This page explains the bwIDM entitlements required to use bwCloud-OS and their impact on access, resources, and operating rules. Entitlements are currently under revision and might change soon.

Every member of a higher education institution in Baden-Württemberg (university, college, PH, HAW, etc.)has a personal account for accessing the IT services provided by their institution. If the institution participates in the federated identity management system bwIDM, its members can also apply for additional IT services offered by other participating institutions.

To allow external IT services to identify users, certain personal data is transmitted during registration and/or use of the service. Federated identity management ensures, through a model of mutual trust, that the external service can verify the user’s affiliation with their institution — confirming that the account is valid and the user is officially recognized. Within the bwIDM Federation, participating institutions have agreed on a minimum set of personal data that is transmitted to external IT services. This includes standard attributes such as eduPersonPrincipalName, mail, and givenName.

Some services, however, require additional information — for example, whether a user’s home institution is authorized to access a particular external service. This is handled through the assignment of special attributes, such as eduPersonEntitlement, to the user's account.

To access and use bwCloud-OS, you need a valid bwCloud entitlement. A detailed overview of the current entitlement regulations can be found here.

Note: The specific bwCloud-OS entitlements are currently under review and may be subject to change.

To find out which Entitlements are linked to an account, you can for example log into the "RegApp". When logging into a RegApp, an overview of the data to be transmitted is displayed. This overview also includes the supplied Entitlements (see screenshot).

The assignment of the entitlement is the sole responsibility of the respective home institiution. The bwCloud-OS team cannot add or remove entitlements to user accounts! In this case, please contact the central IT service department (computer center, IT service center, service center, ...) and request the assignment of the desired entitlement.

bwCloud-OS currently consists of four different operating sites = regions, which can be selected and administered via a common interface (dashboard). Each of the four operating sites acts as an independent region. This means: running instances in the Mannheim region receive an IP address according to the configuration of the Mannheim region. The IP address is specific to Mannheim and cannot move to another region. The region selection can be changed as described here.

Each user in the bwCloud-OS is initially assigned a home region during the setup. For users from the four operating locations this assignment is of course trivial. For users from other locations we have oriented ourselves to the network topology of the BelWü. The goal of the current assignment is the shortest possible connection of the respective location to one of our operating sites.

For users, the assignment is usually not relevant. A table with the assignment can be found here.

In the left half of the top navigation bar in the dashboard you can click on a drop-down menu to display the regions. The currently selected region is marked with a tick. A click on the respective region switches there.