X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=capifcore%2FREADME.md;h=efea28e4bdd0464728848f9258fc5156e4bf2663;hb=55e8dfc4ed1ffa5877ee8517a05a3b36d34d4882;hp=4ccb557daeef11d08fdac8304d8e808704acc243;hpb=f5cc4c5773b4b4eae42de7b3206b78dfeaf4d90c;p=nonrtric%2Fplt%2Fsme.git

diff --git a/capifcore/README.md b/capifcore/README.md
index 4ccb557..efea28e 100644
--- a/capifcore/README.md
+++ b/capifcore/README.md
@@ -1,44 +1,45 @@
 <!--
- -
-   ========================LICENSE_START=================================
-   O-RAN-SC
-   %%
-   Copyright (C) 2022: Nordix Foundation
-   %%
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
+-
+========================LICENSE_START=================================
+O-RAN-SC
+%%
+Copyright (C) 2022: Nordix Foundation. All rights reserved.
+Copyright (C) 2023 OpenInfra Foundation Europe. All rights reserved.
+%%
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
         http://www.apache.org/licenses/LICENSE-2.0
 
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-   ========================LICENSE_END===================================
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+========================LICENSE_END===================================
 
 -->
 
 # O-RAN-SC Non-RealTime RIC CAPIF Core implementation
 
-This product is a Go implementation of the CAPIF Core function, based on the 3GPP "29.222 Common API Framework for 3GPP Northbound APIs (CAPIF)" interfaces, see https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3450.
+This product is a Go implementation of the CAPIF Core function, which is based on the 3GPP "29.222 Common API Framework for 3GPP Northbound APIs (CAPIF)" interfaces, see https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3450.
 
-The, almost, complete data model for CAPIF is shown in the diagram below.
+The nearly complete data model for CAPIF is shown in the diagram below.
 
 <img src="docs/diagrams/Information model for CAPIF.svg">
 
-The data used within CAPIF Core for registering an rApp that both provides and consumes services is shown in the diagram below.
+The data used within CAPIF Core for registering rApps that provide and consume services is shown in the diagram below.
 
 <img src="docs/diagrams/Information in rApp registration.svg">
 
-An example of how an rApp that both provides and consumes services can be registered in CAPIF Core is shown in the sequence diagram below. Discovery of services, request for access token and event subscription for an invoker is also shown.
+Some examples of interactions between components using the CAPIF interface are shown in the sequence diagram below.
 
-***NOTE!*** It has not been decided that CAPIF Core will actually do the Helm chart installation. This is just provided in the prototype as an example of what CAPIF Core could do. 
+***NOTE!*** It has not been decided that CAPIF Core will actually handle the Helm chart installation. The prototype includes this as an example of what CAPIF Core could potentially do.
 
 <img src="docs/diagrams/Register Provider.svg">
 
-If Helm is used, before publishing a service, the chart that belongs to the service must be registered in ChartMuseum. When publishing the service the following information should be provided in the `ServiceAPIDescription::description` attribute; "namespace", "repoName", "chartName", "releaseName". An example of the information: "Description of rApp helloWorld,namespace,repoName,chartName,releaseName".
+If Helm is used, before publishing a service, the chart belonging to the service must be registered in ChartMuseum. When publishing the service the following information should be provided in the `ServiceAPIDescription::description` attribute; "namespace", "repoName", "chartName", "releaseName". An example of the information: "Description of rApp helloWorld,namespace,repoName,chartName,releaseName".
 
 ## Generation of API code
 
@@ -68,6 +69,14 @@ For the CAPIF specification "TS29222_CAPIF_Discover_Service_API" a new dependenc
    has already been replaced in "TS29222_CAPIF_Discover_Service_API".
 3. If it has not been replaced, add a replacement above the "<new_replacement>" tag by copying and adapting the two rows above the tag.
 
+### Security in CAPIF
+
+The security requirements applicable to all CAPIF entities include providing an authorization mechanism for service APIs from third-party API providers and supporting a common security mechanism for all API implementations to ensure confidentiality and integrity protection.
+
+In the current implementation Keycloak is being used as identity and access management (IAM) solution that provides authentication, authorization, and user management for applications and services. Keycloak provides robust authentication mechanisms, including username/password, two-factor authentication, and client certificate authentication that complies with CAPIF security requirements.
+
+A docker-compose file is included to start up keycloak.
+
 ## Build and test
 
 To generate mocks manually, run the following command:
@@ -94,6 +103,14 @@ The application can also be built as a Docker image, by using the following comm
 
 To run the Core Function from the command line, run the following commands from this folder. For the parameter `chartMuseumUrl`, if it is not provided CAPIF Core will not do any Helm integration, i.e. try to start any Halm chart when publishing a service.
 
-    ./capifcore [-port <port (default 8090)>] [-chartMuseumUrl <URL to ChartMuseum>] [-repoName <Helm repo name (default capifcore)>] [-loglevel <log level (default Info)>]
+    ./capifcore [-port <port (default 8090)>] [-secPort <Secure port (default 4433)>] [-chartMuseumUrl <URL to ChartMuseum>] [-repoName <Helm repo name (default capifcore)>] [-loglevel <log level (default Info)>] [-certPath <Path to certificate>] [-keyPath <Path to private key>]
+
+Use docker compose file to start CAPIF core together with Keycloak:
+
+    docker-compose up
+
+**NOTE!** There is a configuration file in configs/keycloak.yaml with information related to keycloak host, when running locally the host value must be set to localhost (Eg. host: "localhost") and when using docker-compose set value of host to keycloak (Eg. host:"keycloak")
+
+Before using CAPIF API invoker management, an invoker realm must be created in keycloak. Make sure it is created before running CAPIF core. After creating the realm in keycloak, set the name in the keycloak.yaml configuration file.
 
 To run CAPIF Core as a K8s pod together with ChartMuseum, start and stop scripts are provided. The pod configurations are provided in the `configs` folder. CAPIF Core is then available on port `31570`.