Contents
Introduction
Release Deliverables
| Name | Description |
|---|
| Pluggable AuthN/AuthZ framework | Support for AuthN filters, security context, and access policies |
| Out-of-the-box AuthN | Direct authentication |
Federated Keystone authentication | Support AuthN via Keystone token |
| TLS support | Enable HTTPS on ODL |
| AA Release | Pluggable, out-of-the-box token-based AuthN, and MD-SAL AuthZ app-specific AuthZ |
Release Milestones
| Milestone | Offset 0 Date | Deliverables |
|---|
| M1 | 5/12/2014 | | Name | Status | Description |
|---|
| Candidate Release Plan | DONE | Candidate Release Plan |
|
| M2 | 6/09/2014 | | Name | Status | Description |
|---|
| Release Plan | DONE | Final Release Plan | | Project setup | DONE | Project setup in Git and Jenkins | | Pluggable AuthN framework | DONE | Support for AuthN filters, security context |
|
| M3 | 7/07/2014 | | Name | Status | Description |
|---|
| MD-SAL AuthZ | PoC | Access control for MD-SAL rpc, data store, and pub/sub | | Access policy engine | PoC | Define access control policies and an engine to process them | | IdMLight | PROGRESS | Provides user/role/domain CRUD & username/password authentication | | SSSD Integration | PROGRESS | Support SSSD as an IdP | OSGi application security | Deferred | Leverage OSGi security to apply access permissions on Karaf features |
|
| M4 | 8/04/2014 | | Name | Status | Description |
|---|
| API Freeze | FINALIZING | All APIs are defined, but still need to verify with other consumer projects (dlux, etc...) before finalizing them (this week, 8/4) | | AuthZ-enabled MDSAL API | DONE | API changes for AuthZ-enabled MD-SAL |
| | Access Policy API | FINALIZING | API for Access Policy CRUD | | IdMLight API | FINALIZING | API for user/role/domain and role assignment CRUD | | Token endpoint API | DONE | API for creating an access token | | Karaf integration | DONE | AAA as Karaf features |
|
| M5 | 9/1/2014 | | Name | Status | Description |
|---|
| Code Freeze | COMPLETE | Authentication Services only | | Authentication Services | DONE | Credential & SSSD Federation | | AuthZ-enabled MDSAL | DONE | AuthZ-enabled MD-SAL | | Access Policy | DONE | AuthZ policy CRUD | | AuthZ Services | Deferred | AuthZ service to enforce access policies |
|
| RC0 | 9/9/2014 | | Name | Description |
|---|
| Documentation review | Documentation update | | Integration testing | Execution of & Participation in continuous integration tests (IT) |
|
| RC1 | 9/15/2014 | | Name | Description |
|---|
| Bugfixing | Fixing bugs/issues found during IT |
|
| RC2 | 9/22/2014 | | Name | Description |
|---|
| Release Review | Release Review |
|
| Formal Release | 9/29/2014 | | Name | Description |
|---|
| AA Release | Pluggable, out-of-the-box token-based AuthN and MD-SAL AuthZ app-specific AuthZ |
|
Expected Dependencies on Other Projects
- dlux -> Needs to integrate with dlux for token-based authentication vs http basic
- controller/karaf -> OSGi security work (currently out-of-scope for Helium)
- mdsal/datastore -> AuthN Restconf connector (add AuthN filters in web.xml), AuthZ access control
- GBP, OpenDove, etc... -> "multi-tenancy"
Compatibility with Previous Releases
No compatibility issues are knows
Themes and Priorities
== Other ==