-
Story
-
Resolution: Unresolved
-
High
-
None
-
None
Review the ETSI API security recommendations and requirements. Natasha presented https://wiki.onap.org/download/attachments/45302649/ONAPseccom-API_security.pptx?version=1&modificationDate=1543392613000&api=v2
This contained a summary of the ETSI-NFV requirements as well the challenges of of openstack, oidc, ietf and 3GPP.
- there was agreement on that the should be token based authentication
- Look at the mechanisms required.
- OAuth 2.0 is supported by AAF and should be recomended.
There was comments that SAML should be avoided.
Guidance is that we need to look more into how to:
- give guidance to the projects
- propogate the token.