[
https://issues.apache.org/jira/browse/ATLAS-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nigel Jones resolved ATLAS-1696.
--------------------------------
Resolution: Won't Do
Moved to odpi egeria - see
https://github.com/odpi/egeria/tree/master/open-metadata-implementation/access-services/governance-engine
> Governance Engine OMAS
> ----------------------
>
> Key: ATLAS-1696
> URL: https://issues.apache.org/jira/browse/ATLAS-1696
> Project: Atlas
> Issue Type: New Feature
> Reporter: Nigel Jones
> Assignee: Nigel Jones
> Priority: Major
> Labels: VirtualDataConnector
>
> Governance Engine OMAS is one of multiple consumer-centric based interfaces
> that will be added to Apache Atlas, & provides the API (REST and messaging)
> to support policy enforcement frameworks such as Apache Ranger. Detailed
> knowledge of the Atlas data models and structure can then be hidden from
> these consumers.
> The functionality of gaf includes
> - ability to retrieve classifications associated to assets
> - restricted to "interesting" classifications
> - restricted to interesting assets being managed by the requesting endpoint
> - to retrieve a list of interesting roles that relate to enforcement
> - to retrieve any template rule definitions/lookup tables that might be used
> to construct executable rules
> The scoping constructs supported in the API will include
> - Only get classifications that are relevant for security enforcement (ie:
> only those inheriting from a specified supertype? Verify in ATLAS-1839)
> - only get information about assets (resources) in a certain part of the
> datalake (Q: HOW. By zone? How to specify? by asset type? By associated
> endpoint?)
> - pagination
>
> See ATLAS-1839 for more information on the model and classifications
> In the Atlas data model classifications propagate - for example
> * An database column DOB has no explicit classification
> * It's containing table CDB is classified as "customer personal details"
> * The "SPI" classification is attached to this table with the value
> "sensitive"
> At enforcement time all that an engine such as ranger cares about is that the
> column "DOB" is sensitive, how we got there isn't important. In the example
> above the propogation occurs
> * Along the assigned term relationship
> * along the structural containment relationship (table->column)
> Therefore gaf omas will "flatten" the structure - so in this case we'll see
> table/CDB - SPI:sensitive
> column/DOB - SPI:sensitive
> There will be cases where multiple classifications (of the same type) can be
> navigated to from an asset like DOB. This may not make logical sense,
> however, Until precedence is resolved in ATLAS-1839 & related Jiras, OMAS
> will pass through multiple classifications
> This interface will also support message notifications of changes to managed
> resources such as a new role, classification. A single kafka topic will be
> used.
> <tbd>
> A first pass swagger can be found at
> https://app.swaggerhub.com/apis/planetf1/GovernanceActionOMAS/0.1
> NOTE: Updated 23 Aug with new name of GOVERNANCE ENGINE OMAS
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
