...

Assuming the credential management is in place, ONAP needs to have a common means to support secure communication between the onap components.

There are two high level use cases to cover.

1. Real-time communication between ONAP components
2. Support for authentication and encryption of the modules and packages to be onboarded into SDK (from VNF SDK). 

 5.2 ONAP communication security requirements

To guide the solution development for the ONAP communication security, the following requirements are identified:

For: Real-time communication between ONAP components:

• The solution  MUST support an approach that can be common to all onap modules.
• The solution MUST support the credential management solution and MUST NOT be tied to any particular credential management scheme.
• The solution MUST support secure communication between the ONAP components in the following sense:
  • A receiving ONAP component understands that the message is authentic
  • Any element in between the ONAP components cannot interpret or change the message.
• The solution MUST enable that a sending ONAP component does not rely on what the receiving ONAP component is, and the receiving ONAP component does not rely on what the sending ONAP component is.  (This would put unnecessary restraints on the architecture).
• The solution SHOULD be easy for the ONAP components to Adopt.
• The solution MUST be independent of the underlying communication technology (i.e. communication buss technologies).

For models and packages to be onboarded:

• The solution MUST support the credential management solution and MUST NOT be tied to any particular credential management scheme.
• The soluction MUST allow Service Design and Creation to validate the package from a security perspective. 

6 (tmp) input to the S3P (carrier grade) discussions from a security perspective

...