From c9031a7fe28b8b53f844de4e12bce03682855cf8 Mon Sep 17 00:00:00 2001
From: Hagop Bozawglanian <hagop.bozawglanian@att.com>
Date: Thu, 5 Sep 2019 22:18:33 +0000
Subject: VNFRQTS - Security requirements batch 1

Issue-ID: VNFRQTS-691

Signed-off-by: Hagop Bozawglanian <hagop.bozawglanian@att.com>
Change-Id: I928985bf65bb616a058b39ca874abb857e964949
---
 docs/Chapter7/Monitoring-And-Management.rst | 31 ++++++++++++++---------------
 1 file changed, 15 insertions(+), 16 deletions(-)

(limited to 'docs/Chapter7/Monitoring-And-Management.rst')

diff --git a/docs/Chapter7/Monitoring-And-Management.rst b/docs/Chapter7/Monitoring-And-Management.rst
index 24ad489..e6886aa 100755
--- a/docs/Chapter7/Monitoring-And-Management.rst
+++ b/docs/Chapter7/Monitoring-And-Management.rst
@@ -930,32 +930,31 @@ Security
     :target: VNF or PNF
     :keyword: MUST
     :introduced: casablanca
-    :updated: dublin
-
-    The VNF or PNF **MUST** support the provisioning of security and authentication
-    parameters (HTTP username and password) in order to be able to authenticate
-    with DCAE (in ONAP).
+    :updated: el alto
 
-    Note: In R3, a username and password are used with the DCAE VES Event
-    Listener which are used for HTTP Basic Authentication.
+    If the VNF or PNF is using Basic Authentication, then the VNF or
+    PNF **MUST** support the provisioning of security and authentication
+    parameters (HTTP username and password) in order to be able to
+    authenticate with DCAE VES Event Listener.
 
-    Note: The configuration management and provisioning software are specific
-    to a vendor architecture.
+    Note: The configuration management and provisioning software
+    are specific to a vendor architecture.
 
 .. req::
     :id: R-894004
     :target: VNF or PNF
     :keyword: MUST
     :introduced: casablanca
-    :updated: dublin
+    :updated: el alto
 
-    When the VNF or PNF sets up a HTTP or HTTPS connection to the collector, it **MUST**
-    provide a username and password to the DCAE VES Collector for HTTP Basic
-    Authentication.
+    If the VNF or PNF is using Basic Authentication, then when the VNF
+    or PNF sets up a HTTPS connection to the DCAE VES Event Listener,
+    the VNF or PNF **MUST** provide a username and password to the
+    DCAE VES Event Listener in the Authorization header and the VNF
+    or PNF MUST support one-way TLS authentication.
 
-    Note: HTTP Basic Authentication has 4 steps: Request, Authenticate,
-    Authorization with Username/Password Credentials, and Authentication Status
-    as per RFC7617 and RFC 2617.
+    Note: In one-way TLS authentication, the client (VNF or PNF)
+    must authentication the server (DCAE) certificate.
 
 Bulk Performance Measurement
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- 
cgit 1.2.3-korg