R8 Certificate Management Protocol
- Benjamin Cheung
Use Case Overview & Description
The Certificate Management Protocol (CMP) is an Internet protocol used for obtaining X.509 digital certificates in a public key infrastructure (PKI). It is described in RFC 4210 and is one of two protocols so far to use the Certificate Request Message Format (CRMF), described in RFC 4211, with the other protocol being Certificate Management over CMS (CMC), described in RFC 5273. An obsolete version of CMP is described in RFC 2510, the respective CRMF version in RFC 2511. CMP messages are encoded in ASN.1, using the DER method and usually transported over HTTP. CMP (Certificate Management Protocol) Server & Client (completed in R6)
Use Case Key Information
TOPIC | DESCRIPTION | WIKI PAGE |
Requirements Proposal | This is a link to the requirements proposal made on the Requirements Sub-committee | |
Architecture S/C info | Information on the Architecture sub-committee presentation | ONAPARC-634: (Honolulu-R8) - Func - CMPv2 enhancements in R8Closed |
Architecture Review Presentation made Nov 17, 2020 | ||
Prior Project "Base" Wiki | Link to the "base" wiki for the Use Case, or work from a prior release. | |
Requirements Jira (REQ-###) Ticket | Link to the REQ Jira ticket for this use case | |
Key Use Case Leads & Contacts | USE CASE LEAD: @Pawel Baniewski USE KEY CONTACTS: | |
Meetings Register & Recordings | Link to Use Case Team meetings. |
BUSINESS DRIVER
This section describes Business Drivers needs. These business drivers are presented on the Requirements Sub-committee and should also be put into the release requirements sub-committee page.
Executive Summary - The CMPv2 work in R8 will develop (1) Integration with Cert-Manager (certificate enrollment solution recommended by OOM) and (2) DCAE further integration (expected to be completed by R7 bug fixes). This requirement improves ONAP Security with CMPv2. CMP is used by multiple operations including Plug and Play, and NetConf operation. In R6 CMPv2 Certificate Service and basic development was implemented. Integration with server & client to the certificate service was completed. There are also two ONAP bordering component that were integrated with the certificate service with interfaces to SDN-C and DCAE. See the REQ-431: https://jira.onap.org/browse/REQ-431?src=confmacro
Business Impact - The enhancement to CMPv2 operation will improve security management within ONAP and affects multiple ONAP functions and use cases, including Plug and Play (PNF registration) and NetConf. As with all security functionality within ONAP, Security is a fundamental aspect of FCAPS, being the "S" for security management.
Business Markets - This project applies to any domain (wireless, transport, optical, and wireline) that ONAP may manage.
Funding/Financial Impacts - Potential OPEX savings with enhanced security to prevent breaches and prevent security compromises.
Organization Mgmt, Sales Strategies - There is no additional organizational management or sales strategies for this use case outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.
Development Status
PROJECT | PTL | User Story / Epic | Requirement |
A&AI | @William Reehil | ||
AAF | @Jonathan Gathman | ||
APPC | @Takamune Cho | ||
CLAMP | @Gervais-Martial Ngueko | ||
CC-SDK | @Dan Timoney | ||
DCAE | @Vijay Kumar | ||
DMaaP | @Mandar Sawant | ||
External API | @Adrian OSullivan | ||
HOLMES | @Guangrong Fu | ||
MODELING | @Hui Deng | ||
Multi-VIM / Cloud | @Bin Yang | ||
OOF | @krishna moorthy | ||
OOM | @Sylvain Desbureaux | ||
POLICY | @James Hahn | ||
PORTAL | @Sunder Tattavarada | ||
SDN-C | @Dan Timoney | ||
SDC | @ChrisC | ||
SO | @Seshu Kumar Mudiganti | ||
VID | @Ikram Ikramullah | ||
VF-C | @Yuanhong Deng | ||
VNFRQTS | @Steven wright | ||
VNF-SDK | @victor gao | ||
CDS | @Yuriy Malakov |
List of PTLs:Approved Projects
*Each Requirement should be tracked by its own User Story in JIRA
USE CASE DIAGRAM
Use cases define how different users interact with a system under design. Each use case represents an action that may be performed by a user (defined in UML as an Actor with a user persona).
Use Case Functional Definitions
Use Case Title | Title of the Use Case |
Actors (and System Components) | The list of Actors and System Components that participate in the Use Case |
Description | Short overview of the Use Case |
Points of Contact | Authors and maintainers of the Use Case. Use Case Lead, Key Use Case members and code contributors. |
Preconditions | A list of conditions that are assumed to be true before the Use Case is invoked Includes description of Information Consumed |
Triggers / Begins when | Describes the trigger for beginning the Use Case |
Steps / Flows (success) | Describes the sequence of steps and interactions that occur during the Use Case (may include: description, data exchanges, functionality, state changes) Interaction diagrams may be included or referenced |
Post-conditions | The expected results of the execution of the Use Case Includes description of Information Produced |
Alternate / Exception Paths | Description of any exceptions or special process that could occur during Use Case |
Related Use Cases | List of the Use Cases referenced by this Use Case |
Assumptions | Describes any assumptions that are made for this use case |
Tools / References / Artifacts | List of any tools or reference material associated with this Use Case as well as any JIRA trace-ability. List of any associated diagrams or modelling artifacts associated with the Use Case |
TESTING
Current Status
Testing Blockers
High visibility bugs
Other issues for testing that should be seen at a summary level
Where possible, always include JIRA links
End to End flow to be Tested
**This should be a summary level Sequence diagram done in Gliffy**
Test Cases and Status
1 | There should be a test case for each item in the sequence diagram | NOT YET TESTED |
2 | create additional requirements as needed for each discreet step | COMPLETE |
3 | Test cases should cover entire Use Case | PARTIALLY COMPLETE |