Review the ETSI API security recommendations and requirements.  Natasha presented https://wiki.onap.org/download/attachments/45302649/ONAPseccom-API_security.pptx?version=1&modificationDate=1543392613000&api=v2 

This contained a summary of the ETSI-NFV requirements as well the challenges of of openstack, oidc, ietf and 3GPP.

• there was agreement on that the should be token based authentication
• Look at the mechanisms required.
• OAuth 2.0 is supported by AAF and should be recomended.

There was comments that SAML should be avoided.

Guidance is that we need to look more into how to:

• give guidance to the projects
• propogate the token.