component: New example component to showcase how to include the PartyRole as part of security definition.

[LesterThomas]

Description

Create a folder of example components (separate from the Component folder showcasing real components from Software Vendors). The first example component will showcase the Role-based security - it mandates every component to implement the listPartyRole and retrieveParty role operations of the TMF669 PartyRoleManagement api (as a minimum) and update the component security meta-data to detail where this API is exposed.

[LesterThomas]

This is the proposal I have discussed with @Brian Burton for the 1.Demonstrate Security validation for ODA Components Epic: I welcome any comments, suggestions or contributions!

• The Identity Management for role-based security should sit in the Canvas: We will implement Keycloak as the reference implementation for this (the goal is that other Identity Management services can be supported and so the interfaces between the Components and Canvas will be based on open standards). We will develop a set of Helm Charts to enable keycloak to be automatically deployed in the Canvas.
• Each component should expose the roles it uses: This means each component should implement the listPartyRole and retrieveParty role operations of the TMF669 PartyRoleManagement api (as a minimum) and update the component security meta-data to detail where this API is exposed.
• We will implement an example component to demonstrate this mechanism. (I propose that we create a set of example components in the oda-ca-docs repository)

[rxwilliams]

The Oracle "Launch Experience" Communications Industry product catalog includes some standard role definitions and enables others to be created and managed centrally. Standard roles, for example:

• Product Manager
• Application Implementation Consultant
• Product Data Steward
• IT Security Manager
• Communications Catalog Administrator

We have more definition of these roles and what they enable in the application, if that helps