Authorization SE API
Authorization: guarantee the set of operations that an already authenticated identity can perform.
Every individual will access OPENi platform through an account with credentials associated to it. Once correctly authenticated, the individual will perform certain set of actions depending on the authorization level his/her account is granted.
This level of privilege can be given externally by Cloud Based Services or internally by the rest of OPENi entities (like other users).
The Policy Engine will be in charge of compiling these privileges in a set of policies so that the account will have to call this Policy Engine to obtain the rule (policy) regarding a certain action.
On the other hand, it would be useful for developer to have the possibility of defining their own policies for their applications. So, it is necessary to define an API for policies (OPENi policy object).
The permission will be given as a result of applying policies over a certain action, which is intended to be taken over a certain item.
Objects
| Object | Description | Reference |
|---|---|---|
| [CBS Policy] | A Policy is basically a set of rules that allows an entity to do something or not. The policy is applied over items and actions. A CBS policy is obtanied from the CBS services. The retrieval of these policies is an internal process performed by the Policy Engine SE and the Synchronizer SE. An investigation on the targeted CBS APIs should be done in order to find out the way of mapping these policies onto OPENi. | [Policy Based Network Management] |
| [OPENi Policy] | A Policy is basically a set of rules that allows an entity to do something or not. The policy is applied over items and actions. An OPENi policy can be created within OPENi platform. For example, developers can create a set of policies for their applications created. On the other hand, the individuals can set permissions over the objects present in their cloudlets. | [Policy Based Network Management] |
| [Rule] | A policy object will consist of a series of rules. The rule applies over an item and a certain desired action aver this item. | [Policy Based Network Management] |
| [Action] | The action that is wanted to be taken over an item. The pair action-item will enforce the Policy Engine to make its decisions. Actions are closely related to [Verbs]. | [Policy Based Network Management] |
| [Item] | The item upon which the action is wanted to be taken. It can be a photo, a video, a comment, a post, an attached file, etc. Items coming from CBS or OPENi platform should be encapsulated in some way by a set of basic properties (like id, url, etc.) | [Policy Based Network Management] |
Useful Links
Related
Wiki: Policy Based Network Management
Wiki: Verbs
Wiki: OPENi_Service_Enablers
Wiki: CGI's API definitions
Wiki: T31-_OPENi_APIs_Specification
Wiki: T3.1- OPENi APIs Specification