固件多租户
[英]Fiware multitenancy
问题描述
We are evaluating several platforms for integrating a "Smart Energy System".
我们正在评估集成“智能能源系统”的几个平台。 One important requirement we have to support is multitenancy.我们必须支持的一项重要要求是多租户。 From the docs I can see the possibility to start the Orion Context Broker with this option.从文档中,我可以看到使用此选项启动 Orion Context Broker 的可能性。 Orion will ensure the data separation based on the fiware-service request header. Orion 将确保基于fiware-service请求头的数据分离。
That's fine but how to "secure" this header across the whole software stack (PEP-Proxy, IoT-Agent)?这很好,但是如何在整个软件堆栈(PEP-Proxy、IoT-Agent)中“保护”这个标头?
Which component/device sets this header?哪个组件/设备设置了这个标头? Which component ensures that a request with a specific fiware-service header value is authorized to access the data of this tenant?哪个组件确保具有特定fiware-service标头值的请求被授权访问该租户的数据?
In my opinion this is a task for Wilma as PEP-Proxy.在我看来,这是 Wilma 作为 PEP-Proxy 的任务。 All traffic to Orion is routed through the PEP-Proxy and the proxy checks if this request is valid.所有到 Orion 的流量都通过 PEP-Proxy 路由,代理会检查此请求是否有效。 Unfortunately I can not find such a check within the source code nor it is explained in the documentation.不幸的是,我在源代码中找不到这样的检查,文档中也没有解释。
Has someone implemented such an architecture an can help me?有人实现了这样的架构可以帮助我吗?
1 个解决方案
解决方案1
1 已采纳 2020-10-15 10:46:45
Found another post which answers my question找到另一个帖子回答了我的问题
How to configure access control in Orion NGSI API for tenant isolation using Wilma PEP Proxy and IdM Keyrock?
We will have to implement this kind of authorization for our own.我们将不得不为我们自己实施这种授权。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.