Uploaded image for project: 'SAFe Program'
  1. SAFe Program
  2. SP-2905

SI and IAM integration

Change Owns to Parent OfsSet start and due date...
    XporterXMLWordPrintable

Details

    • Stories Completed, Accepted by FO

    • PI24 - UNCOVERED

    • SRC-AAI SRC-DM SRC-SI SRCPB

    Description

      Establish what is needed to enable integration between SI and a general OIDC provider, like the Indigo IAM prototype developed by the Purple team. 

      Benefit: move away from using the developer flag and integrate with SRC IAM prototype for A&A

      Acceptance Criteria:

      1. users in an allowed group can authenticate and get/put/delete files in a SI storage site
      2. users in a different allowed group can get files but not put/delete

      Collaborate with Purple team (dependencies)

       
      These components/pieces that need to be deployed or modified to make make SI and IAM work together once the purple team features are available:

      1. modify SI services to use plain GMS client instead of CADC's richer internal code
      2. build new SI images with updated code to accept/validate IAM tokens (assumption: directly in cadc-util library)
      3. SI services need a system credential to make calls to permissions (baldur; assumption: re-use the validated bearer token)
      4. SI services need a user credential to call GMS (assumption: re-use the validated bearer token)
      5. (probably) some code changes in SI so deployers can use tokens (currently just client certificates)
      6. (stretch) luskan could get query permission from baldur rather than be configured directly

       

      Attachments

        Issue Links

          depends on

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-2859 IVOA / IAM Wrapping layer

          • Must have - Items labelled as "Must have" are critical to the current delivery timebox in order for it to be a success.
          • Done

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-3063 SI: Rule-based permissions service

          • Must have - Items labelled as "Must have" are critical to the current delivery timebox in order for it to be a success.
          • Done

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-3064 Inter-Service Communication with Tokens

          • Could have - Items labelled as "Could have" are desirable but not necessary and could improve the user experience or customer satisfaction for a little development cost. These will typically be included if time and resources permit.
          • Done

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-3065 Service Registry

          • Could have - Items labelled as "Could have" are desirable but not necessary and could improve the user experience or customer satisfaction for a little development cost. These will typically be included if time and resources permit.
          • Done
          is required by

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-2829 Deploy Storage Inventory Global site

          • Must have - Items labelled as "Must have" are critical to the current delivery timebox in order for it to be a success.
          • Done
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Structure

            Activity

              People

                r.bolton Bolton, Rosie
                r.bolton Bolton, Rosie
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Feature Progress

                  Story Point Burn-up: (100.00%)

                  Feature Estimate: 0.5

                  IssuesStory Points
                  To Do00.0
                  In Progress   00.0
                  Complete24.0
                  Total24.0

                  Dates

                    Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel