blob: 6f90b14606047c272cc2e0a07b2ab0faa67a7fb9 [file] [log] [blame]
sg481nfaf7f2d2017-09-22 17:17:23 +00001.. This work is licensed under a Creative Commons Attribution 4.0 International License.
2.. http://creativecommons.org/licenses/by/4.0
3.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
4
5AAF - Application Authorization FrameworK
6==================================================
7.. The purpose of AAF (Application Authorization Framework) is to organize software authorizations so that applications, tools and services can match the access needed to perform job functions.
8
9AAF is designed to cover Fine-Grained Authorization, meaning that the Authorizations provided are able to used an Application's detailed authorizations, such as whether a user may be on a particular page, or has access to a particular Pub-SUB topic controlled within the App.
10
11This is a critical function for Cloud environments, as Services need to be able to be installed and running in a very short time, and should not be encumbered with local configurations of Users, Permissions and Passwords.
12
13To be effective during a computer transaction, Security must not only be secure, but very fast. Given that each transaction must be checked and validated for Authorization and Authentication, it is critical that all elements on this path perform optimally.
14
15
16
17.. toctree::
18 :maxdepth: 1
19
20
21Introduction
22------------
23AAF contains some elements of Role Based Authorization, but includes Attribute Based Authorization elements as well.
24
25.. image:: aaf-om.jpeg
26 :height: 600 px
27 :width: 800 px
28 :scale: 100 %
29 :alt: AAF highlevel Object Model
30 :align: center
31
32
33Essential Components
34--------------------
35The core component to deliver this Enterprise Access is a RESTful service, with runtime instances registered in a Cloud Directory (DME2) and backed by a resilient Datastore (Cassandra as of release 1.3)
36
37The Data is managed by RESTful API, with Admin functions supplemented by Character Based User interface and certain GUI elements.
38
39-The Service accessible by provided Caching Clients and by specialized plugins
40
41-CADI (A Framework for providing Enterprise Class Authentication and Authorization with minimal configuration to Containers and Standalone Services)
42
43-Cassandra (GRID Core)
44
45-Hadoop Plugin (a plugin via Hadoop Group Mapper mechanism)