Versions Compared

Version Old Version 2 New Version Current
Changes made by

Byung-Woo Jun

Byung-Woo Jun

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Communication security between SOL003/SOL005 Adapters and SVNFM/NFVO

Feature Descriptions

Feature

Description

Feature

Description

Secured communication and authentication and authorization support

Secured communication and authentication and authorization support between SOL003/SOL005 Adapter and External NFVO

  • HTTPS protocol
  • Authentication and Authorization support via AAF

Epic and User Story

Epic

User Story

Description

Guilin Plan?

JIRA

Secured communication
Support Secure communication for ONAP Internal components and ONAP External componentsYes

SO needs to  a common security communication solution for ONAP internal componentsSO needs to  a common security communication solutionYes

Secured communication between SOL003 Adapter and SVNFMSecured communication between SOL003 Adapter and SVNFMYesCovered by SOL003 Adapter JIRA

Secured communication between SOL005 Adapter and external NFVOSecured communication between SOL005 Adapter and external NFVOYesCovered by SOL005 Adapter JIRA

Authentication and authorization support between between SOL003 Adapter and SVFNM

Authentication and authorization support between between SOL003 Adapter and SVFNM

  • support of vendor SVNFM authentication and authorization
  • support of SOL003 Adapter authentication and authorization
YesCovered by SOL003 Adapter JIRA

Authentication and authorization support between between SOL005 Adapter and external NFVO

Authentication and authorization support between between SOL005 Adapter and external NFVO

  • support of external NFVO authentication and authorization
  • support of SOL005 Adapter authentication and authorization
YesCovered by SOL005 Adapter JIRA

Authentication and authorization support between between SOL002 Adapter and SVFNM

Authentication and authorization support between between SOL002 Adapter and SVFNM

  • support of vendor SVNFM authentication and authorization - OAuth2 Token-based only
  • support of SOL002 Adapter authentication and authorization - OAuth2 Token-based only
YesCovered by SOL002 Adapter JIRA

Communication Security Architecture for SOL005 and SOL003 APIs

  • ONAP ETSI-Alignment API security conforms to ETSI NFV SEC022 Security specification (SEC022 GS).
  • Requirement: External NFVO and SVNFM need to validate incoming ETSI package
  • The SOL003/SOL005 Adapters communicate with the SVNFM and the external NFVO via secured HTTPS protocol with a proper authentication and authorization.
    • Support of HTTPs protocol is a must
    • SOL003/SOL005 Adapters provide security mechanism for authentication and authorization.
    • SVNFM/NFVO provide security mechanism for authentication and authorization.
    • authentication federation between the Adapters and the SVNFM/NFVO is under discussion.
  • <describe authentication choices and use of AAF here> 


High-Level View

The following diagram depicts a high-level view of ONAP ETSI-Alignment API security.

Gliffy
macroId698cf91d-a283-44ee-a8c6-967f41343468
nameETSI Secure Communication High-level for Guilin
pagePin2



Detailed View

Gliffy
macroId7cf46312-dd58-4673-a845-35b00e7bb0e1
nameETSI Secure Communication for Guilin
pagePin4

 



HTTPS Support

To secure communications between the SOL003/SOL005 Adapter and SVNFM/NFVO, the communication between them will be done via HTTPS protocol.

...