Integration details
A&AI webservices resources and traversal are integrated with AAF through the Cadi filter. The request workflow looks as follows:
...
- The request is authenticated in AAF
- TODO: the request should be authorized in the future
- if If the request passes all the teststhe checks (authentication and in the future authorization), it is forwarded to the A&AI servlet which handles the web services.
The AAF model
Permissions in AAF are triplets - type, instance, action.
- Type: core name of the permission
- Instance: the object that is being interacted
- Action: What is happening with this object
Users have roles assigned and each role has permissions.
A&AI permissions proposal
There will be a separate permission for traversal and resources. Let's call them org.onap.aai.resources.access and org.onap.aai.traversal.access. For now we will not distinguish between different objects we could affect, so the instance will always be "*" meaning everything.