all deployments upgrade to this release.

This version contains various bug fixes. Please review the full Registry 4.3.3 Release Announcement for full details and upgrade notes.

A Security Advisory is being posted along with this release.  All deployments should review this Advisory to determine if any action is warranted. There is ALSO an update to a previous Security Advisory located here. Further details are posted to the COmanage Registry Security Advisories page.

COmanage News

Do you have ideas or news to share? Let us know on the #incommon-comanage slack channel or by emailing Laura!

Bug found and squashed. Thanks, Wake Forest University!

As an open-source project, we get extra excited when a bug report is submitted with the code to fix it!. Many thanks to Seth Stein of Wake Forest University who identified an issue with the FileSource plugin. We appreciate their offered code in the form of a pull request that followed the COmanage project contribution guidelines. The fix can be found in the most recent release of Registry, version 4.3.3.

That’s it for this month’s newsletter. We hope to see you during our next open office hours!