[ https://issues.apache.org/jira/browse/ATLAS-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16094861#comment-16094861 ]
Nigel Jones commented on ATLAS-1696: ------------------------------------ Glossary omas is being defined in https://issues.apache.org/jira/browse/ATLAS-1698 - the discussion includes some general discussion that would apply to all OMAS interfaces. Creating sub-tasks for review and implementation: > Governance Action Framework OMAS > -------------------------------- > > Key: ATLAS-1696 > URL: https://issues.apache.org/jira/browse/ATLAS-1696 > Project: Atlas > Issue Type: New Feature > Reporter: Nigel Jones > Assignee: Nigel Jones > Labels: VirtualDataConnector > > Governance Action OMAS is one of multiple consumer-centric based interfaces > that will be added to Apache Atlas, & provides the API (REST and messaging) > to support policy enforcement frameworks such as Apache Ranger. Detailed > knowledge of the Atlas data models and structure can then be hidden from > these consumers. > The functionality of gaf includes > - ability to retrieve classifications associated to assets > - restricted to "interesting" classifications > - restricted to interesting assets being managed by the requesting endpoint > - to retrieve a list of interesting roles that relate to enforcement > - to retrieve any template rule definitions/lookup tables that might be used > to construct executable rules > The scoping constructs supported in the API will include > - Only get classifications that are relevant for security enforcement (ie: > only those inheriting from a specified supertype? Verify in ATLAS-1839) > - only get information about assets (resources) in a certain part of the > datalake (Q: HOW. By zone? How to specify? by asset type? By associated > endpoint?) > - pagination > > See ATLAS-1839 for more information on the model and classifications > In the Atlas data model classifications propagate - for example > * An database column DOB has no explicit classification > * It's containing table CDB is classified as "customer personal details" > * The "SPI" classification is attached to this table with the value > "sensitive" > At enforcement time all that an engine such as ranger cares about is that the > column "DOB" is sensitive, how we got there isn't important. In the example > above the propogation occurs > * Along the assigned term relationship > * along the structural containment relationship (table->column) > Therefore gaf omas will "flatten" the structure - so in this case we'll see > table/CDB - SPI:sensitive > column/DOB - SPI:sensitive > There will be cases where multiple classifications (of the same type) can be > navigated to from an asset like DOB. This may not make logical sense, > however, Until precedence is resolved in ATLAS-1839 & related Jiras, OMAS > will pass through multiple classifications > This interface will also support message notifications of changes to managed > resources such as a new role, classification. A single kafka topic will be > used. > <tbd> > A first pass swagger can be found at > https://app.swaggerhub.com/apis/planetf1/GovernanceActionOMAS/0.1 -- This message was sent by Atlassian JIRA (v6.4.14#64029)