Re: [onap-tsc] [onap-discuss] Importance of common auth service in this release

2017-09-11 Thread Kanagaraj Manickam 
Dear Oliver,

Thanks. I added this item into the wiki mentioned.

I have been working in OpenStack for more than 4 years and having good 
understanding of the OpenStack model for authentication/authorization.
Hoping that my experience could be leveraged here. So can you please include me 
in the discussions around this topic. Thank you.

Regards
Kanagaraj M


***
本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!**

***
This e-mail and its attachments contain confidential information from HUAWEI, 
which is intended only for the person  or entity whose address is listed above. 
Any use of the information contained herein in any way (including, but not   
limited to, total or partial disclosure, reproduction, or dissemination) by 
persons other than the intended recipient(s) is  prohibited. If you receive 
this e-mail in error, please notify the sender by phone or email immediately 
and delete it!
***

From: SPATSCHECK, OLIVER (OLIVER) [mailto:spat...@research.att.com]
Sent: Friday, September 08, 2017 6:15 PM
To: Kanagaraj Manickam; onap-tsc@lists.onap.org
Cc: onap-disc...@lists.onap.org
Subject: Re: [onap-discuss] Importance of common auth service in this release


Kanagaraj,

we started collecting none functional requirements for the next release here:

https://wiki.onap.org/display/DW/R2+proposals+for+Non-functional+requirements

so they can be prioritized. Could you document your suggestion there?

I do agree that our authentication/authorization setup needs some substantial 
thought to get to what is needed.  I would try to address all of them with a 
consistent architecture so below is one part of that.

Thx

Oliver


From: 
mailto:onap-discuss-boun...@lists.onap.org>>
 on behalf of Kanagaraj Manickam 
mailto:kanagaraj.manic...@huawei.com>>
Date: Thursday, September 7, 2017 at 9:59 AM
To: "onap-tsc@lists.onap.org" 
mailto:onap-tsc@lists.onap.org>>
Cc: "onap-disc...@lists.onap.org" 
mailto:onap-disc...@lists.onap.org>>
Subject: [onap-discuss] Importance of common auth service in this release



Dear TSC team,

This mail is regarding the importance of common auth service in this release. 
please find more details below.

In Onap 1.0, we are using the Portal user management feature with required role 
in place for user authentication and the REST API for every ONAP components are 
not published. so for end user, portal is the only access point and there was 
no need of common user management across services, which portal user management 
took care of it.

But in Onap 1.1 (amesterdam) release, we have already published REST API for 
every components and we have now MSB to register all the ONAP components and 
get discovered by
user or integration components. so now, user could discover and operate every 
onap componenet's feature by using the REST API with deafult user credentails 
published for every ONAP component. But when user operate the same feature via 
portal, (s)he should go thru the portal user authedication and authorization. 
so this scenario brings the inconsistency.

In this scenario, I believe that we should be providing the common user 
authedication and authorization service across all ONAP components, simliar to 
OpenStack keystone service. And we are already having AAF to address this 
scenario. so Should we make AAF as mandatory component in amesterdam release 
and every onap components get aligned with it?

Thanks.

Regards
Kanagaraj M

___
ONAP-TSC mailing list
ONAP-TSC@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-tsc

Re: [onap-tsc] [onap-discuss] Importance of common auth service in this release

2017-09-08 Thread SPATSCHECK, OLIVER (OLIVER) 

Kanagaraj,

we started collecting none functional requirements for the next release here:

https://wiki.onap.org/display/DW/R2+proposals+for+Non-functional+requirements

so they can be prioritized. Could you document your suggestion there?

I do agree that our authentication/authorization setup needs some substantial 
thought to get to what is needed.  I would try to address all of them with a 
consistent architecture so below is one part of that.

Thx

Oliver


From:  on behalf of Kanagaraj Manickam 

Date: Thursday, September 7, 2017 at 9:59 AM
To: "onap-tsc@lists.onap.org" 
Cc: "onap-disc...@lists.onap.org" 
Subject: [onap-discuss] Importance of common auth service in this release



Dear TSC team,

This mail is regarding the importance of common auth service in this release. 
please find more details below.

In Onap 1.0, we are using the Portal user management feature with required role 
in place for user authentication and the REST API for every ONAP components are 
not published. so for end user, portal is the only access point and there was 
no need of common user management across services, which portal user management 
took care of it.

But in Onap 1.1 (amesterdam) release, we have already published REST API for 
every components and we have now MSB to register all the ONAP components and 
get discovered by
user or integration components. so now, user could discover and operate every 
onap componenet's feature by using the REST API with deafult user credentails 
published for every ONAP component. But when user operate the same feature via 
portal, (s)he should go thru the portal user authedication and authorization. 
so this scenario brings the inconsistency.

In this scenario, I believe that we should be providing the common user 
authedication and authorization service across all ONAP components, simliar to 
OpenStack keystone service. And we are already having AAF to address this 
scenario. so Should we make AAF as mandatory component in amesterdam release 
and every onap components get aligned with it?

Thanks.

Regards
Kanagaraj M

___
ONAP-TSC mailing list
ONAP-TSC@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-tsc