Overview

Provide simple user management. 

• User groups : admin, configure, read
• Authentication and authorization
• Choose existing identity provider:
  • User management
  • OAuth 2.0 token (key)

Standards

• OpenID (https://en.wikipedia.org/wiki/OpenID)
• OpenID Connect (https://en.wikipedia.org/wiki/OpenID_Connect)
• OAuth 2.0  (https://en.wikipedia.org/wiki/OAuth)

Identityprovider

• ory/hydra
  • github https://github.com/ory/hydra
  • as docker https://hub.docker.com/r/oryd/hydra/
• ory/kratos
  • github https://github.com/ory/kratos
  • as docker https://hub.docker.com/r/oryd/kratos
  • Quickstart: https://www.youtube.com/watch?v=5t1Zr_zJc7E

User setting

• server can store a provide a user specific data record
  • username is key for the record
  • Should be JSON
  • data-provider has get and set method
  • Specified via yang
• User groups

Features to be managed

• Applications (use, read)
  • all
•  Configurations
  • mountpoint
  • config app
  • maintenance

Work split

• Acting components
  • User
  • Identification provider
  • ODLUX Client
  • SDN-R server
• Identity provider
  • authentication 
  • providing key for registered users indicating level of rights (group)
  • https://github.com/ory/kratos
• SDN-R Server
  • data-provider
    • Provide list of authentication providers to ODLUX Client
    • Provide internal group for user to ODLUX Client
    • CCSDK bundles
      • do authorization on URL level
      • shiro V1.3.2 of ODL Aluminium (https://github.com/apache/shiro)
        • aaf-cadi (https://github.com/onap/aaf-cadi)
          • → OauthV2TokenRealm required
• ODLUX Client
  • authorization for GUI
  • Use list of identity providers to offer login
  • Get key with identity and group of user from identity provider into ODLUX Userspace
  • Get SDN-R User group from server
  • User user group to enable/disable functions in ODLUX GUI