From: Hagop Bozawglanian Date: Thu, 5 Sep 2019 22:18:33 +0000 (+0000) Subject: VNFRQTS - Security requirements batch 1 X-Git-Tag: 6.0.0-ONAP~72 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=c9031a7fe28b8b53f844de4e12bce03682855cf8;p=vnfrqts%2Frequirements.git VNFRQTS - Security requirements batch 1 Issue-ID: VNFRQTS-691 Signed-off-by: Hagop Bozawglanian Change-Id: I928985bf65bb616a058b39ca874abb857e964949 --- diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 378e6d1..d36708d 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -1240,11 +1240,11 @@ applicable to encryption or protocol meethods. .. req:: :id: R-49109 - :target: VNF + :target: VNF or PNF :keyword: MUST - :updated: casablanca + :updated: el alto - The VNF **MUST** support HTTP/S using TLS v1.2 or higher + The VNF or PNF **MUST** support HTTPS using TLS v1.2 or higher with strong cryptographic ciphers. .. req:: diff --git a/docs/Chapter7/Monitoring-And-Management.rst b/docs/Chapter7/Monitoring-And-Management.rst index 24ad489..e6886aa 100755 --- a/docs/Chapter7/Monitoring-And-Management.rst +++ b/docs/Chapter7/Monitoring-And-Management.rst @@ -930,32 +930,31 @@ Security :target: VNF or PNF :keyword: MUST :introduced: casablanca - :updated: dublin - - The VNF or PNF **MUST** support the provisioning of security and authentication - parameters (HTTP username and password) in order to be able to authenticate - with DCAE (in ONAP). + :updated: el alto - Note: In R3, a username and password are used with the DCAE VES Event - Listener which are used for HTTP Basic Authentication. + If the VNF or PNF is using Basic Authentication, then the VNF or + PNF **MUST** support the provisioning of security and authentication + parameters (HTTP username and password) in order to be able to + authenticate with DCAE VES Event Listener. - Note: The configuration management and provisioning software are specific - to a vendor architecture. + Note: The configuration management and provisioning software + are specific to a vendor architecture. .. req:: :id: R-894004 :target: VNF or PNF :keyword: MUST :introduced: casablanca - :updated: dublin + :updated: el alto - When the VNF or PNF sets up a HTTP or HTTPS connection to the collector, it **MUST** - provide a username and password to the DCAE VES Collector for HTTP Basic - Authentication. + If the VNF or PNF is using Basic Authentication, then when the VNF + or PNF sets up a HTTPS connection to the DCAE VES Event Listener, + the VNF or PNF **MUST** provide a username and password to the + DCAE VES Event Listener in the Authorization header and the VNF + or PNF MUST support one-way TLS authentication. - Note: HTTP Basic Authentication has 4 steps: Request, Authenticate, - Authorization with Username/Password Credentials, and Authentication Status - as per RFC7617 and RFC 2617. + Note: In one-way TLS authentication, the client (VNF or PNF) + must authentication the server (DCAE) certificate. Bulk Performance Measurement ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/Chapter7/PNF-Plug-and-Play.rst b/docs/Chapter7/PNF-Plug-and-Play.rst index ce60f81..a77416f 100644 --- a/docs/Chapter7/PNF-Plug-and-Play.rst +++ b/docs/Chapter7/PNF-Plug-and-Play.rst @@ -125,22 +125,13 @@ The following are the requirements related to PNF Plug and Play. .. req:: :id: R-763774 - :target: PNF + :target: VNF or PNF :keyword: MUST :introduced: casablanca + :updated: el alto - The PNF **MUST** support a HTTPS connection to the DCAE VES Event - Listener. - -.. req:: - :id: R-579051 - :target: PNF - :keyword: MAY - :introduced: casablanca - - The PNF **MAY** support a HTTP connection to the DCAE VES Event Listener. - - Note: HTTP is allowed but not recommended. + The VNF or PNF **MUST** support a HTTPS connection to the DCAE + VES Event Listener. .. req:: :id: R-686466