Morpho

On #1, yes, we are using a different account. I could have set up the test KNB IdP to use the o=NCEAS tree but I used the ou=Account tree to catch a more diverse set of users without committing to any one organizational affiliation. As far as I understand it, our IdP strategy is still in discussion even though we are running out of time to set up a production-ready IdP before a Morpho 2.0.0 release.

On #2, after a legacy "uid=X,o=Y" account has been mapped to its CILogon identity, the user will have the same level of access enjoyed previously. We should investigate the "owner" pathquery processing to make sure it honors this mapped access, but otherwise direct manipulations using a mapped identity should work without the user noticing any change.

In general I do feel as though there is still some uncertainty about how this will all be configured for our system (KNB) and for other similar systems that have been relying on our LDAP structure for many many years. The technical hurdles are less troublesome than the organizational/ID management decisions that need to be finalized at this point.

I've now included the equivalent identities (listed in the CILogon certs that contain SubjectInfo) as additional <owner> elements in the pathquery used during the "Open..." command. In theory, this should show the documents owned by the user (assuming the access permissions also all this via the mapping).

This is resolved in the sense that Morpho has been updated to search for packages that are owned by any of the equivalent identities. The other identity issues are being tracked in redmine: https://redmine.dataone.org/issues/3513

Original Bugzilla ID was 5864