Uploaded image for project: 'SAFe Program'
  1. SAFe Program
  2. SP-3064

Inter-Service Communication with Tokens

Change Owns to Parent OfsSet start and due date...
    XporterXMLWordPrintable

Details

    • SRCnet
    • Hide

      The feature will allow service-to-service calls (in the SI ecosystem and other places) to be made with the correct identity and security standards.

      Show
      The feature will allow service-to-service calls (in the SI ecosystem and other places) to be made with the correct identity and security standards.
    • Hide

      The service calls from raven or minoc to baldur (SP-3063) or to GMS (SP-2859) are made with tokens adhering to the security model to be decided in the implementation of this feature.

      Show
      The service calls from raven or minoc to baldur ( SP-3063 ) or to GMS ( SP-2859 ) are made with tokens adhering to the security model to be decided in the implementation of this feature.
    • Team_PURPLE
    • Hide

      Thoughtworks has demonstrated that the tokens issued by IAM can be reused by minoc to make GMS calls.  This feature is now overcome by SP-2829.

      Show
      Thoughtworks has demonstrated that the tokens issued by IAM can be reused by minoc to make GMS calls.  This feature is now overcome by SP-2829 .
    • 17.6
    • Stories Completed, Demonstrated

    • PI24 - UNCOVERED

    • SRC-AAI SRC-DM SRC-SI SRCPB

    Description

      When service-to-service calls are made, the credentials used should be transitive in that it is the same identity that makes the secondary call.  

      This could be solved in a number of ways, including:

      • Credential Delegation - Users give services short-lived credentials which can be used to make secondary calls
      • Token Reuse and Exchange - The incoming token is either reused or exchanged for another token with proper scope to make secondary calls

      A test use case for this is a Storage Inventory Components such as raven or minoc making a secondary call to the Permissions Service (SP-3063) or to GMS (SP-2859).

      Attachments

        Issue Links

          is required by

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-2829 Deploy Storage Inventory Global site

          • Must have - Items labelled as "Must have" are critical to the current delivery timebox in order for it to be a success.
          • Done

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-2905 SI and IAM integration

          • Must have - Items labelled as "Must have" are critical to the current delivery timebox in order for it to be a success.
          • Done
          relates to

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-3063 SI: Rule-based permissions service

          • Must have - Items labelled as "Must have" are critical to the current delivery timebox in order for it to be a success.
          • Done

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-3065 Service Registry

          • Could have - Items labelled as "Could have" are desirable but not necessary and could improve the user experience or customer satisfaction for a little development cost. These will typically be included if time and resources permit.
          • Done

          Feature - A Feature is a service that fulfills a stakeholder need. Each feature includes a benefit hypothesis and acceptance criteria, and is sized or split as necessary to be delivered by a single Agile Release Train (ART) in a Program Increment (PI). SP-3288 Modify SI synchronisation tools for integration with IAM

          • Could have - Items labelled as "Could have" are desirable but not necessary and could improve the user experience or customer satisfaction for a little development cost. These will typically be included if time and resources permit.
          • Discarded

          Structure

            Activity

              People

                B.Major Major, Brian
                B.Major Major, Brian
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Feature Progress

                  Story Point Burn-up: (0%)

                  Feature Estimate: 0.0

                  IssuesStory Points
                  To Do00.0
                  In Progress   00.0
                  Complete20.0
                  Total20.0

                  Dates

                    Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel