Page Status: updated for Montreal - 22 Mar 2021 

Component Status: Deprecated

Last Reviewed on:

Certified by:

AAF (Application Authorization Framework): - Deprecated

1 High Level Component Definition and Architectural Relationships 

Note: AAF functions are replaced by Service Mesh (Istio), Ingress and IdAM Authentication Server (e.g., Keycloack) since London release. AAF component is no longer part of ONAP Jenkins build and delivery.

AAF (Application Authentication Framework) provides the services for authentication, authorization and certificate management for the ONAP components.  It provides the services to the ONAP components to manage the lifecycle of authentication and authorization elements such as Permissions, Roles and Credentials.  It supports:

• Manage authentication and authorization elements such as: Perminssions, Roles, Credentials
• Access to organizational entities
• Manage the lifecycle of passwords and certificates
• Access to external credential authorities (e.g. CA)
• Autogenerate ONAP certificates

2. API definitions

AAF provides the following interfaces:

Note:   xxxI interface is a Component internal interface.  xxxxE interface is a component external interface

AAF Consumes no Interfaces:

The current API documents can be found at:

• AAFE-1 (to be added)

• AAFE2 (to be added)
• AAFE3 (to be added)

3. Component Description:

Link to read the docs

4. known system limitations: (IN PROGRESS)

Runtime: None

5. Used Models: (N/A)

6. System Deployment Architecture:

FFS

7. New Capabilities in this Release

8. References

1.  AAF Overview & User Guide: https://docs.onap.org/projects/onap-aaf-authz/en/latest/sections/architecture/aaf_architecture.html?highlight=AAF%20overview#overview
2. AAF Architecture doc: https://docs.onap.org/projects/onap-aaf-authz/en/latest/sections/architecture/aaf_architecture.html?highlight=AAF