--- /dev/null
+# Data Management and Exposure API: Information Coordination Service (ICS)\r
+\r
+## Overview\r
+\r
+The Information Coordination Service (ICS) is a generic service designed to manage data subscriptions in a multi-vendor environment. It facilitates decoupling between data consumers and producers, allowing seamless interaction without consumers needing knowledge of specific producers.\r
+\r
+## Key Concepts\r
+\r
+- **Data Consumer**: Subscribes to data by creating an "Information Job". Examples include R-Apps using the R1 API or NearRT-RIC using the A1-EI API.\r
+\r
+- **Information Type**: Defines the interface between consumers and producers, specifying parameters for subscription creation via a JSON schema. Parameters include data delivery details, filtering criteria, periodicity, and aggregation information.\r
+\r
+- **Data Producer**: Generates data and receives notifications about relevant information jobs. Filtering ideally occurs at the producer's source.\r
+\r
+## Persistence and Security\r
+\r
+Information Jobs and types are persistently stored using Amazon S3 or a local file system. Fine-grained access control supports secure data consumption by enforcing access checks during job modifications or reads. External authorization services like Open Policy Agent (OPA) can be integrated for access token-based authorization.\r
+\r
+## Requirements\r
+\r
+- Support for multiple data producers, potentially from different vendors, producing the same data type.\r
+\r
+- Flexible installation, upgrade, scaling, and restarting of software components independently.\r
+\r
+- Decoupling of data producers from consumers, ensuring consumer operations remain unaffected by producer changes.\r
+\r
+- Ability for consumers to initiate subscriptions independently of producer status changes (e.g., upgrades, restarts).\r
+\r
+## Principles\r
+\r
+- ICS manages data subscriptions but doesn't handle data delivery protocols, enabling flexibility in implementation.\r
+\r
+- Data filtering is managed by producers, allowing unrestricted methods for data selection.\r
+\r
+- Consumers create subscriptions regardless of producer status, ensuring continuous service without consumer intervention.\r
+\r
+## Implementation Details\r
+\r
+- **Language**: Java\r
+- **Framework**: Spring Boot\r
+\r
+## Configuration\r
+\r
+Configuration details can be found in the standard `application.yaml` file.\r
+\r
+## Documentation\r
+\r
+For detailed API documentation and further information, refer to the NONRTRIC documentation at [NONRTRIC Documentation](https://docs.o-ran-sc.org/projects/o-ran-sc-nonrtric/en/latest/overview.html#information-coordination-service).\r
+\r
+## License\r
+\r
+Copyright (C) 2024 Nordix Foundation. All rights reserved.\r
+Licensed under the Apache License, Version 2.0 (the "License");\r
+you may not use this file except in compliance with the License.\r
+You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+Unless required by applicable law or agreed to in writing, software\r
+distributed under the License is distributed on an "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+See the License for the specific language governing permissions and\r
+limitations under the License.\r
-The keystore.jks and truststore.jks files are created by using the following commands (note that this is an example):
+# Keystore and Truststore Setup Guide
-1) Create a CA certificate and a private key:
+This guide provides step-by-step instructions for creating `keystore.jks` and `truststore.jks` files. Follow the commands carefully to ensure proper setup.
+## 1. Create a CA certificate and a private key:
+
+```sh
openssl genrsa -des3 -out CA-key.pem 2048
openssl req -new -key CA-key.pem -x509 -days 3600 -out CA-cert.pem
-
-2) Create a keystore with a private key entry that is signed by the CA:
+```
+## 2. Create a keystore with a private key entry that is signed by the CA:
Note: your name must be "localhost"
-
+```sh
keytool -genkeypair -alias policy_agent -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650 -storepass policy_agent
keytool -certreq -alias policy_agent -file request.csr -keystore keystore.jks -ext san=dns:your.domain.com -storepass policy_agent
openssl x509 -req -days 3650 -in request.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out ca_signed-cert.pem
keytool -importcert -alias ca_cert -file CA-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent
keytool -importcert -alias policy_agent -file ca_signed-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent
+```
-
-3) Create a trust store containing the CA cert (to trust all certs signed by the CA):
-
+## 3. Create a trust store containing the CA cert (to trust all certs signed by the CA):
+```sh
keytool -genkeypair -alias not_used -keyalg RSA -keysize 2048 -keystore truststore.jks -validity 3650 -storepass policy_agent
keytool -importcert -alias ca_cert -file CA-cert.pem -keystore truststore.jks -trustcacerts -storepass policy_agent
+```
-
-4) Command for listing of the contents of jks files, examples:
+## 4. Command for listing of the contents of jks files, examples:
+```sh
keytool -list -v -keystore keystore.jks -storepass policy_agent
keytool -list -v -keystore truststore.jks -storepass policy_agent
+```
## License
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-
Code Review / nonrtric / plt / informationcoordinatorservice.git / commitdiff