From jhierro at tid.es Fri Feb 15 17:49:08 2013 From: jhierro at tid.es (Juanjo Hierro) Date: Fri, 15 Feb 2013 17:49:08 +0100 Subject: [Fiware-api-cross] Mailing list supporting activities of Task Force dealing with Access Control, Security Monitoring and Accounting in access to APIs Message-ID: <511E6704.4020507@tid.es> Dear colleagues, Derived from our initial discussions in Rome, we have created a new mailing list to support the activities of the cross-chapter Task Force that will deal with definition and implementation of that part of the FI-WARE architecture that will provide support to the following features regarding access to APIs in FI-WARE: * OAuth2-based controlled access * Security monitoring * Accounting This mail is the first mail sent to the mailing list. Since this is a very cross-chapter topic dealing with usage of APIs in FI-WARE-based environments, I have decided to name it as "fiware-api-cross" This is the second mailing list that has been created in FI-WARE regarding cross-chapter topics. I hope it works as well as it has ended working in the case of the NGSI which, as you know, represents a cross-chapter result. As a term of reference for further discussions, please find enclosed the slides that describe the architecture we discussed in Rome. Following is a list of responsibilities of members of this Task Force regarding how to move towards materialization of the proposed architecture and its instantiation as part of the FI-WARE Open Innovation Lab. Besides, some of the APs already identified for some of the members of the Task Force. Please correct me if you believe I have captured something wrongly or there is some important ingredient to add: * NSN and DT will provide alternative implementations of the IdM GE * AP to both: provide references to detailed documentation of: * APIs provided to support OAuth2 (steps 3, 4, 6, 7, 10 11 in the slides) - note: I understand this may just be the OAuth2 REST APIs defined in the standards, but any deviation or refinement should be properly documented. For sure we need to understand how "attributes" of user accounts will be modeled * APIs provided to support basic management of user accounts - note: this may be links to already available FI-WARE Open Specifications * Thales will provide an implementation of the XACML PDP and the PEP (Proxy) components * AP on Thales to provide detailed documentation of APIs linked to XACML PDP component * APIs provided to support OAuth2 (steps 9, 12 in the slides) * APIs provided to setup access control policy rules, etc * UPM (Juan Quemada's team) will provide an open source reference implementation of the component that deals with generation of let's call them "CDRs" (Call Data Records) required for Security Monitoring and Accounting. * UPM (Juan Quemada's team) and Alex will work in analyzing how the proposed architecture can be exported and adopted in the Cloud Chapter. They will analyze the impact of replacing or integrating with some of the components currently being used such as OpenStack's keystone. * UPM (Juan Quemada's team) will develop that part of the FI-WARE Open Innovation Lab portal dealing with: * creation and management of user accounts based on IdM GE APIs * definition and management of access control policies based on XACML PDP APIs * TID (Pablo Arozarena) and Torsten will work on definition of the interface that has to be invoked for generation of "CDRs" that feed the revenue share engine * TID (Fermin Galan) will lead the evolution of the existing Live Demo Application to incorporate OAuth2-based controlled access to APIs * Sergio and Carlos, as WPAs of the Data and IoT chapters respectively, will monitor the work to make sure it is compatible with architecture of their respective chapters Again, let me know if I have missed something or captured something wrongly. Attached is also a list of people I have subscribed to the mailing list. Please check whether I missed, or you want to add, someone else. I have added: * Representatives of owners of the IdM GEi (NSN and DT) * Representatives of owners of the Access Control GE (Thales) * UPM team who works in development of the Cloud Portal and will be involved in the development of the FI-WARE Open Innovation Lab portal which will deal with creation and administration of user accounts as well as the development of the portal that may help to setup access policy rules based on APIs provided by the Access Control GE * Fermin Gal?n, as leader of the development team of the Live App Demo. Involving him, we will try to evolve the existing Live Demo App so that it can be used to demostrate the proposed architecture * Alex as WPA of the Cloud Chapter * Torsten as WPA of the Apps Chapter where certainly we need to find out how APIs accounting can be put in place to feed the Business Framework with "CDR" on APIs * Pablo Arozarena as owner of the FI-WARE GEi which implements Revenue Sharing within the FI-WARE Business Framework. This component will be the main receptor of CDRs generated as a result of accessing APIs * Sergio Garc?a as WPA of the Data Chapter, in order to make sure that what we define here is compatible with FI-WARE Data related GEs * Carlos Ralli as WPA of the IoT Chapter, in order to make sure that what we define here is compatible with FI-WARE IoT related GEs Cheers, -- Juanjo ------------- Product Development and Innovation (PDI) - Telefonica Digital website: www.tid.es email: jhierro at tid.es twitter: twitter.com/JuanjoHierro FI-WARE (European Future Internet Core Platform) Chief Architect You can follow FI-WARE at: website: http://www.fi-ware.eu facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 twitter: http://twitter.com/FIware linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 [cid:part1.09000408.09060001 at tid.es] ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra pol?tica de env?o y recepci?n de correo electr?nico en el enlace situado m?s abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ehcfgghi.png Type: image/png Size: 50313 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: FI-WARE API access 13-02-15.pptx Type: application/vnd.openxmlformats-officedocument.presentationml.presentation Size: 175525 bytes Desc: not available URL: From jhierro at tid.es Fri Feb 15 18:12:31 2013 From: jhierro at tid.es (Juanjo Hierro) Date: Fri, 15 Feb 2013 18:12:31 +0100 Subject: [Fiware-api-cross] Folder for sharing documentation on the API Cross-chapter Task Force In-Reply-To: <511E6704.4020507@tid.es> References: <511E6704.4020507@tid.es> Message-ID: <511E6C7F.2080001@tid.es> Hi all, I have created a folder titled "APIs access control, monitoring and accounting" under the "Cross Topics" folder of the docman system in the "FI-WARE Private" project in FusionForge. I suggest that we upload there documentation we need to share within this TF: Besides the previously attached slides, I have uploaded there the Thales Authorization Server User Guide: https://forge.fi-ware.eu/docman/view.php/27/1874/Thales_Authorization_Server_User_Guide_v0.2.pdf Cheers, -- Juanjo ------------- Product Development and Innovation (PDI) - Telefonica Digital website: www.tid.es email: jhierro at tid.es twitter: twitter.com/JuanjoHierro FI-WARE (European Future Internet Core Platform) Chief Architect You can follow FI-WARE at: website: http://www.fi-ware.eu facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 twitter: http://twitter.com/FIware linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 On 15/02/13 17:49, Juanjo Hierro wrote: Dear colleagues, Derived from our initial discussions in Rome, we have created a new mailing list to support the activities of the cross-chapter Task Force that will deal with definition and implementation of that part of the FI-WARE architecture that will provide support to the following features regarding access to APIs in FI-WARE: * OAuth2-based controlled access * Security monitoring * Accounting This mail is the first mail sent to the mailing list. Since this is a very cross-chapter topic dealing with usage of APIs in FI-WARE-based environments, I have decided to name it as "fiware-api-cross" This is the second mailing list that has been created in FI-WARE regarding cross-chapter topics. I hope it works as well as it has ended working in the case of the NGSI which, as you know, represents a cross-chapter result. As a term of reference for further discussions, please find enclosed the slides that describe the architecture we discussed in Rome. Following is a list of responsibilities of members of this Task Force regarding how to move towards materialization of the proposed architecture and its instantiation as part of the FI-WARE Open Innovation Lab. Besides, some of the APs already identified for some of the members of the Task Force. Please correct me if you believe I have captured something wrongly or there is some important ingredient to add: * NSN and DT will provide alternative implementations of the IdM GE * AP to both: provide references to detailed documentation of: * APIs provided to support OAuth2 (steps 3, 4, 6, 7, 10 11 in the slides) - note: I understand this may just be the OAuth2 REST APIs defined in the standards, but any deviation or refinement should be properly documented. For sure we need to understand how "attributes" of user accounts will be modeled * APIs provided to support basic management of user accounts - note: this may be links to already available FI-WARE Open Specifications * Thales will provide an implementation of the XACML PDP and the PEP (Proxy) components * AP on Thales to provide detailed documentation of APIs linked to XACML PDP component * APIs provided to support OAuth2 (steps 9, 12 in the slides) * APIs provided to setup access control policy rules, etc * UPM (Juan Quemada's team) will provide an open source reference implementation of the component that deals with generation of let's call them "CDRs" (Call Data Records) required for Security Monitoring and Accounting. * UPM (Juan Quemada's team) and Alex will work in analyzing how the proposed architecture can be exported and adopted in the Cloud Chapter. They will analyze the impact of replacing or integrating with some of the components currently being used such as OpenStack's keystone. * UPM (Juan Quemada's team) will develop that part of the FI-WARE Open Innovation Lab portal dealing with: * creation and management of user accounts based on IdM GE APIs * definition and management of access control policies based on XACML PDP APIs * TID (Pablo Arozarena) and Torsten will work on definition of the interface that has to be invoked for generation of "CDRs" that feed the revenue share engine * TID (Fermin Galan) will lead the evolution of the existing Live Demo Application to incorporate OAuth2-based controlled access to APIs * Sergio and Carlos, as WPAs of the Data and IoT chapters respectively, will monitor the work to make sure it is compatible with architecture of their respective chapters Again, let me know if I have missed something or captured something wrongly. Attached is also a list of people I have subscribed to the mailing list. Please check whether I missed, or you want to add, someone else. I have added: * Representatives of owners of the IdM GEi (NSN and DT) * Representatives of owners of the Access Control GE (Thales) * UPM team who works in development of the Cloud Portal and will be involved in the development of the FI-WARE Open Innovation Lab portal which will deal with creation and administration of user accounts as well as the development of the portal that may help to setup access policy rules based on APIs provided by the Access Control GE * Fermin Gal?n, as leader of the development team of the Live App Demo. Involving him, we will try to evolve the existing Live Demo App so that it can be used to demostrate the proposed architecture * Alex as WPA of the Cloud Chapter * Torsten as WPA of the Apps Chapter where certainly we need to find out how APIs accounting can be put in place to feed the Business Framework with "CDR" on APIs * Pablo Arozarena as owner of the FI-WARE GEi which implements Revenue Sharing within the FI-WARE Business Framework. This component will be the main receptor of CDRs generated as a result of accessing APIs * Sergio Garc?a as WPA of the Data Chapter, in order to make sure that what we define here is compatible with FI-WARE Data related GEs * Carlos Ralli as WPA of the IoT Chapter, in order to make sure that what we define here is compatible with FI-WARE IoT related GEs Cheers, -- Juanjo ------------- Product Development and Innovation (PDI) - Telefonica Digital website: www.tid.es email: jhierro at tid.es twitter: twitter.com/JuanjoHierro FI-WARE (European Future Internet Core Platform) Chief Architect You can follow FI-WARE at: website: http://www.fi-ware.eu facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 twitter: http://twitter.com/FIware linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 [cid:part7.06070003.06080002 at tid.es] ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra pol?tica de env?o y recepci?n de correo electr?nico en el enlace situado m?s abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 50313 bytes Desc: not available URL: