blob: ee4eef0eec7e042dd2081ae0ba80a34974e0e555 [file] [log] [blame]
sg481nfaf7f2d2017-09-22 17:17:23 +00001.. This work is licensed under a Creative Commons Attribution 4.0 International License.
2.. http://creativecommons.org/licenses/by/4.0
3.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
4
sg481na9d21082017-09-23 14:26:06 +00005AAF - Application Authorization Framework
sg481nfaf7f2d2017-09-22 17:17:23 +00006==================================================
7.. The purpose of AAF (Application Authorization Framework) is to organize software authorizations so that applications, tools and services can match the access needed to perform job functions.
8
9AAF is designed to cover Fine-Grained Authorization, meaning that the Authorizations provided are able to used an Application's detailed authorizations, such as whether a user may be on a particular page, or has access to a particular Pub-SUB topic controlled within the App.
10
11This is a critical function for Cloud environments, as Services need to be able to be installed and running in a very short time, and should not be encumbered with local configurations of Users, Permissions and Passwords.
12
13To be effective during a computer transaction, Security must not only be secure, but very fast. Given that each transaction must be checked and validated for Authorization and Authentication, it is critical that all elements on this path perform optimally.
14
15
Instrumentalbbe71542018-05-25 12:29:38 -050016Sections
17++++++++
sg481nfaf7f2d2017-09-22 17:17:23 +000018
19.. toctree::
Instrumentalbbe71542018-05-25 12:29:38 -050020 :maxdepth: 2
21 :glob:
22
23 sections/*
Sai Gandhamd67a9de2018-05-25 15:48:11 +000024
sg481nfaf7f2d2017-09-22 17:17:23 +000025
26Introduction
27------------
28AAF contains some elements of Role Based Authorization, but includes Attribute Based Authorization elements as well.
29
sg481n2bc35382017-09-23 15:50:15 +000030|image0|
31
Instrumentalbbe71542018-05-25 12:29:38 -050032.. |image0| image:: images/aaf-object-model.jpg
sg481n2bc35382017-09-23 15:50:15 +000033 :height: 600px
34 :width: 800px
sg481nfaf7f2d2017-09-22 17:17:23 +000035
36
37Essential Components
38--------------------
39The core component to deliver this Enterprise Access is a RESTful service, with runtime instances registered in a Cloud Directory (DME2) and backed by a resilient Datastore (Cassandra as of release 1.3)
40
41The Data is managed by RESTful API, with Admin functions supplemented by Character Based User interface and certain GUI elements.
42
43-The Service accessible by provided Caching Clients and by specialized plugins
44
45-CADI (A Framework for providing Enterprise Class Authentication and Authorization with minimal configuration to Containers and Standalone Services)
46
47-Cassandra (GRID Core)