OA4MP has a concept of administrative clients. These are clients that may
create, approve, etc., standard OAuth clients. Why have these? Institutions frequently
need to manage groups of clients. Say, a large national laboratory uses clients to
manage access to resources for many research projects. The point is that the
administrative client has the trust relationship that allows it to manage these.
There is a separate administrative client registration page (typically at
host://oauth2/admin-register). Alternately, you can create one at the command
line in the CLI.
The OA4MP CLI (Command Line Interface) is a character-mode application
that allows wide-ranging administrative abilities to an OA4MP server. These include low
level actions such as adding, aditing or removing clients, creating virtual organizations
manually running garbage collection. Note that there is a complete reference available
from within the CLI, so if you are running it, you should certainly be able to
get help.
VO (short for Virtual Organization) creates a set of keys and
a specified issuer for an organization. This is useful inside a larger
organization, E.g. your university has clients but your department needs
a specific issuer for various projects.
These are relatively easy to create and work mostly seamlessly. Among other things
a specific well-known page with all of the signing keys will be created and deployed.
