On this page, we are providing very basic use cases. Perun is highly configurable, so it is not impossible to support special use cases, like:
- managing access to the cloud infrastructure
- the configuration of the license servers used by applications like Matlab, Gaussian, ...
User management in the project
- Do you need to manage members of the project?
- Do you want registration form of each of the member?
- Do you need to organize member into the groups?
- Do you want delegate rights of the group membership management to others?
- Do you need to distribute a list of project members or groups to some services?
If you answered yes to any of the questions, then Perun can help you. Example of such use case:
The project called ABC which puts together researchers from the all of the World wants to manage access to the dataset of DNA sequences. Project manager asks for creating a virtual organization (VO) in Perun. He/she just provide the name of the VO and who will be a responsible person. The virtual organization is created within minutes. The responsible person becomes VO manager, who can define what will be on the registration form. Potential users use the registration form to request access to the VO. VO manager can approve or reject each user's application. When some of the users are members of the VO (their application was approved), VO manager can organize members into the groups. Now we can setup a resource which represents the service where DNA sequences are stored. VO manager assigned selected groups to the resource which means group members have access to the resource. Perun will publish a list of allowed users to the service in a required format. Finally only allowed users can access service with DNA sequences.
Setting up the Identity provider
If you want to provide an identity provider for your users, so they can access services within identity federations, you have to setup some identity management system. The identity management system then stores data in the database or in the LDAP, so identity provider can access that data and provide it to the service providers.
If you do not have resources (human or HW) to setup such system, you can use Perun. Simply ask for the creation of a virtual organization, create the registration form, invite users and let them fill the registration form with required information. Perun provides LDAP interface and also build in identity provider. So only negotiation with service providers or identity federation operator is only thing you have to take care of, the rest will do Perun.
Managing access to the Wiki, mailing lists, Unix accounts, ...
Similarly, as in first use case, we will setup a VO, then we setup resources for the wiki, mailing list, ... Providers of wiki services, mailing list service or machines accessible through SSH will create entries in Perun and set basic configuration options, such as which wiki will be managed, where the mailing list management software is located, where we want to create user's home directories, ... VO manager can setup other options, like what kind of language will be preferred for the mailing list, which groups will have a right to access which part of the wiki, etc.
User's identities consolidation
If your users have several digital identities (institutional account, Google account, Facebook account, digital certificate, eduroam account, ...) and usually every new service presents new digital identity (login/password), so it is very hard for the user to manage such identities. The user can register all his/her main identities in Perun (user registers only the login/DN, NOT the passwords/private keys). Perun than can publish corresponding user's identity to the end services, so the services won't need another new identity from the users.
Supporting certificate authority (CA)
If you would like to have and certificate authority (CA), you have to register applicants for the digital certificates and store several required information about them. You can setup virtual organization in Perun, create a group of people who will be registered authorities (RA) and have right to approve user's application to such virtual organization. This information that can be pushed to the software which signs certificates requests.