blob: f31f7ceea84a8c4a79a0c3fe3619ebb5f24348c5 [file] [log] [blame]
sg481nfaf7f2d2017-09-22 17:17:23 +00001.. This work is licensed under a Creative Commons Attribution 4.0 International License.
2.. http://creativecommons.org/licenses/by/4.0
3.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
4
sg481na9d21082017-09-23 14:26:06 +00005AAF - Application Authorization Framework
sg481nfaf7f2d2017-09-22 17:17:23 +00006==================================================
7.. The purpose of AAF (Application Authorization Framework) is to organize software authorizations so that applications, tools and services can match the access needed to perform job functions.
8
9AAF is designed to cover Fine-Grained Authorization, meaning that the Authorizations provided are able to used an Application's detailed authorizations, such as whether a user may be on a particular page, or has access to a particular Pub-SUB topic controlled within the App.
10
11This is a critical function for Cloud environments, as Services need to be able to be installed and running in a very short time, and should not be encumbered with local configurations of Users, Permissions and Passwords.
12
13To be effective during a computer transaction, Security must not only be secure, but very fast. Given that each transaction must be checked and validated for Authorization and Authentication, it is critical that all elements on this path perform optimally.
14
15
Instrumentalbbe71542018-05-25 12:29:38 -050016Sections
17++++++++
sg481nfaf7f2d2017-09-22 17:17:23 +000018
19.. toctree::
Instrumental91a983a2018-05-25 13:27:54 -050020 :maxdepth: 1
Instrumentalbbe71542018-05-25 12:29:38 -050021 :glob:
22
Instrumental91a983a2018-05-25 13:27:54 -050023 sections/architecture/index
24 sections/installation/index
25 sections/configuration/index
Instrumental647c1c32018-07-23 16:35:19 -050026 sections/development/index
Instrumental91a983a2018-05-25 13:27:54 -050027 sections/logging
28 sections/release-notes
sg481nfaf7f2d2017-09-22 17:17:23 +000029
30Introduction
31------------
32AAF contains some elements of Role Based Authorization, but includes Attribute Based Authorization elements as well.
33
sg481n2bc35382017-09-23 15:50:15 +000034|image0|
35
Instrumental79c5df52018-05-25 20:54:35 -050036.. |image0| image:: sections/architecture/images/aaf-object-model.jpg
sg481n2bc35382017-09-23 15:50:15 +000037 :height: 600px
38 :width: 800px
sg481nfaf7f2d2017-09-22 17:17:23 +000039
40
41Essential Components
42--------------------
43The core component to deliver this Enterprise Access is a RESTful service, with runtime instances registered in a Cloud Directory (DME2) and backed by a resilient Datastore (Cassandra as of release 1.3)
44
45The Data is managed by RESTful API, with Admin functions supplemented by Character Based User interface and certain GUI elements.
46
47-The Service accessible by provided Caching Clients and by specialized plugins
48
49-CADI (A Framework for providing Enterprise Class Authentication and Authorization with minimal configuration to Containers and Standalone Services)
50
51-Cassandra (GRID Core)