[ https://issues.apache.org/jira/browse/ATLAS-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nigel Jones resolved ATLAS-1696. -------------------------------- Resolution: Won't Do Moved to odpi egeria - see https://github.com/odpi/egeria/tree/master/open-metadata-implementation/access-services/governance-engine > Governance Engine OMAS > ---------------------- > > Key: ATLAS-1696 > URL: https://issues.apache.org/jira/browse/ATLAS-1696 > Project: Atlas > Issue Type: New Feature > Reporter: Nigel Jones > Assignee: Nigel Jones > Priority: Major > Labels: VirtualDataConnector > > Governance Engine OMAS is one of multiple consumer-centric based interfaces > that will be added to Apache Atlas, & provides the API (REST and messaging) > to support policy enforcement frameworks such as Apache Ranger. Detailed > knowledge of the Atlas data models and structure can then be hidden from > these consumers. > The functionality of gaf includes > - ability to retrieve classifications associated to assets > - restricted to "interesting" classifications > - restricted to interesting assets being managed by the requesting endpoint > - to retrieve a list of interesting roles that relate to enforcement > - to retrieve any template rule definitions/lookup tables that might be used > to construct executable rules > The scoping constructs supported in the API will include > - Only get classifications that are relevant for security enforcement (ie: > only those inheriting from a specified supertype? Verify in ATLAS-1839) > - only get information about assets (resources) in a certain part of the > datalake (Q: HOW. By zone? How to specify? by asset type? By associated > endpoint?) > - pagination > > See ATLAS-1839 for more information on the model and classifications > In the Atlas data model classifications propagate - for example > * An database column DOB has no explicit classification > * It's containing table CDB is classified as "customer personal details" > * The "SPI" classification is attached to this table with the value > "sensitive" > At enforcement time all that an engine such as ranger cares about is that the > column "DOB" is sensitive, how we got there isn't important. In the example > above the propogation occurs > * Along the assigned term relationship > * along the structural containment relationship (table->column) > Therefore gaf omas will "flatten" the structure - so in this case we'll see > table/CDB - SPI:sensitive > column/DOB - SPI:sensitive > There will be cases where multiple classifications (of the same type) can be > navigated to from an asset like DOB. This may not make logical sense, > however, Until precedence is resolved in ATLAS-1839 & related Jiras, OMAS > will pass through multiple classifications > This interface will also support message notifications of changes to managed > resources such as a new role, classification. A single kafka topic will be > used. > <tbd> > A first pass swagger can be found at > https://app.swaggerhub.com/apis/planetf1/GovernanceActionOMAS/0.1 > NOTE: Updated 23 Aug with new name of GOVERNANCE ENGINE OMAS -- This message was sent by Atlassian JIRA (v7.6.3#76005)