Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Provisioning for Message Router Clients

The provisioning of Authenticated Topics and the subsequent publish/subscribe actions on that Authenticated Topic rely on the proper AAF Permissions to be granted to various Identities.

The following Identities are referenced:

IdentityMR - the AAF Identity used by Message Router to access AAF and perform authorization checks.

IdentityTopicMgr - the AAF Identity used by Bus Controller to access AAF and create Permissions and Roles, and grant those Permissions to Roles and Identities.

IdentityPub - the AAF Identity used by the publisher of the Topic when accessing the MR API.  The fully qualified Identity typically belongs to a namespace related to the application.  i.e. IdentityPub@NamespacePub

IdentitySub - the AAF Identity used by the subscriber of the Topic when accessing the MR API.  The fully qualified Identity typically belongs to a namespace related to the application.  i.e. IdentitySub@NamespaceSub

Pre-requisites:

  • Identities created in AAF
  • Credentials for Identities available in kubernetes values  (probably as Secrets)
  • IdentityTopicMgr has access permission granted for all Application Namespaces


Gliffy
namedgl2
pagePin23

Provisioning for Data Router Clients

...