USER_CHAIN is a HTTP Header, as you have listed,
“USER_CHAIN” is our the standard for AAF at AT&T. name for the Property Tag
The format is a comma delimited set of entries:
<ENTRY1>,<ENTRY2>…
Within each Entry ENTRY, there are at least 23, but up to 4 fields delimited by colon ‘:’
Field 1: FQI (Fully Qualified Identity)
Field 2: Component name (Component isn’t an official entry in NS, but should start with NS). It is primarily for logging.
Field 3: Protocol (BAth, OAth and x509 are
...
best practice). These should be no more than 4 chars long for logging consistency.
Field 4 (Optional): Request (If Field 3 exists, and is “AS”, then the calling services is requesting that the Identity be treated as the official Identity
...
example
USER_CHAIN=m99999@myapp.onap.org:org.onap.myapp.gui:x509:AS,m00000@something.onap.org:org.onap.myapp.entrypoint:BAth
...
Note: The app itself may not choose to honor the “AS” request, because it is up to the App to decide which incoming Apps it actually trusts to do correct Authentication.
If using CADI, set the “cadi_trust_perm” value with the Permission which THE APP WILL GRANT trust.
Example:
Where "org.onap.myapp" is the NS of the group adding.
cadi_trust_perm=org.onap.myapp.mytrust|org.onap|trust
APP B, having set this perm, can then grant this perm to the APP A if it chooses to trust the “AS” request on the first entry.
...