Re: [onap-discuss] ONAP Support for Secure Communication

[Brian]

It is good to highlight both your server and client interfaces.

Brian



Sent via the Samsung Galaxy S8, an AT&T 4G LTE smartphone


-------- Original message --------
From: "NGUEKO, GERVAIS-MARTIAL" <gervais-martial.ngu...@intl.att.com>
Date: 10/19/18 12:40 PM (GMT-05:00)
To: onap-discuss@lists.onap.org, "DRAGOSH, PAM" <pdrag...@research.att.com>, 
"HERNANDEZ-HERRERO, JORGE" <jh1...@att.com>, "ZWARICO, AMY" <az9...@att.com>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Hi Amy,

Here below more details on the secure communication on CLAMP, the reason behind 
my original “No” answer:
CLAMP UI itself is https and communication between frontend and backend is 
secured. but

  *   SDC communication is http and so not secure (sdc doesn’t support AAF and 
has not exposed a secure API till now), similar to Policy we use the sdc client 
so it will be up to SDC team to provide us a secured client.
  *   Call from CLAMP to DCAE inventory API is http so not secure(DCAE is not 
integrated with AAF and has not exposed this API in https). Other DCAE API, 
used by CLAMP for deployment triggering, are https and so are secured.
  *   Policy calls are secured.

Br,
Martial

From: onap-discuss@lists.onap.org <onap-discuss@lists.onap.org> On Behalf Of 
DRAGOSH, PAM
Sent: vendredi 19 octobre 2018 17:43
To: onap-discuss@lists.onap.org; DRAGOSH, PAM <pdrag...@research.att.com>; 
HERNANDEZ-HERRERO, JORGE <jh1...@att.com>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
Correction – the policy distribution application has 2 endpoints. One for 
HealthCheck that will need https, and the other I mentioned is the SDC Client 
SDK that will need to support https.

Sorry

Pam

From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on 
behalf of "DRAGOSH, PAMELA L (PAM)" 
<pdrag...@research.att.com<mailto:pdrag...@research.att.com>>
Reply-To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, "DRAGOSH, 
PAMELA L (PAM)" <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>
Date: Friday, October 19, 2018 at 2:00 AM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, 
"HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
Amy – the policy distribution application uses the SDC Client SDK for http 
communication via dmaap. It will be up to that project to support https, not 
policy project.

Our other component is not MVP to this release and will have https for Dublin.

Pam

From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on 
behalf of "HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>
Reply-To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, 
"HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>
Date: Thursday, October 18, 2018 at 8:05 PM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.


Yes, correct, that’s the plan.  -Jorge

From: ZWARICO, AMY
Sent: Thursday, October 18, 2018 8:49 PM
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; 
HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>
Subject: RE: [onap-discuss] ONAP Support for Secure Communication

Thank you. Are there plans to support https for the new components in Dublin?

From: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
[mailto:onap-discuss@lists.onap.org] On Behalf Of HERNANDEZ-HERRERO, JORGE
Sent: Thursday, October 18, 2018 7:13 PM
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Hello Amy,



Responding on behalf of Pam D., Policy PTL, that is currently on vacations.



https is supported across all policy components with the exception of the new 
ones introduced in Casablanca release (apex-pdp, policy-distribution).



Jorge


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13149): https://lists.onap.org/g/onap-discuss/message/13149
Mute This Topic: https://lists.onap.org/mt/27369768/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-