...
#6: PACKAGE SECURITY (finished in R5 maybe some bug fixing in R6) | Driven from SOL004: Option 1 (Supported in R4 Dublin): TOSCA.meta (exists) Meta-directory based, XML based approach. Option 2 (NOT support in R4 Dublin): CSAR without TOSCA.meta. Manifest (.mf) file that has everything (so the TOSCA.meta is redundant). Yaml-based approach. The Public Key a key to open the package. SOL004 Option 1, 2 and use key to open the package - X.509 certificates public key, private key to sign the package and private key correspond to the private key of the package also delivered with the package. a package, a signature, and public key certificate delivered together. There may be more than one signature. Option 1 there is a digest for every file. All of those digests are listed in the manifest file. The manifest file is signed, one signature on the manifest. One signature and one key/pair & 1 certificate. Still optional to sign other files. The signature is a file beside. myimage.iso myimage.xyz but the same file/directory. Every file signed should have a signature files. CSAR file signed in a .sm file, package signature. The public key is signed can be signed by a root certificate. An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate. (investigate) if VNF-SDK would like to use AAF as the CA. Can AAF perform the CA functions. To open the package need: (1) Public Key (to open the manifest file) (2) file input (3) certificate input. create a hash, the hash is verified against the signature. SHA-256 R5 (El Alto). Implemented Option 1 per artifact security (R4 had only Option 2 per package security). Had to fix a bug. No more is needed in R6. OPEN - only Bug Fixes were done no new functionality, post-poned to Rx | |||||||||||
| #7: PNF DESCRIPTOR | The descriptor. There is validation of the VNFD. PNF Descriptor: TOSCA descriptor, and validate the node type. Validation of TOSCA PNFD. Following TOSCA rules. Components required are there. (NEEDS INVESTIGATION) VNFSDK check the VNFD based on VNF requirements. In R6: Req (from Victor Gao) - discrepancies in Req. Req for VNFs. Added new Req for PNF. some need to be refactored. To make sure PNF stuff is validated in better way. PNFD validation. ASSOCIATED DEVELOPMENT:
| R4 HIGH | ||||||||||
| #F1: CREATE PACKAGE FUNCTION FOR PNF | The create package function creates the metadata files, and CSAR files. This needs to be modified to support SOL004. (NEEDS INVESTIGATION) [Low Priority] - Likely to be pushed to R7 Guilin OPEN: Post-poned to R7 | R7 LOW PRI | ||||||||||
| #F2: TOSCA Metafile License Content Check | SDC license model check. Potential ARTIFACTS: Vendor license model & agreement, features. VNF can have >1 features, entitlement pool, license key pools, actual keys. [Low Priority] - Licensing Management Use Case is introduced in R6, so License content check will for POB/OB will happen in NEXT release R7 Guilin (at earliest) OPEN: Post-Poned to R7 | R7 LOW PRI |
Additional Resources / Links:
...