You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Function | ONAP Today | Service Mesh | Risk |
Authentication (Enforcement) |
|
|
|
Password Authn | - Performed by AAF
- Performed locally
| | ONAP Today: - Difficult to manage
- Showstopper for commercial use
|
PKI-based Authn | - Performed by AAF
- Performed locally
| |
|
Authorization (Enforcement) | - Performed by AAF
- Performed locally
| - Uniform implementation
- OAuth can provide the token (claims) to the application
|
|
RBAC (Enforcement) | - Supported by AAF
- AAF RBAC is not widely used by ONAP projects
| - RBAC decisions based on URL and request header content
- Provides extensible architecture to support decisions based on content in the body
|
|
Confidentiality (Encrypted transport) | - Performed by AAF
- Performed locally
| - Performed by Service Mesh
|
|
User Management (Information Store) | - Part of AAF
- Part of each project
|
| ONAP Today: - AAF user/passwords not stored in user store
- AAF has complicated user store management
- Non-uniform solution is difficult to manage
- Showstopper for commercial use
- Most Operators have an existing user store (commonly LDAP)
|
Certificate Management |
|
|
|
TCP and UDP support | - TCP supported
- UDP not supported
| - TCP supported
- UDP supported
| ONAP Today: - DCAE uses UDP for data collection (SNMP)
|
Logging |
|
|
|
API Tracing |
|
|
|
Monitoring |
|
|
|
Performance |
|
|
|
Integration | - Enforcement of AN/AZ requires code development
- AAF only supports Java
|
| ONAP Today: - Third party microservices require modification (modification may not be possible)
- Cannot use the ONAP microservice independently
|
Layer 7 load balancing |
|
|
|
Integration with Ingress |
|
|
|
