AAA concept

Owned by Herbert Eiselt
Last updated: Jan 30, 2020
1 min read

In Frankfurt Authorization and Authentication are implemented. Accounting is not considered.

Related to: 

SDNC-880: Extend and adapt SDN-R provider componentsClosed

SDNC-897: SDN-R integration into ONAP authentication/authorization frameworkClosed

Components referring to disaggregated Frankurt SDNR architecture

  • SDNC/OAM/SDNR

  • SDNRDB

  • SDNRWEB

Authentication of SDNC/OAM/SDNR client with

  • SDNR → DMaaP/DCAE

  • SDNR → SDNRDB

Authorization between containers

  • password only or

  • certificated base for client side authentication 

Questions are

  • How to provide password/certs?

  • Using: Kubernetes Secrets?

  • How to handle passwords inside container

    1. Hand over Kubernetes into container 

    2. Hand over inside container to karaf/odl  

  • File or environment variable?



Server/Component

supported auth method

comments

Server/Component

supported auth method

comments

SDNC(Opendaylight)

basic auth (username,password)
token based auth
ssl client cert?



SDNC-Web (nginx)

basic auth
ssl client cert



SDNC-database (elasticsearch+nginx)

basic auth
ssl client cert



DMaaP Message Router

basic auth (HTTP)

auth key (HTTP_AUTHKEY)



AAI





DCAE



not important for us, only for devices