.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. SPDX-License-Identifier: CC-BY-4.0
.. Copyright (C) 2023 Nordix
+.. Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved.
#############
Overview
#############
-Within Service Management and Exposure the CAPIF Core product is developed. It resides in the "capifcore" folder.
+Service Management and Exposure has 2 components - CAPIF Core and Service Manager. Capifcore is found in the "capifcore" directory,
+and Service Manager is in the "servicemanager" directory.
This product is a part of :doc:`NONRTRIC <nonrtric:index>`.
Introduction
************
-CAPIF stands for Common API framework and it was developed by 3GPP to enable a unified Northbound API framework across 3GPP network functions, and to ensure that there is a single and harmonized approach for API development.
+CAPIF stands for Common API Framework and it was developed by 3GPP to enable a unified Northbound API framework across 3GPP network functions, and to ensure that there is a single and harmonized approach for API development.
-Key features in capif includes onboarding and offloading of application functions, service discovery and management, event subscription and notification as well as authorization and authentication.
+Key features in CAPIF includes onboarding and offloading of application functions, service discovery and management, event subscription and notification as well as authorization and authentication.
-It was delivered in Rel-15 (Refer to 3GPP TS 23.222 and 3GPP TS 29.222)
+It was delivered in Rel-15 (Refer to 3GPP TS 23.222 and 3GPP TS 29.222).
Functional entities
===================
API Invoker
~~~~~~~~~~~
-The API invoker is the entity which invokes the CAPIF or service APIs, typically provided by a 3rd party application provider who has service agreement with PLMN operator.
+The API invoker is the entity which invokes the CAPIF or service APIs, typically provided by a 3rd party application provider.
The API invoker supports the following capabilities:
************************
* **CAPIF_Discover_Service_API** API: This API enables the API invoker to communicate with the CAPIF core function to discover the published service API information.
-* **CAPIF_Publish_Service_API** API:This API enables the API publishing function to communicate with the CAPIF core function to publish the service API information and manage the published service API information.
+* **CAPIF_Publish_Service_API** API: This API enables the API publishing function to communicate with the CAPIF core function to publish the service API information and manage the published service API information.
* **CAPIF_Events** API: This API enables the API subscribing entity to communicate with the CAPIF core function to subscribe to and unsubscribe from CAPIF events and receive subsequent notification of CAPIF events. This API is used for the subscription to and notifications of those CAPIF events that are not bound to any of the other CAPIF core function APIs.
-* **CAPIF_API_invoker_management** API: This API enables the API invoker to communicate with the CAPIF core function to enroll as a registered user of CAPIF and manage the enrollment information.
+* **CAPIF_API_Invoker_Management** API: This API enables the API invoker to communicate with the CAPIF core function to enroll as a registered user of CAPIF and manage the enrollment information.
* **CAPIF_Security** API:This API enables the API invoker to communicate with the CAPIF core function to authenticate and obtain authorization to access service APIs.
* **CAPIF_Monitoring** API: This API enables the API management function to communicate with the CAPIF core function to subscribe to and unsubscribe from CAPIF events related to monitoring and receive subsequent notification of CAPIF monitoring events.
* **CAPIF_Logging_API_Invocation** API: This API enables the API exposing function to communicate with the CAPIF core function to log the information related to service API invocation.
* **CAPIF_Auditing** API: This API enables the API management function to communicate with the CAPIF core function to retrieve the log information related to service API invocation.
* **CAPIF_Access_Control_Policy** API: This API enables the API exposing function to obtain the policy to perform access control on the service API invocations.
* **CAPIF_Routing_Info** API: This API enables the API exposing function to obtain the routing information to forward the API invocation to another API exposing function.
-* **CAPIF_API_provider_management** API: This API enables the API Management Function to communicate with the CAPIF core function to register the API provider domain functions as authorized users of the CAPIF functionalities.
+* **CAPIF_API_Provider_Management** API: This API enables the API Management Function to communicate with the CAPIF core function to register the API provider domain functions as authorized users of the CAPIF functionalities.
The table below lists the CAPIF Core Function APIs.
Security in CAPIF
*****************
-CAPIF establish security requeriments for all the interfaces defined in the specification. There are also security requeriments that are applicable to all CAPIF entities, such as:
+CAPIF establishes security requirements for all the interfaces defined in the specification. There are also security requirements that are applicable to all CAPIF entities, such as:
- CAPIF shall provide mechanisms to hide the topology of the PLMN trust domain from the API invokers accessing the service APIs from outside the PLMN trust domain.
- CAPIF shall provide mechanisms to hide the topology of the 3rd party API provider trust domain from the API invokers accessing the service APIs from outside the 3rd party API provider trust domain.
API discovery
~~~~~~~~~~~~~
-After successful authentication between API invoker and CAPIF core function, the CAPIF core function shall decide whether the API invoker is authorized to perform discovery based on API invoker ID and discovery policy.
\ No newline at end of file
+After successful authentication between API invoker and CAPIF core function, the CAPIF core function shall decide whether the API invoker is authorized to perform discovery based on API invoker ID and discovery policy.
+
+Postman
+*******
+
+A Postman collection has been included in this repo at sme/postman/CAPIF.postman_collection.json.
+
+***************
+Service Manager
+***************
+
+Service Manager, CAPIF and Kong
+*******************************
+
+Service Manager builds on CAPIF and depends on the Kong API Gateway. CAPIF stands for Common API Framework and it was developed by 3GPP to enable a unified Northbound API framework across 3GPP network functions, and to ensure that there is a single and harmonized approach for API development.
+Among CAPIF's key features are the following.
+
+* Register/deregister APIs
+* Publishing Service APIs
+* Onboarding/offboarding API invoker
+* Discovery APIs
+* CAPIF events subscription/notification
+* Entity authentication/authorization
+* Support for 3rd party domains i.e., allow 3rd party API providers to leverage the CAPIF framework
+* Support interconnection between two CAPIF providers
+
+Service Manager and CAPIF APIs
+******************************
+
+CAPIF (Common API Framework) is defined in 3GPP TS 29.222. Service Manager implements a subset of the CAPIF APIs to provide the following APIs.
+
+* Register/deregister APIs
+* Publishing Service APIs
+* Onboarding/offboarding API invoker
+* Discovery APIs
+
+If you only need the above APIs, then Service Manager is a plugin-in replacement for CAPIF.
+
+CAPIF APIs implemented by Service Manager
+*****************************************
+
+* **CAPIF_API_Provider_Management** API: This API enables the API Management Function to communicate with the CAPIF core function to register the API provider domain functions.
+* **CAPIF_Publish_Service_API** API:This API enables the API publishing function to communicate with the CAPIF core function to publish the service API information and manage the published service API information.
+* **CAPIF_API_Invoker_Management** API: This API enables the API invoker to communicate with the CAPIF core function to enroll as a registered user of CAPIF and manage the enrollment information.
+* **CAPIF_Discover_Service_API** API: This API enables the API invoker to communicate with the CAPIF core function to discover the published service API information.
+
++-----------------------------------+------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| **Service Name** | **Service Operations** | **Operation Semantics** | **Consumer(s)** |
++-----------------------------------+------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| CAPIF_API_Provider_Management_API | Register_API_Provider | POST /registrations | API Management Function |
++ +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Update_API_Provider | PUT /registrations/{registrationId} | API Management Function |
++ +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Deregister_API_Provider | DELETE /registrations/{registrationId} | API Management Function |
++-----------------------------------+------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| CAPIF_Publish_Service_API | Publish_Service_API | POST /{apfId}/service-apis | API Publishing Function, CAPIF core function |
++ +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Unpublish_Service_API | DELETE /{apfId/service-apis/{serviceApiId} | API Publishing Function, CAPIF core function |
++ +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Update_Service_API | PUT /{apfId/service-apis/{serviceApiId} | API Publishing Function, CAPIF core function |
++ +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Get_Service_API | GET /{apfId}/service-apis | API Publishing Function, CAPIF core function |
++-----------------------------------+------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| CAPIF_API_Invoker_Management_API | Onboard_API_Invoker | POST /onboardedInvokers | API Invoker |
++ +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Offboard_API_Invoker | DELETE /onboardedInvokers/{onboardingId} | API Invoker |
++ +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Notify_Onboarding_Completion | Subscribe/Notify | API Invoker |
++ +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Update_API_Invoker_Details | PUT /onboardedInvokers/{onboardingId} | API Invoker |
+| +------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| | Notify_Update_Completion | Subscribe/Notify | API Invoker |
++-----------------------------------+------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+| CAPIF_Discover_Service_API | Discover_Service_API | GET /allServiceAPIs | API Invoker, CAPIF core function |
++-----------------------------------+------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------+
+
+Generation of CAPIF OpenAPI Code
+********************************
+
+* The CAPIF APIs are generated from the OpenAPI specifications provided by 3GPP.
+* The generate.sh script downloads the specifications from 3GPP, fixes them and then generates the APIs.
+* The specifications are downloaded from https://www.3gpp.org/ftp/Specs/archive/29_series.
+
+Service Manager Integration with Kong
+*************************************
+
+* Service Manager is a Go implementation of a service that builds on CAPIF Core and integrates with Kong.
+* When publishing a service through Service Manager, we create a Kong service and Kong route.
+* The JSON element that we return in the response body is updated to point to the Kong data plane. Therefore, the API interface that we return from Service Discovery has the Kong host and port, and not the original service's host and port.
+* The rApp can only access the Published function through Service Manager. It cannot access the Published function directly.
+* We use Kong as a reverse proxy. Instead of calling the Publishing service directly, our Invoker's API request is proxied through Kong. This gives us the advantages of using a proxied service, such as providing caching and load balancing.
+* When service invocations are routed through Kong, in an R1 SME scenario where services are selectively exposed to rApps, the Kong API gateway can be used to enforce R1 SME exposure & access. This can be achieved by restricting rApps to have access only to the Kong API gateway, and so only services exposed to the rApps through the API gateway can be accessed.
+
+Service Manager Deployment
+**************************
+
+* We have a stand-alone deployment and a deployment as part of NONRTRIC.
+* We use the NONRTRIC deployment from the Git repo at https://gerrit.o-ran-sc.org/r/admin/repos/it/dep.
+* The stand-alone deployment is in this repo at sme/servicemanager/deploy. Please see the Service Manager README.
+* The Service Manager configuration is stored in a config file, ``.env``.
+* For both the stand-alone and it/dep deployments, ``.env`` is volume-mounted into the Docker container from a Kubernetes config map at container run-time.
+
+Postman
+*******
+A Postman collection has been included in this repo at sme/postman/ServiceManager.postman_collection.json.
\ No newline at end of file
Code Review / nonrtric / plt / sme.git / blobdiff