Re: [onap-discuss] ONAP Support for Secure Communication

[Ofir Sonsino]

I'd like to emphasize;
Once SDC and SO APIs are ready to be consumed via HTTPS, VID will be 
functioning in 100% HTTPS mode.
At the moment it's the only thing that blocks VID from reaching 100% CII 
Passing.

Besides that, all of the non false-positive critical/severe issues at the CLM 
report of VID, are inherited from Portal SDK dependency.

Thanks,
Ofir

From: Sonsino, Ofir
Sent: Tuesday, October 23, 2018 5:44 PM
To: ZWARICO, AMY <az9...@att.com>; onap-discuss@lists.onap.org; Ngueko, 
Gervais-Martial <gervais-martial.ngu...@intl.att.com>; DRAGOSH, PAM 
<pdrag...@research.att.com>; HERNANDEZ-HERRERO, JORGE <jh1...@att.com>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

Correct indeed.


Sent from my Samsung Galaxy smartphone.


-------- Original message --------
From: "ZWARICO, AMY" <az9...@att.com<mailto:az9...@att.com>>
Date: 10/23/18 17:41 (GMT+02:00)
To: "Sonsino, Ofir" 
<ofir.sons...@intl.att.com<mailto:ofir.sons...@intl.att.com>>, 
onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>, "Ngueko, 
Gervais-Martial" 
<gervais-martial.ngu...@intl.att.com<mailto:gervais-martial.ngu...@intl.att.com>>,
 "DRAGOSH, PAM" <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>, 
"HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>
Subject: RE: [onap-discuss] ONAP Support for Secure Communication

Am I correct that all of the APIs that are exposed through VID enable HTTPS?

From: SONSINO, OFIR
Sent: Tuesday, October 23, 2018 9:38 AM
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; NGUEKO, 
GERVAIS-MARTIAL 
<gervais-martial.ngu...@intl.att.com<mailto:gervais-martial.ngu...@intl.att.com>>;
 DRAGOSH, PAM <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>; 
HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>; ZWARICO, AMY 
<az9...@att.com<mailto:az9...@att.com>>
Subject: RE: [onap-discuss] ONAP Support for Secure Communication

Hi Amy,

VID front-end supports HTTPS (right in the browser).

In the back-end, we support HTTPS communication to A&AI, and also to Portal if 
it's OOM deployment of ONAP.
Communication to SO and SDC is still works with HTTP though, due to lack of 
HTTPS support from these components.

Thanks,
Ofir

From: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
[mailto:onap-discuss@lists.onap.org] On Behalf Of Ngueko, Gervais-Martial
Sent: Friday, October 19, 2018 7:40 PM
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; DRAGOSH, 
PAM <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>; 
HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>; ZWARICO, AMY 
<az9...@att.com<mailto:az9...@att.com>>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
Hi Amy,

Here below more details on the secure communication on CLAMP, the reason behind 
my original "No" answer:
CLAMP UI itself is https and communication between frontend and backend is 
secured. but

  *   SDC communication is http and so not secure (sdc doesn't support AAF and 
has not exposed a secure API till now), similar to Policy we use the sdc client 
so it will be up to SDC team to provide us a secured client.
  *   Call from CLAMP to DCAE inventory API is http so not secure(DCAE is not 
integrated with AAF and has not exposed this API in https). Other DCAE API, 
used by CLAMP for deployment triggering, are https and so are secured.
  *   Policy calls are secured.

Br,
Martial

From: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> On Behalf Of 
DRAGOSH, PAM
Sent: vendredi 19 octobre 2018 17:43
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; DRAGOSH, 
PAM <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>; 
HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
Correction - the policy distribution application has 2 endpoints. One for 
HealthCheck that will need https, and the other I mentioned is the SDC Client 
SDK that will need to support https.

Sorry

Pam

From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on 
behalf of "DRAGOSH, PAMELA L (PAM)" 
<pdrag...@research.att.com<mailto:pdrag...@research.att.com>>
Reply-To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, "DRAGOSH, 
PAMELA L (PAM)" <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>
Date: Friday, October 19, 2018 at 2:00 AM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, 
"HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
Amy - the policy distribution application uses the SDC Client SDK for http 
communication via dmaap. It will be up to that project to support https, not 
policy project.

Our other component is not MVP to this release and will have https for Dublin.

Pam

From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on 
behalf of "HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>
Reply-To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, 
"HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>
Date: Thursday, October 18, 2018 at 8:05 PM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
Yes, correct, that's the plan.  -Jorge

From: ZWARICO, AMY
Sent: Thursday, October 18, 2018 8:49 PM
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; 
HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>
Subject: RE: [onap-discuss] ONAP Support for Secure Communication

Thank you. Are there plans to support https for the new components in Dublin?

From: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
[mailto:onap-discuss@lists.onap.org] On Behalf Of HERNANDEZ-HERRERO, JORGE
Sent: Thursday, October 18, 2018 7:13 PM
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
Subject: Re: [onap-discuss] ONAP Support for Secure Communication

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Hello Amy,



Responding on behalf of Pam D., Policy PTL, that is currently on vacations.



https is supported across all policy components with the exception of the new 
ones introduced in Casablanca release (apex-pdp, policy-distribution).



Jorge


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13260): https://lists.onap.org/g/onap-discuss/message/13260
Mute This Topic: https://lists.onap.org/mt/27369768/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-