Identified tasks for adding security to the AS7 management APIs: -
| Description | Jira Issues | Owner | Dependencies | Comments / Risks |
|---|---|---|---|---|
| Define security configuration. | General management API configuration. | |||
| Login modules need to operate in non-AS domains. | Anil / Marcus | |||
| Add BASIC authenticator to HTTP API | ||||
| Add TLS/SSL to HTTP API | ||||
| Add CLIENT-CERT type authenticator to HTTP API | ||||
| Ensure equivalent authentication possible through native API. | Initial native API with Remoting. | |||
| Security initialisation similar to subsystem initialisation. | To review as much re-use of security extension in non AS. | |||
| Interception of all inbound calls for authorization check. | Initial check may just be that the calling user must have been authenticated. | |||
| Define ACL scheme. | ||||
| Add ACL checking to authorization. | ||||
| Mechanism to provide users permissions to clients of the API. |
Comments