...
3. Component Description: (IN PROGRESS)
A more detailed figure and description of the component.
<< For later inclusion >>Code Access Data Identity (CADI) is a client framework included in a web GUI or API that invokes AAF to provide AAF authentication and authorization services to containers and standalone services.
- Authenticate with one or more Authentication Protocols
- Authorize in a FINE-GRAINED manner using AAF Components
- CADI has three types of clients
- CADI AAF TAF (J2EE) - integrates with a web GUI
- CADI AAF TAF (J2EE Filter) - integrates with a REST API
- CADI AAF TAF (Java Client) - integrates with a database
AAF Service - TBD
AAF Cassandra Database - TBD
Certificate Manager (CertMan) - provides CA services (X.509 certificate generation/renewal, root and intermediate cert delivery), secure key pair generation, and keystore creation and delivery to applications. CertMan can also integrate with an external CA that supports the Simple Certificate Enrollment Protocol (SCEP).
- Browser client goes to GUI using for instance SSO plugin or Basic Auth
- App authenticates to App Service API using x509 or Basic Auth or OAuth
- CADI Filter (CADI AAF TAF) coverts credential to “Principal”. If not in cache, AAF is contacted for Permissions protecting GUI with Service ID/Credential (ApplicationID/Pass or X.509 Client Cert (preferred)).
- AAF does provide User/Password features, or can be delegated to other credential service via Plugin
- If information is not in Service Cache, AAF’s DB is contacted using AAF Service ID/Credential.
- Client App uses Permission Attributes delivered by AAF/AAF Cache for protecting data/functions (using J2EE method).
- If not in Cache, Client contacts App Service, using App ID/Credential.
- CADI Filter converts App ID/Credential to Principal. If not in cache, contacts with AAF (with App ID/Credential) for Permissions of Client.
- App protects data based on Client Permissions.
- Component contacts next layer using Service ID/Credential.
- If ID or Permissions of AppServer are not in Cache, contact AAF using AAF Security Plugin for Cassandra, which uses AAF Java Client.
- Cassandra protects Cluster/Keyspace/ColumnFamily w/Permissions.
4. known system limitations: (IN PROGRESS)
Runtime: None
Clamp data redundancy is dependent on Kubernetes and the persistent volume.
Clamp application redundancy HA relies on Kubernetes
5. Used Models: (N/A)
6. System Deployment Architecture: (IN PROGRESS)
...