Portal user interface can include an Application Authorization user interface with a box similar to that for VID, SDC etc. There can be another another box like the boxes in picture below. This can be quite basic, initially it may only allow a user to upload a certificate file in some specified format eg. DER, PEM.


  1. The Portal application may be the only user authorized to use the AAF interface https://aaf.onap.org/issuer-certificate. There may be many suitable protocols for the AAF endpoints discussed here. HTTP is just an option. AAF stores certificates it receives from Portal on this authenticated and authorized interface.
  2. AAF also provides an interface to components to validate certificates. The initial use case is SDC validating a certificate delivered with a PNF package from a PNF vendor. SDC would send a request to https://aaf.onap.org/valid-certificate-check with the certificate to check in the request body. AAF would validate this certificate. The certificate contains a signature from an issuer which can be verified if AAF has the issuer certificate.

long term






  • No labels

3 Comments

  1. Ofir Sonsino

    Does this page really belong to SDC feature weekly meetings?

  2. Brendan Kehoe

    No probably not Ofir. Feel free to suggest a place for it or move it. Otherwise I'll try find a place.

  3. Brendan Kehoe

    Jonathan Gathman  Hopefully this page is ok in this location