VNFRQTS - Security requirements batch 1

Issue-ID: VNFRQTS-691

Signed-off-by: Hagop Bozawglanian <hagop.bozawglanian@att.com>
Change-Id: I928985bf65bb616a058b39ca874abb857e964949

diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 378e6d1..d36708d 100644 (file)
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -1240,11 +1240,11 @@ applicable to encryption or protocol meethods.
 
 .. req::
     :id: R-49109
-    :target: VNF
+    :target: VNF or PNF
     :keyword: MUST
-    :updated: casablanca
+    :updated: el alto
 
-    The VNF **MUST** support HTTP/S using TLS v1.2 or higher
+    The VNF or PNF **MUST** support HTTPS using TLS v1.2 or higher
     with strong cryptographic ciphers.
 
 .. req::

diff --git a/docs/Chapter7/Monitoring-And-Management.rst b/docs/Chapter7/Monitoring-And-Management.rst
index 24ad489..e6886aa 100755 (executable)
--- a/docs/Chapter7/Monitoring-And-Management.rst
+++ b/docs/Chapter7/Monitoring-And-Management.rst
@@ -930,32 +930,31 @@ Security
     :target: VNF or PNF
     :keyword: MUST
     :introduced: casablanca
-    :updated: dublin
-
-    The VNF or PNF **MUST** support the provisioning of security and authentication
-    parameters (HTTP username and password) in order to be able to authenticate
-    with DCAE (in ONAP).
+    :updated: el alto
 
-    Note: In R3, a username and password are used with the DCAE VES Event
-    Listener which are used for HTTP Basic Authentication.
+    If the VNF or PNF is using Basic Authentication, then the VNF or
+    PNF **MUST** support the provisioning of security and authentication
+    parameters (HTTP username and password) in order to be able to
+    authenticate with DCAE VES Event Listener.
 
-    Note: The configuration management and provisioning software are specific
-    to a vendor architecture.
+    Note: The configuration management and provisioning software
+    are specific to a vendor architecture.
 
 .. req::
     :id: R-894004
     :target: VNF or PNF
     :keyword: MUST
     :introduced: casablanca
-    :updated: dublin
+    :updated: el alto
 
-    When the VNF or PNF sets up a HTTP or HTTPS connection to the collector, it **MUST**
-    provide a username and password to the DCAE VES Collector for HTTP Basic
-    Authentication.
+    If the VNF or PNF is using Basic Authentication, then when the VNF
+    or PNF sets up a HTTPS connection to the DCAE VES Event Listener,
+    the VNF or PNF **MUST** provide a username and password to the
+    DCAE VES Event Listener in the Authorization header and the VNF
+    or PNF MUST support one-way TLS authentication.
 
-    Note: HTTP Basic Authentication has 4 steps: Request, Authenticate,
-    Authorization with Username/Password Credentials, and Authentication Status
-    as per RFC7617 and RFC 2617.
+    Note: In one-way TLS authentication, the client (VNF or PNF)
+    must authentication the server (DCAE) certificate.
 
 Bulk Performance Measurement
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/docs/Chapter7/PNF-Plug-and-Play.rst b/docs/Chapter7/PNF-Plug-and-Play.rst
index ce60f81..a77416f 100644 (file)
--- a/docs/Chapter7/PNF-Plug-and-Play.rst
+++ b/docs/Chapter7/PNF-Plug-and-Play.rst
@@ -125,22 +125,13 @@ The following are the requirements related to PNF Plug and Play.
 
 .. req::
     :id: R-763774
-    :target: PNF
+    :target: VNF or PNF
     :keyword: MUST
     :introduced: casablanca
+    :updated: el alto
 
-    The PNF **MUST** support a HTTPS connection to the DCAE VES Event
-    Listener.
-
-.. req::
-    :id: R-579051
-    :target: PNF
-    :keyword: MAY
-    :introduced: casablanca
-
-    The PNF **MAY** support a HTTP connection to the DCAE VES Event Listener.
-
-    Note: HTTP is allowed but not recommended.
+    The VNF or PNF **MUST** support a HTTPS connection to the DCAE
+    VES Event Listener.
 
 .. req::
     :id: R-686466