Versions Compared

Old Version 5

changes.mady.by.user Jonathan Gathman

Saved on

compared with

New Version 6

changes.mady.by.user Jonathan Gathman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Access

You must be connected to the WindRiver "pod-onap-01" VPN to gain access to AAF Beijing

...

10.12.6.214 aaf-onap-beijing-test aaf-onap-beijing-test.osaaf.org

Environment Artifacts (AAF FS)

AAF has an HTTP Fileserver to gain access to needed public info.

http://aaf-onap-beijing-test.osaaf.org/-

Certificates

Root Certificate
Anchor
RootCertificate
RootCertificate

AAF CA

At time of Beijing, an official Certificate Authority for ONAP was not declared, installed or operationalized.  Secure TLS requires certificates, so for the time being, the Certificate Authority is being run by AAF Team.

Root Certificate

The Root Certificate for ONAP Certificate Authority used by AAF

...

is AAF_RootCA.cer

...


Depending on your Browser/ Operating System, clicking on this link will allow you to install this Cert into your Browser for GUI access (see next)

This Root Certificate is also available in "truststore" form, ready to be used by Java or other processes in pkcs12 format: truststoreONAP.p12.  

Note: as of Java 8, pkcs12 format is recommended, rather than jks.  Java's "keytool" utility provides a conversion for .jks for Java 7 and previous.

Identity

Certificates certify nothing if there is no identity or process to verify the Identity.  Typically, for a company, an HR department will establish the formal organization, specifically, who reports to whom.  For ONAP, at time of Beijing, no such formalized "Org Chart" existed, so we'll be building this up as we go along.

Therefore, with each Certificate Request, we'll need identity information as well, that will be entered into an ONAP Identity file.  Again, as a real company, this can be derived or accessed real-time (if available) as an "Organization Plugin".  Again, as there appears to be no such central formal system in ONAP, or until ONAP declares such a system, AAF will control this data.

For each Identity, we'll need:

  People

# 0 - unique ID (for Apps, just make sure it is unique, for People, one might consider your LinuxFoundation ID)
# 1 - full name (for App, name of the APP)
# 2 - first name (for App, 
# 3 - last name
# 4 - phone
# 5 - official email
# 6 - type - person
# 7 - reports to: If you are working as part of a Project, list the PTL of your Project.  If you are PTL, just declare you are the PTL 

  Applications

# 0 - unique ID - Let's go with this naming convention:  a[0-9]{4}[a-z,0-9], meaning the letter "a", followed by 4 digits and a final letter or digit. 
# 1 - full name of the App
# 2 - App Acronym
# 3 - App Description, or just "Application"
# 5 - official email - I would expect a Distribution list for the Application, or the Email of the Owner.
# 6 - type - application
# 7 - reports to: give the Application Owner's Unique ID.  Note, this should also be the Owner in AAF Namespace

GUI

https://aaf-onap-beijing-test.osaaf.org:8095

Note: this link is actually to the AAF Locator, which redirects you to an available GUI

...