Versions Compared

Old Version 17

changes.mady.by.user Gildas Lanilis Gmail

Saved on

compared with

New Version 18

changes.mady.by.user Jonathan Gathman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

What is this release trying to address?

AAF trying to address the secured communication threw certificate management & token based Authentication,AuthorizationBeijing established enhanced capabilities and components, built in ONAP methodologies and instantiating with ONAP defined deployment strategies.  In Casablanca, the goal is to enable AAF to provide these capabilities as infrastructure utilized by ONAP entities by establishing Authenticated and Authorization Development and Deployment of ONAP Test environments, as well as being a tool for groups to deploy.  The special emphasis for Casablanca is to unify the x509 Trust Structures, allowing both real-time and development-time communications to be 2-way x509 wherever possible, and to establish easy-to-deploy security credentials for ONAP Components and People.

Use Cases

The existing Beijing use cases are still going to be supported 

Minimum Viable Product

The minimum viable product we are targeting is  integrating AAF  with multiple ONAP applications and perform secured transactions. using CA.supported.

AAF Team will provide an ONAP focused CADI Client in Java to make App-to-App communications consistent.

AAF Team will provide a standard "Authz Enforcement Point" in Java both for realtime Authorization of Access, but also as a stepping point to longer term security goals and improvements.

AAF Team will start the process of researching and creating a CADI Client in Python

AAF Team will start the process of researching an "Authz Enforcement Point" in Python

AAF Team will continue to improve its standing as a security component within ONAP by adhering and improving on ONAP measures.

Minimum Viable Product

AAF is already a Viable Product as of Beijing.  Casablanca is focused on allowing ONAP Apps to utilize AAF for their Authentication and Authorization needs both in terms of Development, but also Realtime modes.

Functionalities

List the functionalities that this release is committing to deliver by providing a link to JIRA Epics and Stories. In the JIRA Priority field, specify the priority (either High, Medium, Low). The priority will be used in case de-scoping is required. Don't assign High priority to all functionalities.

...

Deliverable Name

Deliverable Description

AAF integration with Appc

AAF Git repository
AAF source codeAAF Git repository
AAF libraryONAP Nexus repository
AAF API descriptionONAP wiki
AAF Release NotesONAP wiki
AAF DocumentationAAF Git repository

Sub-Components

AAF already delivers

  1. AAF Service
  2. AAF Location
  3. AAF OAuth2
  4. AAF GUI
  5. AAF Certificate Manger
  6. AAF FS (File server for public component access)
  7. AAF Hello - OAuth2 testable Service, for helping developers learn.
  8. CADI Framework (Clients and tools)
  9. CMAgent - Certificate Deployment Tool


These will be improved upon in the context of ONAP.

Architecture

High level architecture diagram

...

  • List the API this project is expecting from other projects.
    Prior to Release Planning review, Team Leads must agreed on the date by which the API will be fully defined. The API Delivery date must not be later than the release API Freeze date.

    Prior to the delivery date, it is a good practice to organize an API review with the API consumers.


    Note: AAF is a resource to other ONAP components

    API Name

    API Description

    API Definition Date

    API Delivery date

    API Definition link (i.e.swagger)

    NoneNoneNoneNoneNone


    Required elements of Environment:

       Certificate Authority (AAF currently accesses with SCEP).  It is expected that EVERY organization will have one.

       DNS - TLS protocols require a DNS to validate FQDI.  it is expected that EVERY organization will have one.

       Organizational information to establish hierarchy for Authorization (think ILM or Organizational Hierarchy, minimally expressed a file, but better if tied to Organizations' internals.

    API Outgoing Dependencies

  • API this project is delivering to other projects.

    API Name

    API Description

    API Definition Date

    API Delivery date

    API Definition link (i.e.swagger)

    ProvisiningProvisioningAPI for creating,deleting and listing the administrative objects (exists)Aug 02 2017March 08 2018AAF API
    Admin APIAPI for the admin access (exists)Aug 02 2017March 08 2018AAF API
    CADICADI ( CODE ACCESS DATA IDENTITY)Aug 02 2017March 08 2018AAF API





    Third Party Products Dependencies

    Third Party Products mean products that are mandatory to provide services for your components. Development of new functionality in third party product may or not be expected.
    List the Third Party Products (OpenStack, ODL, RabbitMQ, ElasticSearch,Crystal Reports, ...).

    Name

    Description

    Version




    DockerContainer engine1.7
    Cassandradatabase container3.11



    In case there are specific dependencies  (Centos 7 vs Ubuntu 16. Etc.) list them as well.

    Testing and Integration Plans

    1. Unit test: Unit tests has at least 50% code coverage.
    2. Functional test: Leverage the robot framework infrastructure to provide the functional test.
    3. Integration test: Support integration team to provide the end to end integration test.
    4. All the above should be automation tests run on the LF Jenkins Infrastructure.

...