Questions & Answers: bwIDM Entitlements
What are "Entitlements" or "bwIDM Entitlements"?[faq_entitlement_1]
Every member of an institution (university, college, PH, HAW etc.) in Baden-Württemberg has a personal account to log on to and use the IT services provided by the institution. If the Institution is a member of the federated identity management of Baden-Württemberg universities bwIDM, then associates of this institution can apply for further use of IT services offered by other locations.
In order that these "external" IT services "know" who the user is, the following information is provided during registration and/or usage of the external IT service and some data of the user(s) is transmitted to the IT service. The federated Identity management also ensures through the mutual trust model that the external IT service knows that the user really exists at the respective institution (validation of the account).
In context of the bwIDM Federation, the participating institutions have agreed on a minimum data set, which is transmitted to the external IT service. This data record includes, for example Attribute1 like eduPersonalPrincipalName, mail or givenName. These are so-called "standard attributes".
However, some IT services require specific information, such as whether a home institution is permitted to use a foreign IT service at all. This specific information can be added to the personal account of the user(s) via additional assignments of a special attribute (eduPersonEntitlement).
1 An attribute is a "key-value pair".
bwIDM, Entitlement, Attribute, Home institution, external IT service, eduPersonEntitlement, Account
Which Entitlements do I need to use bwCloud?[faq_entitlement_2]
To use the bwCloud you need at least one of the two entitlements bwCloud-Basic or bwCloud-Extended. Accounts can also include both entitlement elements - in this case the "higher ranking" entitlement element (bwCloud-Extended) is evaluated and applied.
Detailed information can be found on the bwIDM webpage with information about the bwCloud SCOPE service..
Entitlements, bwCloud-Basic, bwCloud-Extended
What is regulated with the Entitlements? Why do I need these Entitlements?[faq_entitlement_3]
The entitlements serve several purposes. The most important points in the overview:
Entitlements answer the question of who is allowed access to bwCloud and who is not by the home locations
The users' home locations independently decide on the allocation of entitlements to their members - and thus ultimately who and how the bwCloud should be used.
On our side applies from 01.10.2019: No release by the home institution via Entitlement = No access to bwCloud
With the entitlements we control how many resources a user is allowed to use
The following applies: the flavor table is the basis for differentiation
- Users who only have the bwCloud-Basic entitlement can start an instance of either "nano" or "tiny". This is a kind of "trial access" and is mainly targeted at students. Instances of this flavor are free of charge.
- Users who have the "bwCloud-Extended" entitlement will be given significantly more quotas and can therefore use all the flavors offered. The use of the bwCloud will incur costs in the future.
With the Entitlements we regulate how we handle the instances
The Eentitlement bwCloud-Basic is mainly addressed to students who want to use the bwCloud for various purposes such as theses or as a software repository. Since there is a large number of students in Baden-Württemberg, we expect a correspondingly large number of small VMs to accumulate over time. At the same time, we assume that these VMs will not really be deleted immediately when their original purpose is no longer applicable. We will therefore regularly delete all VMs started by users with entitlement bwCloud-Basic to "clean up" our systems and to give other users the chance to start an instance. The bwIDM Entitlement bwCloud-Basic is not intended to run a (system) service permanently.
With bwCloud-Extended these restrictions do not exist. Here the following applies: the VMs run until they are independently deleted by the users.
With the entitlements we know who can potentially pay for the virtual machines
To ensure the sustainable operation of the bwCloud and a regular exchange of hardware and software In order to be able to ensure this, it is necessary to charge for the services used. We therefore would like to establish a cost allocation model. With the income generated in this way, we intend to renew our hardware infrastructure regularly and adapt it to requirements. In order to be able to avoid individual invoices with the users, we are going to generate so-called collective overviews and invoices", because only the home regions know their users and know who has the appropriate resources to operate VMs. With the award of the Entitlements bwCloud Extended for a user, the respective home region signals two things:
- the user has access to an account with appropriate means and that
- the home site can therefore pay the total bill for the resource consumption of all users of the site.
How the costs are then allocated internally at the home site is again a matter for the respective site and can be organised individually and according to their local guidelines. Resources operated with the bwIDM Entitlement bwCloud-Basic remain free of charge: this flavor is supported by the Ministry of Science, Research and the Arts (MWK).
- We accelerate the registration process
Through the automated evaluation of the bwIDM Entitlements in the course of the registration for the service, users receive immediate feedback when the account has been set up in the bwCloud. No manual interaction from our side is necessary anymore - and so everybody wins: Users enter the bwCloud within minutes and we don't have to activate anyone manually anymore.
justification, entitlements, instances, handling, service charging, invoice, costs, registration process, decision
How can I find out which entitlements my account contains?[faq_entitlement_4]
When logging into a RegApp or into the bwSupportPortal an overview of the data to be transmitted is displayed. This overview also includes the supplied Entitlements (see screenshot).
If not in the list of entitlement elements the value(s) bwCloud-Basic and/or bwCloud-Extended appear, then this means that the respective account none of the entitlement elements has/have been assigned until now!
RegApp, Entitlement, Overview, Login
What do I do if my account has no bwCloud entitlement assigned to it?[faq_entitlement_5]
The assignment of the entitlement is the sole responsibility of the respective user location. We from bwCloud cannot add or remove Entitlements to user accounts! In this case, please contact the central IT service facility (computer center, IT service center, service center, ...) and request the assignment of the desired entitlement element.
Home region, user site, missing entitlement, IT service center, computer center,
Are the Entitlements even necessary? I was able to register without them...[faq_entitlement_6]
YES, the entity elements are necessary. At the latest after the move to Karlsruhe RegApp, the entitlements for the use of the bwCloud is absolutely necessary: Without Entitlement the bwCloud then can not more be used!
Move, RegApp, Karlsruhe, Freiburg