blob: 3b903c24df1003eb8150c09ee2e9be590b1f7e24 [file] [log] [blame]
sg481nfaf7f2d2017-09-22 17:17:23 +00001.. This work is licensed under a Creative Commons Attribution 4.0 International License.
2.. http://creativecommons.org/licenses/by/4.0
3.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
4
sg481na9d21082017-09-23 14:26:06 +00005AAF - Application Authorization Framework
sg481nfaf7f2d2017-09-22 17:17:23 +00006==================================================
7.. The purpose of AAF (Application Authorization Framework) is to organize software authorizations so that applications, tools and services can match the access needed to perform job functions.
8
9AAF is designed to cover Fine-Grained Authorization, meaning that the Authorizations provided are able to used an Application's detailed authorizations, such as whether a user may be on a particular page, or has access to a particular Pub-SUB topic controlled within the App.
10
11This is a critical function for Cloud environments, as Services need to be able to be installed and running in a very short time, and should not be encumbered with local configurations of Users, Permissions and Passwords.
12
13To be effective during a computer transaction, Security must not only be secure, but very fast. Given that each transaction must be checked and validated for Authorization and Authentication, it is critical that all elements on this path perform optimally.
14
15
Instrumentalbbe71542018-05-25 12:29:38 -050016Sections
17++++++++
sg481nfaf7f2d2017-09-22 17:17:23 +000018
19.. toctree::
Instrumental91a983a2018-05-25 13:27:54 -050020 :maxdepth: 1
Instrumentalbbe71542018-05-25 12:29:38 -050021 :glob:
22
Instrumental91a983a2018-05-25 13:27:54 -050023 sections/architecture/index
24 sections/installation/index
25 sections/configuration/index
26 sections/logging
27 sections/release-notes
sg481nfaf7f2d2017-09-22 17:17:23 +000028
29Introduction
30------------
31AAF contains some elements of Role Based Authorization, but includes Attribute Based Authorization elements as well.
32
sg481n2bc35382017-09-23 15:50:15 +000033|image0|
34
Instrumental79c5df52018-05-25 20:54:35 -050035.. |image0| image:: sections/architecture/images/aaf-object-model.jpg
sg481n2bc35382017-09-23 15:50:15 +000036 :height: 600px
37 :width: 800px
sg481nfaf7f2d2017-09-22 17:17:23 +000038
39
40Essential Components
41--------------------
42The core component to deliver this Enterprise Access is a RESTful service, with runtime instances registered in a Cloud Directory (DME2) and backed by a resilient Datastore (Cassandra as of release 1.3)
43
44The Data is managed by RESTful API, with Admin functions supplemented by Character Based User interface and certain GUI elements.
45
46-The Service accessible by provided Caching Clients and by specialized plugins
47
48-CADI (A Framework for providing Enterprise Class Authentication and Authorization with minimal configuration to Containers and Standalone Services)
49
50-Cassandra (GRID Core)