Dear Oliver, Thanks. I added this item into the wiki mentioned.
I have been working in OpenStack for more than 4 years and having good understanding of the OpenStack model for authentication/authorization. Hoping that my experience could be leveraged here. So can you please include me in the discussions around this topic. Thank you. Regards Kanagaraj M *************************************************************************************** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!************************************************************************************** *************************************************************************************** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *************************************************************************************** From: SPATSCHECK, OLIVER (OLIVER) [mailto:[email protected]] Sent: Friday, September 08, 2017 6:15 PM To: Kanagaraj Manickam; [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: Re: [onap-discuss] Importance of common auth service in this release Kanagaraj, we started collecting none functional requirements for the next release here: https://wiki.onap.org/display/DW/R2+proposals+for+Non-functional+requirements so they can be prioritized. Could you document your suggestion there? I do agree that our authentication/authorization setup needs some substantial thought to get to what is needed. I would try to address all of them with a consistent architecture so below is one part of that. Thx Oliver From: <[email protected]<mailto:[email protected]>> on behalf of Kanagaraj Manickam <[email protected]<mailto:[email protected]>> Date: Thursday, September 7, 2017 at 9:59 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [onap-discuss] Importance of common auth service in this release Dear TSC team, This mail is regarding the importance of common auth service in this release. please find more details below. In Onap 1.0, we are using the Portal user management feature with required role in place for user authentication and the REST API for every ONAP components are not published. so for end user, portal is the only access point and there was no need of common user management across services, which portal user management took care of it. But in Onap 1.1 (amesterdam) release, we have already published REST API for every components and we have now MSB to register all the ONAP components and get discovered by user or integration components. so now, user could discover and operate every onap componenet's feature by using the REST API with deafult user credentails published for every ONAP component. But when user operate the same feature via portal, (s)he should go thru the portal user authedication and authorization. so this scenario brings the inconsistency. In this scenario, I believe that we should be providing the common user authedication and authorization service across all ONAP components, simliar to OpenStack keystone service. And we are already having AAF to address this scenario. so Should we make AAF as mandatory component in amesterdam release and every onap components get aligned with it? Thanks. Regards Kanagaraj M
_______________________________________________ onap-discuss mailing list [email protected] https://lists.onap.org/mailman/listinfo/onap-discuss
