[
https://issues.apache.org/jira/browse/ATLAS-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16072640#comment-16072640
]
David Radley commented on ATLAS-1696:
-------------------------------------
[~jonesn] Some comments on the Swagger:
comments on the Swagger :
- how are we defining tags vs classifications. /v2/gaf/tags is the uri, but the
description is "Get all classifications". It is inconsistent.
- /v2/gaf/roles - get list of roles assigned to entities. I would think that
the endpoint should be assigned roles or return all the roles Atlas knows
about.
I suggest we do not mention Ranger in the API docs and keep the GAF
implementaton neutral.
> Governance Action Framework OMAS
> --------------------------------
>
> Key: ATLAS-1696
> URL: https://issues.apache.org/jira/browse/ATLAS-1696
> Project: Atlas
> Issue Type: New Feature
> Reporter: Nigel Jones
> Assignee: Nigel Jones
> Labels: VirtualDataConnector
>
> Governance Action OMAS is one of multiple consumer-centric based interfaces
> that will be added to Apache Atlas, & provides the API (REST and messaging)
> to support policy enforcement frameworks such as Apache Ranger. Detailed
> knowledge of the Atlas data models and structure can then be hidden from
> these consumers.
> The functionality of gaf includes
> - ability to retrieve classifications associated to assets
> - restricted to "interesting" classifications
> - restricted to interesting assets being managed by the requesting endpoint
> - to retrieve a list of interesting roles that relate to enforcement
> - to retrieve any template rule definitions/lookup tables that might be used
> to construct executable rules
> The scoping constructs supported in the API will include
> - Only get classifications that are relevant for security enforcement (ie:
> only those inheriting from a specified supertype? Verify in ATLAS-1839)
> - only get information about assets (resources) in a certain part of the
> datalake (Q: HOW. By zone? How to specify? by asset type? By associated
> endpoint?)
> - pagination
>
> See ATLAS-1839 for more information on the model and classifications
> In the Atlas data model classifications propagate - for example
> * An database column DOB has no explicit classification
> * It's containing table CDB is classified as "customer personal details"
> * The "SPI" classification is attached to this table with the value
> "sensitive"
> At enforcement time all that an engine such as ranger cares about is that the
> column "DOB" is sensitive, how we got there isn't important. In the example
> above the propogation occurs
> * Along the assigned term relationship
> * along the structural containment relationship (table->column)
> Therefore gaf omas will "flatten" the structure - so in this case we'll see
> table/CDB - SPI:sensitive
> column/DOB - SPI:sensitive
> There will be cases where multiple classifications (of the same type) can be
> navigated to from an asset like DOB. This may not make logical sense,
> however, Until precedence is resolved in ATLAS-1839 & related Jiras, OMAS
> will pass through multiple classifications
> This interface will also support message notifications of changes to managed
> resources such as a new role, classification. A single kafka topic will be
> used.
> <tbd>
> A first pass swagger can be found at
> https://app.swaggerhub.com/apis/planetf1/GovernanceActionOMAS/0.1
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
