Page Status:
Component Status:
Last Reviewed on:
Certified by:
1. High Level Component Definition and Architectural Relationships (template)
2. Component API definitions
Template Component provides the following interfaces:
| Offered Interface Name | Offered Interface Description | Model | API Specs (Swagger) | |||
| xxxE-1 | External Interface Definition. | capabilities | x.y.z (according to strategy) | |||
| xxxI-2 | Internal interfaces if we want to raise them | Display and update: xxxxx |
Note: xxxI interface is a internal interface. xxxxE interface is a external interface
Template Component consumes the following Interfaces:
| Consumed Interface Name | Consumed Interface Description | ||
3. Component Description:
A more detailed figure and description of the component.
<< link to project-specific description elsewhere >>
4. Component Deployment Architecture
Should reference the deployment section in the component description template
5. New Release Capabilities
<< list the new capabilities that were introduced in this release, or a hot-link to the key features. New sub-chapter per release, as per a release notes document >>
6. Security Conformance
- ONAP Component API and data security conformance
- Describe the component Service Mesh conformance / plan for secure communications, routing, authentication and authorization configurations
- Does the component have AAF dependencies? If so, describe the current dependencies and a migration plan to remove the dependancies
- How does the component support authentication and authorization of its clients (Humans, other applications)?
- Describe the component data protection
- Data storage location/mechanism
- Data protection plan, such as data at rest, data-level access control, data in transit, others
- User sensitive data handling
- Describe the component Service Mesh conformance / plan for secure communications, routing, authentication and authorization configurations
Describe the component / container hardeningThe component must run as non-root-based users. Does the component use non-root-access only? Otherwise, describe the reasons and non-root-access support plansDoes the component container require privilege access/right? If so, describe the reasons and migration plansIs the component image signed digitally for integrity? (TBD)Does the component use the basic image to conform to the global requirement REQ-1073 - Getting issue details... STATUSDoes the component follow the K8s hardening guide? e.g., from NSA, https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF
- Describe the component logging conformance
- Does the component conform to the Log field standards best practice, REQ-1072 - Getting issue details... STATUS ? If not, please describe the reasons and support plans.
- Does the component exclude user sensitive data (e.g., password, private key, other credentials) from logging? If not, please describe the reasons and support plans.
- Does the component support the Logging destination STDOUT / STDERR conformance? If not, please describe the reasons and support plans.
- Documentation for the component security
- Describe the component security architecture and conformance in the document.
- The project should fill out a ONAP Security Review Questionnaire Template and review it with SECCOM.
7. Document Changes
8. References
to any supporting docs that are not referenced in other templates