...
The 2 first steps are important to gather relevant information to build the access control strategy of ONAP platform.
The information regarding inta-component flows is interesting, but do not condition it.
HOW a flow matrix?
This may be too complicated to address all flows for a given project.
...
| Parameter | Value |
|---|---|
| name | name of the ONAP project e.g. DCAE. |
| sub_components: - name: | real name of the sub component e.g. dcae-snmptrap-collector |
| external_server_side: | in external server side list only ingress (external -> ONAP) traffic |
| type: | nodePort |
| external_communication: | N/A |
| description | e.g. SNMP trap |
| id | e.g. DCAE_EXT_1. |
| communication_initiator | which component initiates the communication. e.g. any component sending SNMP either internally to ONAP platform or externally e.g. xNF. |
| communication_receipt | which component is the dest of the communication. |
| protocol | at least level 4 or higher, to be specified if applicable. |
| version | to be specified if applicable |
| exposed_pod_port | to be specified if applicable |
| exposed_port | to be specified if applicable |
| encryption | none or active e.g. HTTPS implemented. |
| data_exchanged |
...
...
| specifies |
...
| the |
...
| file |
...
| format, |
...
| the |
...
| main |
...
| exchanged information. e.g. SNMP trap information. |
...
| tls_server | to specify whether the component hosts a TLS sever or a TLS client (yes or no), if applicable. |
| tls_client | to specify whether the component hosts a TLS sever or a TLS client (yes or no), if applicable. |
| flow_direction | incoming our outcoming. |
==> This file has to be generated for each category: external, inter-components and intra-component flows.
server: N/A
tls_client: N/A
flow_direction: incoming