Details
-
Enabler
-
Could have
-
None
-
Services
-
-
- Integrated AD authentication with STFC TechOps proxy
- Integrate AD authentication with Taranta
- Integrate AD authentication with Kubernetes (STFC TechOps)
-
1
-
1
-
8
-
Team_IT, Team_OMCPT, Team_SYSTEM
-
-
-
-
16.6
-
Stories Completed, Satisfies Acceptance Criteria, Accepted by FO
-
-
Team_IT
Description
The objective of this capability is to consolidate the initial authentication and authorisation mechanisms across a range of IT systems in use at SKAO.
Starting from the work leveraged by the transition to the international organisation and from the existing implementation of authorisation systems it is necessary to:
- Consolidate the adoption of Azure AD where possible, exposing clear processes and usage patterns for integration with other services.
- Understand if and how the SKAO AD can be integrated with the existing bespoke software systems for example by exposing it as an OAuth service? Publish or point to relevant instruction
- List the systems that are using or need an authentication mechanism in early stages of the project. What are the requirements from a TM perspective?
- Start integrating existing products with the common AAA system, possibly by integrating Nexus, SKAMPI as a starting point.
- Can we use the same solution to also integrate with Gitlab?
- Integrate with Taranta
- Integrate with Kubernetes
It is expected that the IT team will be in a position to provide more detailed information in the context of PI11 planning and the discussion can proceed from there, identifying a more detailed scope and better refined acceptance criteria.
Note: there is https://confluence.skatelescope.org/display/SWSI/ADR-34+Exploratory+AAA+Approach on this topic, including links to work done on AAA in the design phase.