Versions Compared

Old Version 107

changes.mady.by.user John Keeney (Ericsson EST)

Saved on

compared with

New Version 108

changes.mady.by.user John Keeney (Ericsson EST)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: I think security will be mostly taken care of at the ONAP platform level.

...

Additional isolation and execution-environment sandboxing can be supported depending on the Control Loop Element Type. For example: ONAP policies for given Control Loop Instances/Types can be executed in a dedicated PDP engine instances; DCAE or K8S-hosted services can executed in isolated namespaces or in dedicated workers/clusters; etc..

4.4 Security and Multi Tenancy

  • User authentication to use CL runtime (Normal ONAP authentication)
  • User authentication on participants (Certs?)
  • Tenant definition on Control Loop Element, each CLE should be assigned to a tenant
  • User should be authorized to have access to the tenant of the CLE
  • API gateway configuration should match that of tenant

5 APIs and Protocols

The APIs and Protocols used by CLAMP for Control Loops are described on the pages below:

...