From: PatrikBuhr Date: Mon, 21 Nov 2022 13:49:05 +0000 (+0100) Subject: NONRTRIC - Fine grained authorization in ICS X-Git-Tag: 1.4.0^0 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=a18d40cef8ec6a2b709f3f280a6017eca06d5f92;p=nonrtric%2Fplt%2Finformationcoordinatorservice.git NONRTRIC - Fine grained authorization in ICS Documentation updates. Signed-off-by: PatrikBuhr Issue-ID: NONRTRIC-815 Change-Id: I831963780ef0db6e4a7d35895439fb05864cb6b1 --- diff --git a/docs/Architecture.png b/docs/Architecture.png index 6bf98dc..1cc6f10 100644 Binary files a/docs/Architecture.png and b/docs/Architecture.png differ diff --git a/docs/Architecture.pptx b/docs/Architecture.pptx index 1ee2fc8..4385bec 100644 Binary files a/docs/Architecture.pptx and b/docs/Architecture.pptx differ diff --git a/docs/overview.rst b/docs/overview.rst index b62f58f..4bdb50f 100644 --- a/docs/overview.rst +++ b/docs/overview.rst @@ -30,6 +30,13 @@ One information type can be supported by zero to many data producers and can be Information Jobs and types are stored persistently by ICS in a local database. This can be either using Amazon S3 - Cloud Object Storage or file system. +To restrict which data that can be consumed by by whom there is support for finegrained access control. When data subscriptions/jobs are modified or read, an access check can be performed. +ICS can be configured to call an external authorizer. +This can be for instance Open Policy Agent (OPA) which can grant or deny accesses based on an access token (JWT) used by the calling data consumer. +In addition to this the information type, accesstype (read/write) and all type specific parameters can be used by access rules. + +The URL to the authorization component is defined in the application.yaml file and the call invoked to by ICS is described in API documentation. + ********************* Summary of principles *********************