docs/sections/architecture.rst

   1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
   2 .. http://creativecommons.org/licenses/by/4.0
   3 .. Copyright 2020 NOKIA
   4 .. _architecture:
   5
   6 Architecture
   7 ============
   8
   9 Interaction between components
  10 ------------------------------
  11
  12 .. image:: resources/certservice_high_level.png
  13    :width: 855px
  14    :height: 223px
  15    :alt: Interaction between components
  16
  17
  18 Simplified certificate enrollment flow
  19 --------------------------------------
  20
  21 .. image:: resources/certService_cert_enrollment_flow.png
  22    :width: 1191px
  23    :height: 893px
  24    :alt: Simplified certificate enrollment flow
  25
  26 Security considerations
  27 -----------------------
  28
  29 CertService's REST API is protected by mutual HTTPS, meaning server requests client's certificate and **authenticate** only requests with trusted certificate. After ONAP default installation only certificate from CertService's client is trusted. **Authorization** isn't supported in Frankfurt release.