Versions Compared

Old Version 8

changes.mady.by.user Amy Zwarico

Saved on

compared with

New Version 9

changes.mady.by.user Amy Zwarico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

3. Component Description: (IN PROGRESS)

A more detailed figure and description of the component.

...

Code Access Data Identity (CADI) is a client framework included in a web GUI or API that invokes AAF to provide AAF authentication and authorization services to containers and standalone services.

  • Authenticate with one or more Authentication Protocols
  • Authorize in a FINE-GRAINED manner using AAF Components
  • CADI has three types of clients
    • CADI AAF TAF (J2EE) - integrates with a web GUI
    • CADI AAF TAF (J2EE Filter) - integrates with a REST API
    • CADI AAF TAF (Java Client) - integrates with a database

AAF Service - TBD

AAF Cassandra Database - TBD

Certificate Manager (CertMan) - provides CA services (X.509 certificate generation/renewal, root and intermediate cert delivery), secure key pair generation, and keystore creation and delivery to applications. CertMan can also integrate with an external CA that supports the Simple Certificate Enrollment Protocol (SCEP).


Image Added



  1. Browser client goes to GUI using for instance SSO plugin or Basic Auth
  2. App authenticates to App Service API using x509 or Basic Auth or OAuth
  3. CADI Filter (CADI AAF TAF) coverts credential to “Principal”. If not in cache, AAF is contacted for Permissions protecting GUI with Service ID/Credential (ApplicationID/Pass or X.509 Client Cert (preferred)).
  4. AAF does provide User/Password features, or can be delegated to other credential service via Plugin
  5. If information is not in Service Cache, AAF’s DB is contacted using AAF Service ID/Credential.
  6. Client App uses Permission Attributes delivered by AAF/AAF Cache for protecting data/functions (using J2EE method).
  7. If not in Cache, Client contacts App Service, using App ID/Credential.
  8. CADI Filter converts App ID/Credential to Principal. If not in cache, contacts with AAF (with App ID/Credential) for Permissions of Client.
  9. App protects data based on Client Permissions.
  10. Component contacts next layer using Service ID/Credential.
  11. If ID or Permissions of AppServer are not in Cache, contact AAF using AAF Security Plugin for Cassandra, which uses AAF Java Client.
  12. Cassandra protects Cluster/Keyspace/ColumnFamily w/Permissions.

4. known system limitations: (IN PROGRESS)

Runtime: None

Clamp data redundancy is dependent on Kubernetes and the persistent volume.

Clamp application redundancy HA relies on Kubernetes


5. Used Models: (N/A)


6. System Deployment Architecture: (IN PROGRESS)

...