Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kirill Lukashin and IBM Montreal

Published by材 折 Modified over 5 years ago

Similar presentations

Presentation on theme: "Kirill Lukashin and IBM Montreal"— Presentation transcript:

1 Kirill Lukashin and IBM Montreal
Controller Design Studio – Architecture & Design for integration with AAF Draft version Kirill Lukashin and IBM Montreal Dec, 2018

2 Agenda What is AAF CDS-AAF Common Architecture
CDS-AAF integration DesignTime Flow CDS-AAF Integration Runtime Flow Roles/Permissions/Resources Impact on Controller Blueprint Archive (CBA)

3 What is AAF? AAF stands for “Application Auth Framework”
Originally “Auth” was “Authorization”, but now supports implementations for Authentication Authorization AAF consists of CADI Framework - a library used by services to: Authenticate with one or more Authentication Protocols Authorize in a FINE-GRAINED manner using AAF Components AAF Components – RESTful Services: Service (primary) – All the Authorization information Locate – how to find ANY OR ALL AAF instances across any geographic distribution OAuth 2.0 – new component providing Tokens and Introspection GUI – Tool to view and manage Authorization Information, and create Credentials Certman – Certificate Manger, create and renew X509 with Fine-Grained Identity FS – File Server to provide access to distributable elements (like well known certs) Hello - Test your client access (certs, OAuth 2.0, etc) Cassandra as global replicating Data Store

4 Support for secure call UI to Backend
Use TLS for Encryption, and CADI Framework/AAF Services to do Authorization!

5 Real time Authorization Process

6 AAF Capabilities for Developers
Self-Serve AAF Functions for Developers Applications get a “Namespace” in AAF Example “org.onap.cds” Create Credentials for their App x509 Client Certificate or User/Password (Basic Auth) Create a Server Certificate (so service can be HTTP/S TLS) Can use the x509 Client Certificate, assuming all clients trust its Certificate Authority Create “Permissions” representing what they want to protect Code to those Permissions

7 CDS – AAF Common Architecture
A&AI MS Policy Networks / VNFs / Devices DmaaP Consumer Blueprint Processor Platform Device Components DMaaP Producer Capability Components Directed Graph Rest Adapters DB Controller Design Studio MS Controller Blueprints MS CB DB BP DB CDS DB User/password validation Obtain Permissions

8 Controller Design Time
Certified/Approval to trigger CSAR Package with CBA content Distribution via SDC DMAAP Interface User/password validation/or oAuth Controller Design Studio GUI AAF SDC Integrated User Experience Retrieve permissions to manage CBA files CDS APP Ext using iframe Controller blueprint ms Controller Persona Run Time SDC Design Catalog Controller Blueprint Instances SDC Upload/Download Self-Service Design Environment Self-Service Test Runtime Environment

9 Post Instantiation Controller Run Time
SO POLICY AAF DMaaP Bus Check permissions to access resource Data Sources A&AI MD-SAL Database Network Content Runtime Catalog (Certified Models & Design Artifacts) Controller Persona API Resource Resolution mS SDC Design Catalog DMaaP Bus Subscribe API Template Meshing mS CSAR Package Controller Blueprint Archive Approved Artifacts

10 Affected Tasks CDS UI Using loopback.io framework CDS Backend – Controller Blueprint Ms, Blueprint Processor Ms Implement AAF for Swagger Implement AAF for Webflux

11 Affected Data Flows -> See Roles
1A. User registers Model Types, & Reusable Dictionaries 2A. User create CBA file Component Executor Self Service Rest API DmaaP CBA Listener Publisher BP MS Directed Graph Resource Resolution Python Ansible Netconf Restconf Groovy 3C.Consume CBA file 3D.Persist CBA file 4B.Retrieve CBA file 4C.Execute CBA 4E.Execute CBA Components 4D.Get CBA 4F.Return Self Service Response 4G.Publish Response Controller Design Studio Controller Blueprints Microservice CB DB GIT MAVEN 1B. Jenkins Builds and Deploy to Maven Repo 1C. Auto load Model Types, & Reusable Dictionaries 2B. Enrich, Validate CBA file 1D. Store SDC 2D.Test CBA file 2C.Test Deploy CBA file 3A.Store CBA file 3B.Publish CBA file 4H.Consume SO 4A.Send Request DMaaP Blueprint Processor Platform

12 Functional Decomposition – Interaction with AAF Ms
Artifact Management(Blue Prints, Model Type, Resource Definitions) Enrichment( Model Types/ Resource Definition) Validation( Model Types/ Resource Definition) CDS Frontend/UI MS Spring Boot 2.1 CDS UI/ Client Controller Blue Prints Studio MS Angular / Browser Http / Websocket Webflux Http / GRPC CDS UI / Server Webflux Http / GRPC Spring Boot Loopback4 / Nodejs Process Resource Resolution Network Communication Webflux Http / GRPC Blue Prints Processor MS Proxy Artifact Management(Blue Prints, Model Type, Resource Definitions) Proxy Enhancement and Enrichment User Event Management User Access Control Management. AAF MS

13 AAF Entities to be defined for CDS
Roles Resources Permissions

14 Roles Role Class Description CBAdmin
org.onap.sdnc.controllerblueprints.admin Design time tasks CBDesigner org.onap.sdnc.controllerblueprints.designer Desing time tasks CBOwner org.onap.sdnc.controllerblueprints.owner BPAdmin org.onap.sdnc.blueprintsprocessor.admin Run time tasks BPDesigner org.onap.sdnc.blueprintsprocessor.designer BP<ServiceName>Owner org.onap.sdnc.controllerblueprints.<ServiceName>.owner

15 Permissions all access for management
Role Description all access for management CBAdmin Design the blue prints Model Types and Node Types CBDesigner Design the blue prints Model Types and Node Types and Blueprint Create CBOwner All access for management BPAdmin Has Upload BluePrint/Download Access BPDesigner Has execute permission blueprint processor API BP<ServiceName>Owner

16 Resources Resources Type Description
Blue prints, Model Types, Resource Definitions file Model Artifacts DG process Workflows Data Dictionary DB Resource mapping rules

17 Open questions? Which Authentication protocols to use?
Any modifications on AAF side to support CDS needs?

18 Controller Blueprints Archive(CBA) Format
Controller Blueprints definitions file. Formats : .json Definition Application properties or environment properties file. Formats: .properties Configuration Flow Definitions files, such as directed graph, dataflow dsl, etc. Formats: .json, .xml Plans Executions scripts used during flows. Formats: .py, .js, .groovy Scripts Templates used duting processing. Format: .vtl Templates Resource Dictionaries, used during processing. Format: .json Dictionary Data Dictionary File Format : .json Mappings Add AFF specific configuration? .cba

19 Thank You

Download ppt "Kirill Lukashin and IBM Montreal"

Similar presentations

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (http://lead.ou.edu)

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (
Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.
Peoplesoft: Building and Consuming Web Services

Peoplesoft: Building and Consuming Web Services
Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Talend 5.4 Architecture Adam Pemble Talend Professional Services.
Creation of hybrid portlet application for file download using IBM Worklight and IBM Rational Application Developer v9 Gaurav Bhattacharjee Lakshmi Priya.

Creation of hybrid portlet application for file download using IBM Worklight and IBM Rational Application Developer v9 Gaurav Bhattacharjee Lakshmi Priya.
Windows.Net Programming Series Preview. Course Schedule - 2014 CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
A Scalable Application Architecture for composing News Portals on the Internet Serpil TOK, Zeki BAYRAM. Eastern MediterraneanUniversity Famagusta Famagusta.

A Scalable Application Architecture for composing News Portals on the Internet Serpil TOK, Zeki BAYRAM. Eastern MediterraneanUniversity Famagusta Famagusta.
Digital Object Architecture

Digital Object Architecture
Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy

Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy
Secure Credential Manager Claes Nilsson - Sony Ericsson 2009-12-15.

Secure Credential Manager Claes Nilsson - Sony Ericsson
Tony Goodhew Product Planner DEV328.

Tony Goodhew Product Planner DEV328.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.

EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.
Securing Angular Apps Brian Noyes

Securing Angular Apps Brian Noyes
Welcome to Azure App Services! Amie Seisay

Welcome to Azure App Services! Amie Seisay
UNDERSTANDING YOUR OPTIONS FOR CLIENT-SIDE DEVELOPMENT IN OFFICE 365 Mark Rackley

UNDERSTANDING YOUR OPTIONS FOR CLIENT-SIDE DEVELOPMENT IN OFFICE 365 Mark Rackley
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.

Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
De Rigueur - Adding Process to Your Business Analytics Environment Diane Hatcher, SAS Institute Inc, Cary, NC Falko Schulz, SAS Institute Australia., Brisbane,

De Rigueur - Adding Process to Your Business Analytics Environment Diane Hatcher, SAS Institute Inc, Cary, NC Falko Schulz, SAS Institute Australia., Brisbane,
ClickOnce Deployment (One-click Deployment)

ClickOnce Deployment (One-click Deployment)

Similar presentations

Ads by Google