...
May 17, 2018 Agreed to the following Recommendations:
ONAP shall not support username and password authentication for HTTPS; certificate authentication only.- Note: Upon further discussion, it was decided that the above statement is too harsh. There are existing VNFs that have already implemented username and password for HTTPS. Therefore, ONAP shall continue to support this. Statement is amended as follows:
- It is strongly recommended that NFs use only certificate authentication for HTTPS and not username and password.
- ONAP components and NFs shall support TLS for security of HTTP connections. Note: Performance is no longer an issue and is not a valid excuse for not using TLS.
- ONAP shall not support HTTP for communications between ONAP components or between NFs and ONAP components, except for NF certificate enrollment over CMPv2. Note: CMPv2 uses HTTP and must be allowed for certificate enrollment.
...