544 lines
25 KiB
HTML
544 lines
25 KiB
HTML
|
<!DOCTYPE html>
|
|||
|
<html lang="en">
|
|||
|
<head>
|
|||
|
<meta charset="utf-8"/>
|
|||
|
<title>XDR Monetization</title>
|
|||
|
<meta name="author" content="Yann Esposito"/>
|
|||
|
<style type="text/css">
|
|||
|
.underline { text-decoration: underline; }
|
|||
|
</style>
|
|||
|
<link rel="stylesheet" href="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/dist/reveal.css"/>
|
|||
|
|
|||
|
<link rel="stylesheet" href="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/dist/theme/black.css" id="theme"/>
|
|||
|
</head>
|
|||
|
<body>
|
|||
|
<div class="reveal">
|
|||
|
<div class="slides">
|
|||
|
<section id="sec-title-slide">
|
|||
|
<h1 class="title">XDR Monetization</h1><h2 class="author">Yann Esposito</h2><h2 class="date">2023-07-12 Wed 00:00</h2><p class="date">Created: 2023-07-12 Wed 17:38</p>
|
|||
|
</section>
|
|||
|
<section id="table-of-contents-section">
|
|||
|
<div id="table-of-contents" role="doc-toc">
|
|||
|
<h2>Table of Contents</h2>
|
|||
|
<div id="text-table-of-contents" role="doc-toc">
|
|||
|
<ul>
|
|||
|
<li><a href="#/slide-1">1. Intro</a>
|
|||
|
<ul>
|
|||
|
<li><a href="#/slide-1-1">1.1. What?</a></li>
|
|||
|
<li><a href="#/slide-1-2">1.2. Example</a>
|
|||
|
<ul>
|
|||
|
<li><a href="#/slide-1-2-1">1.2.1. Entitlements:</a></li>
|
|||
|
<li><a href="#/slide-1-2-2">1.2.2. Access Rule example:</a></li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><a href="#/slide-1-3">1.3. How?</a></li>
|
|||
|
<li><a href="#/slide-1-4">1.4. Also Entitlement Summary</a></li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><a href="#/slide-2">2. Entitlements (technically)</a>
|
|||
|
<ul>
|
|||
|
<li><a href="#/slide-2-1">2.1. Just the Tier, no add-on:</a></li>
|
|||
|
<li><a href="#/slide-2-2">2.2. Tier with add-ons</a></li>
|
|||
|
<li><a href="#/slide-2-3">2.3. PIAM Doc</a>
|
|||
|
<ul>
|
|||
|
<li><a href="#/slide-2-3-1">2.3.1. Entitlements</a></li>
|
|||
|
<li><a href="#/slide-2-3-2">2.3.2. name</a></li>
|
|||
|
<li><a href="#/slide-2-3-3">2.3.3. value</a></li>
|
|||
|
<li><a href="#/slide-2-3-4">2.3.4. quantity</a></li>
|
|||
|
<li><a href="#/slide-2-3-5">2.3.5. quantity<sub>enforced</sub></a></li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><a href="#/slide-3">3. Entitlement Summary</a>
|
|||
|
<ul>
|
|||
|
<li><a href="#/slide-3-1">3.1. Structure</a></li>
|
|||
|
<li><a href="#/slide-3-2">3.2. Tier-only Entitlement</a></li>
|
|||
|
<li><a href="#/slide-3-3">3.3. The <code>EntitlementSummary</code> will look like this:</a></li>
|
|||
|
<li><a href="#/slide-3-4">3.4. With Add-ons</a></li>
|
|||
|
<li><a href="#/slide-3-5">3.5. The <code>EntitlementSummary</code> will be:</a></li>
|
|||
|
<li><a href="#/slide-3-6">3.6. <code>Entitlements</code> consumption in js</a></li>
|
|||
|
<li><a href="#/slide-3-7">3.7. EntitlementSummary consumption in js</a></li>
|
|||
|
<li><a href="#/slide-3-8">3.8. More to come</a>
|
|||
|
<ul>
|
|||
|
<li><a href="#/slide-3-8-1">3.8.1. IROH Internal</a></li>
|
|||
|
<li><a href="#/slide-3-8-2">3.8.2. XDR global values</a></li>
|
|||
|
<li><a href="#/slide-3-8-3">3.8.3. Example</a></li>
|
|||
|
<li><a href="#/slide-3-8-4">3.8.4. Summary</a></li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><a href="#/slide-4">4. Conclusion</a></li>
|
|||
|
</ul>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
</section>
|
|||
|
|
|||
|
<section>
|
|||
|
<section id="slide-1">
|
|||
|
<h2 id="1"><span class="section-number-2">1.</span> Intro</h2>
|
|||
|
<div class="outline-text-2" id="text-1">
|
|||
|
</div>
|
|||
|
</section>
|
|||
|
<section id="slide-1-1">
|
|||
|
<h3 id="1-1"><span class="section-number-3">1.1.</span> What?</h3>
|
|||
|
<ul>
|
|||
|
<li><b>Entitlements</b>: What the customer is paying for.</li>
|
|||
|
<li><b>Access Rules</b>: What services should allow, restrict.</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-1-2">
|
|||
|
<h3 id="1-2"><span class="section-number-3">1.2.</span> Example</h3>
|
|||
|
<div class="outline-text-3" id="text-1-2">
|
|||
|
</div>
|
|||
|
</section>
|
|||
|
<section id="slide-1-2-1">
|
|||
|
<h4 id="1-2-1"><span class="section-number-4">1.2.1.</span> Entitlements:</h4>
|
|||
|
<ul>
|
|||
|
<li>Tier: Essentials for 1000 <i>users</i> (number of <a href="https://cisco.sharepoint.com/sites/SecurityPersonas/SitePages/prime-employee.aspx?csf=1&web=1&e=LcTwTp">Lees</a>).</li>
|
|||
|
<li>Extra Data Retention “add-on”: 180 <i>days</i></li>
|
|||
|
<li>Extra Ingest “add-on”: 2 <i>GB</i></li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-1-2-2">
|
|||
|
<h4 id="1-2-2"><span class="section-number-4">1.2.2.</span> Access Rule example:</h4>
|
|||
|
<ul>
|
|||
|
<li><b>Total Ingest</b>: 4000GB (1000 user × (2GB + 2GB))</li>
|
|||
|
<li><b>Time to Keep Data</b>: 180 days (yes, <b>extra</b> might not mean what we could expect)</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
<p>
|
|||
|
ref: <a href="https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md#entitlements">https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md#entitlements</a>
|
|||
|
</p>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-1-3">
|
|||
|
<h3 id="1-3"><span class="section-number-3">1.3.</span> How?</h3>
|
|||
|
<p>
|
|||
|
Entitlement represent what the customer pays for.
|
|||
|
PIAM creates and updates them.
|
|||
|
</p>
|
|||
|
|
|||
|
|
|||
|
<div id="org8d3f723" class="figure">
|
|||
|
<p><img src="xdr-monetization-piam-entitlements.png" alt="xdr-monetization-piam-entitlements.png" />
|
|||
|
</p>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-1-4">
|
|||
|
<h3 id="1-4"><span class="section-number-3">1.4.</span> Also Entitlement Summary</h3>
|
|||
|
<p>
|
|||
|
IROH exposes an API to retrieve an <code>EntitlementSummary</code>.
|
|||
|
A data structure easier to consume than the list of entitlements.
|
|||
|
</p>
|
|||
|
|
|||
|
|
|||
|
<div id="org53caa80" class="figure">
|
|||
|
<p><img src="xdr-monetization-piam-entitlement-summary.png" alt="xdr-monetization-piam-entitlement-summary.png" />
|
|||
|
</p>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
</section>
|
|||
|
<section>
|
|||
|
<section id="slide-2">
|
|||
|
<h2 id="2"><span class="section-number-2">2.</span> Entitlements (technically)</h2>
|
|||
|
<p>
|
|||
|
Example of a list of <code>Entitlements</code> sent by PIAM to IROH:
|
|||
|
</p>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-2-1">
|
|||
|
<h3 id="2-1"><span class="section-number-3">2.1.</span> Just the Tier, no add-on:</h3>
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">[{<span style="color: #79740e;">"name"</span> <span style="color: #79740e;">"tier"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span> <span style="color: #79740e;">"advantage"</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span> {<span style="color: #79740e;">"value"</span> <span style="color: #8f3f71; font-weight: bold;">1000</span>, <span style="color: #79740e;">"unit"</span> <span style="color: #79740e;">"users"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span> <span style="color: #8f3f71;">true</span>}]
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-2-2">
|
|||
|
<h3 id="2-2"><span class="section-number-3">2.2.</span> Tier with add-ons</h3>
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">[{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"tier"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">"essentials"</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">1000</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"users"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>},
|
|||
|
{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"extra_ingest"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">""</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">2</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"GB"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>},
|
|||
|
{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"extra_data_retention"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">""</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">180</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"days"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>}]
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-2-3">
|
|||
|
<h3 id="2-3"><span class="section-number-3">2.3.</span> PIAM Doc</h3>
|
|||
|
<p>
|
|||
|
From <a href="https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md#entitlements">Paul Chichonski’s doc</a>
|
|||
|
</p>
|
|||
|
|
|||
|
<p>
|
|||
|
<a href="https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/product-spec.md#multi-valued-attributes">https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/product-spec.md#multi-valued-attributes</a>
|
|||
|
</p>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-2-3-1">
|
|||
|
<h4 id="2-3-1"><span class="section-number-4">2.3.1.</span> Entitlements</h4>
|
|||
|
<ul>
|
|||
|
<li><code>entitlements</code> – A list of entitlements the tenant is allowed to use. Each item in
|
|||
|
the list is an object with the following fields:</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">[{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"tier"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">"essentials"</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">1000</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"users"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>},
|
|||
|
{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"extra_ingest"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">""</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">2</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"GB"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>}]
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-2-3-2">
|
|||
|
<h4 id="2-3-2"><span class="section-number-4">2.3.2.</span> name</h4>
|
|||
|
<ul>
|
|||
|
<li><code>name</code> – The name of the entitlement (defined as part of the entitlement
|
|||
|
controlled vocabulary between PIAM and the product)</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-2-3-3">
|
|||
|
<h4 id="2-3-3"><span class="section-number-4">2.3.3.</span> value</h4>
|
|||
|
<ul>
|
|||
|
<li><code>value</code> – Some entitlements will have a string value that serves to qualify the
|
|||
|
entitlement. For example an entitlement with <code>name=tier</code> may have three
|
|||
|
different manifestations if there are three different tiers (e.g., <code>{"name":
|
|||
|
"tier", "value": "essentials"}</code>, <code>{"name": "tier", "value": "primary"}</code>,
|
|||
|
<code>{"name": "tier", "value": "advantage"}</code>)</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-2-3-4">
|
|||
|
<h4 id="2-3-4"><span class="section-number-4">2.3.4.</span> quantity</h4>
|
|||
|
<ul>
|
|||
|
<li><code>quantity</code> – Some entitlements will have numeric quantity associated with the
|
|||
|
entitlement, this represents the amount of this entitlement the tenant is
|
|||
|
permitted to consume. Each quantity field will contain an object with the
|
|||
|
following values:
|
|||
|
<ul>
|
|||
|
<li><code>value</code> - The number holding the actual quantity.</li>
|
|||
|
<li><code>unit</code> - A string representing what unit to use when interpreting the quantity.</li>
|
|||
|
|
|||
|
</ul></li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-2-3-5">
|
|||
|
<h4 id="2-3-5"><span class="section-number-4">2.3.5.</span> quantity<sub>enforced</sub></h4>
|
|||
|
<ul>
|
|||
|
<li><code>quantity_enforced</code> – A boolean field, if <code>true</code> it means that the product
|
|||
|
should enforce the allocated quantity of the entitlement for this tenant. It
|
|||
|
is up to the product to determine how to do this. Cases where this will be
|
|||
|
<code>false</code> are if the customer purchased via a buying program that supports a
|
|||
|
“pay as you go” pricing model.</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
</section>
|
|||
|
<section>
|
|||
|
<section id="slide-3">
|
|||
|
<h2 id="3"><span class="section-number-2">3.</span> Entitlement Summary</h2>
|
|||
|
<p>
|
|||
|
The Entitlement Summary provides a data-structure easier to consume
|
|||
|
than the entitlements list.
|
|||
|
</p>
|
|||
|
|
|||
|
<ul>
|
|||
|
<li>A JSON Object instead of list.</li>
|
|||
|
<li>Additional technically useful entries.</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-1">
|
|||
|
<h3 id="3-1"><span class="section-number-3">3.1.</span> Structure</h3>
|
|||
|
<p>
|
|||
|
The main structure of the <code>EntitlementSummary</code> is:
|
|||
|
</p>
|
|||
|
|
|||
|
<pre class="example">
|
|||
|
{<entitlement-name>: <entitlement-details>}
|
|||
|
</pre>
|
|||
|
|
|||
|
<p>
|
|||
|
Where <code><entitlement-details></code> looks like:
|
|||
|
</p>
|
|||
|
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">{<span style="color: #79740e;">"title"</span>: <span style="color: #79740e;">"something"</span>, <span style="color: #a89984;">// </span><span style="color: #a89984;"><- optional instead of value:""</span>
|
|||
|
<span style="color: #79740e;">"quantity"</span>: Integer,
|
|||
|
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"human-readable-unit"</span>,
|
|||
|
<span style="color: #79740e;">"enforce?"</span>: Boolean}
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
</section>
|
|||
|
<section id="slide-3-2">
|
|||
|
<h3 id="3-2"><span class="section-number-3">3.2.</span> Tier-only Entitlement</h3>
|
|||
|
<p>
|
|||
|
When PIAM send this list of <code>Entitlements</code>:
|
|||
|
</p>
|
|||
|
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">[{<span style="color: #79740e;">"name"</span> : <span style="color: #79740e;">"tier"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span> : <span style="color: #79740e;">"advantage"</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span> : {<span style="color: #79740e;">"value"</span> : <span style="color: #8f3f71; font-weight: bold;">32000</span>,
|
|||
|
<span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"users"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span> : <span style="color: #8f3f71;">true</span>}]
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-3">
|
|||
|
<h3 id="3-3"><span class="section-number-3">3.3.</span> The <code>EntitlementSummary</code> will look like this:</h3>
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">{<span style="color: #79740e;">"tier"</span> : {<span style="color: #79740e;">"title"</span> : <span style="color: #79740e;">"advantage"</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span> : <span style="color: #8f3f71; font-weight: bold;">32000</span>,
|
|||
|
<span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"users"</span>,
|
|||
|
<span style="color: #79740e;">"enforce?"</span> : <span style="color: #8f3f71;">true</span>}}
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-4">
|
|||
|
<h3 id="3-4"><span class="section-number-3">3.4.</span> With Add-ons</h3>
|
|||
|
<p>
|
|||
|
If PIAM send a list of <code>Entitlements</code> with add-ons:
|
|||
|
</p>
|
|||
|
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">[ {<span style="color: #79740e;">"name"</span> : <span style="color: #79740e;">"tier"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span> : <span style="color: #79740e;">"premier"</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span> : {<span style="color: #79740e;">"value"</span> : <span style="color: #8f3f71; font-weight: bold;">1000</span>, <span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"users"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span> : <span style="color: #8f3f71;">true</span>},
|
|||
|
{<span style="color: #79740e;">"name"</span> : <span style="color: #79740e;">"extra_ingest"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span> : <span style="color: #79740e;">""</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span> : {<span style="color: #79740e;">"value"</span> : <span style="color: #8f3f71; font-weight: bold;">2</span>, <span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"GB"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span> : <span style="color: #8f3f71;">true</span>},
|
|||
|
{<span style="color: #79740e;">"name"</span> : <span style="color: #79740e;">"extra_data_retention"</span>,
|
|||
|
<span style="color: #79740e;">"value"</span> : <span style="color: #79740e;">""</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span> : {<span style="color: #79740e;">"value"</span> : <span style="color: #8f3f71; font-weight: bold;">180</span>, <span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"days"</span>},
|
|||
|
<span style="color: #79740e;">"enforce-quantity"</span> : <span style="color: #8f3f71;">true</span>}]
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-5">
|
|||
|
<h3 id="3-5"><span class="section-number-3">3.5.</span> The <code>EntitlementSummary</code> will be:</h3>
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">{<span style="color: #79740e;">"tier"</span>: {<span style="color: #79740e;">"title"</span>: <span style="color: #79740e;">"premier"</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">1000</span>,
|
|||
|
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"users"</span>,
|
|||
|
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
|
|||
|
<span style="color: #79740e;">"extra_data_retention"</span>: {<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">180</span>,
|
|||
|
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"days"</span>,
|
|||
|
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
|
|||
|
<span style="color: #79740e;">"extra_ingest"</span>: {<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">2</span>,
|
|||
|
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"GB"</span>,
|
|||
|
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>}}
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-6">
|
|||
|
<h3 id="3-6"><span class="section-number-3">3.6.</span> <code>Entitlements</code> consumption in js</h3>
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js"><span style="color: #9d0006;">function</span> <span style="color: #b57614;">get_entitlement_tier</span> (<span style="color: #076678;">entitlements</span>) {
|
|||
|
<span style="color: #9d0006;">for</span> (entitlement <span style="color: #9d0006;">in</span> org.entitlements) {
|
|||
|
<span style="color: #9d0006;">if</span> (entitlement.name == <span style="color: #79740e;">"tier"</span>) {
|
|||
|
<span style="color: #9d0006;">return</span> entitlement.title;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
<span style="color: #9d0006;">let</span> <span style="color: #076678;">tier</span> = get_entitlement_tier (entitlements);
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-7">
|
|||
|
<h3 id="3-7"><span class="section-number-3">3.7.</span> EntitlementSummary consumption in js</h3>
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js"><span style="color: #9d0006;">let</span> <span style="color: #076678;">tier</span> = whoami.org[<span style="color: #79740e;">"entitlement-summary"</span>].tier.title;
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-8">
|
|||
|
<h3 id="3-8"><span class="section-number-3">3.8.</span> More to come</h3>
|
|||
|
<div class="outline-text-3" id="text-3-8">
|
|||
|
</div>
|
|||
|
</section>
|
|||
|
<section id="slide-3-8-1">
|
|||
|
<h4 id="3-8-1"><span class="section-number-4">3.8.1.</span> IROH Internal</h4>
|
|||
|
<p>
|
|||
|
But we plan to add more technical specific values so it helps every Entitlement consumer.
|
|||
|
That way it would make possible to share between product specific technical values.
|
|||
|
</p>
|
|||
|
|
|||
|
<p>
|
|||
|
For example, we plan to add:
|
|||
|
</p>
|
|||
|
<ul>
|
|||
|
<li>a list of allowed modules.</li>
|
|||
|
<li>an optional list of additional scopes</li>
|
|||
|
<li>rate limits</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-8-2">
|
|||
|
<h4 id="3-8-2"><span class="section-number-4">3.8.2.</span> XDR global values</h4>
|
|||
|
<p>
|
|||
|
If you want us to add some information, so we could centralize some logic
|
|||
|
related to entitlement into IROH just ask us to add it.
|
|||
|
Ideally, this should only contain data that could be shared between different modules.
|
|||
|
For example:
|
|||
|
</p>
|
|||
|
|
|||
|
<ul>
|
|||
|
<li>allowed workflows, or allowed properties for workflows</li>
|
|||
|
<li>specific limitations for a specific module (read-only, etc…)</li>
|
|||
|
|
|||
|
</ul>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-8-3">
|
|||
|
<h4 id="3-8-3"><span class="section-number-4">3.8.3.</span> Example</h4>
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">{<span style="color: #79740e;">"tier"</span>: {<span style="color: #79740e;">"title"</span>: <span style="color: #79740e;">"premier"</span>,
|
|||
|
<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">1000</span>,
|
|||
|
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"users"</span>,
|
|||
|
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
|
|||
|
<span style="color: #79740e;">"extra_data_retention"</span>: {<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">180</span>,
|
|||
|
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"days"</span>,
|
|||
|
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
|
|||
|
<span style="color: #79740e;">"extra_ingest"</span>: {<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">2</span>,
|
|||
|
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"GB"</span>,
|
|||
|
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
|
|||
|
<span style="color: #a89984;">// </span><span style="color: #a89984;">---- SUMMARY OF TECHNICAL LIMITS</span>
|
|||
|
<span style="color: #79740e;">"summary"</span> {...}}
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
<section id="slide-3-8-4">
|
|||
|
<h4 id="3-8-4"><span class="section-number-4">3.8.4.</span> Summary</h4>
|
|||
|
<div class="org-src-container">
|
|||
|
|
|||
|
<pre class="src src-js">{<span style="color: #a89984;">// </span><span style="color: #a89984;">---- SUMMARY OF TECHNICAL LIMITS</span>
|
|||
|
<span style="color: #79740e;">"summary"</span> {
|
|||
|
<span style="color: #a89984;">// </span><span style="color: #a89984;">PIAM Logic</span>
|
|||
|
<span style="color: #79740e;">"data-retention-in-days"</span>: <span style="color: #8f3f71; font-weight: bold;">180</span>, <span style="color: #a89984;">// </span><span style="color: #a89984;">use extra_data_retention + tier</span>
|
|||
|
<span style="color: #79740e;">"data-maximal-size-in-GB"</span>: <span style="color: #8f3f71; font-weight: bold;">4000</span>, <span style="color: #a89984;">// </span><span style="color: #a89984;">use extra_ingest + tier quantity</span>
|
|||
|
<span style="color: #a89984;">// </span><span style="color: #a89984;">IROH Internal</span>
|
|||
|
<span style="color: #79740e;">"additional-scopes"</span>: [ ... ], <span style="color: #a89984;">// </span><span style="color: #a89984;">depends on the tier</span>
|
|||
|
<span style="color: #79740e;">"allowed-modules"</span>: [ ... ], <span style="color: #a89984;">// </span><span style="color: #a89984;">depends on the tier</span>
|
|||
|
<span style="color: #a89984;">// </span><span style="color: #a89984;">XDR Shared Global Rules</span>
|
|||
|
<span style="color: #79740e;">"restricted-workflows"</span>: [...], <span style="color: #a89984;">// </span><span style="color: #a89984;">depends on the tier (or something else)</span>
|
|||
|
<span style="color: #79740e;">"rate-limits"</span>: <span style="color: #a89984;">// </span><span style="color: #a89984;">can change depending on the tier</span>
|
|||
|
{<span style="color: #79740e;">"sca"</span>: {<span style="color: #79740e;">"queries-per-minutes"</span>: <span style="color: #79740e;">"100"</span>},
|
|||
|
<span style="color: #79740e;">"sxo"</span>: {<span style="color: #79740e;">"queries-per-minutes"</span>: <span style="color: #79740e;">"80"</span>},
|
|||
|
<span style="color: #79740e;">"csc"</span>: ...},
|
|||
|
...
|
|||
|
}
|
|||
|
}
|
|||
|
</pre>
|
|||
|
</div>
|
|||
|
|
|||
|
</section>
|
|||
|
</section>
|
|||
|
<section>
|
|||
|
<section id="slide-4">
|
|||
|
<h2 id="4"><span class="section-number-2">4.</span> Conclusion</h2>
|
|||
|
<ul>
|
|||
|
<li>tier? <code>GET /iroh/profile/whoami</code>
|
|||
|
then <code>whoami.org["entitlement-summary"].tier.title</code></li>
|
|||
|
<li>Summary only: <code>GET /iroh/profile/entitlement-summary</code></li>
|
|||
|
<li>raw entitlements: <code>GET /iroh/profile/entitlements</code></li>
|
|||
|
|
|||
|
</ul>
|
|||
|
</section>
|
|||
|
</section>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/dist/reveal.js"></script>
|
|||
|
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/plugin/markdown/markdown.js"></script>
|
|||
|
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/plugin/notes/notes.js"></script>
|
|||
|
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/plugin/search/search.js"></script>
|
|||
|
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/plugin/zoom/zoom.js"></script>
|
|||
|
<script>
|
|||
|
// Full list of configuration options available here:
|
|||
|
// https://github.com/hakimel/reveal.js#configuration
|
|||
|
Reveal.initialize({
|
|||
|
|
|||
|
controls: true,
|
|||
|
progress: true,
|
|||
|
history: false,
|
|||
|
center: true,
|
|||
|
slideNumber: 'c',
|
|||
|
rollingLinks: false,
|
|||
|
keyboard: true,
|
|||
|
mouseWheel: false,
|
|||
|
fragmentInURL: false,
|
|||
|
hashOneBasedIndex: false,
|
|||
|
pdfSeparateFragments: true,
|
|||
|
overview: true,
|
|||
|
|
|||
|
transition: 'convex',
|
|||
|
transitionSpeed: 'default',
|
|||
|
|
|||
|
// Plugins with reveal.js 4.x
|
|||
|
plugins: [ RevealMarkdown, RevealNotes, RevealSearch, RevealZoom ],
|
|||
|
|
|||
|
// Optional libraries used to extend reveal.js
|
|||
|
dependencies: [
|
|||
|
]
|
|||
|
|
|||
|
});
|
|||
|
</script>
|
|||
|
</body>
|
|||
|
</html>
|