Loading Readme.md +1 −1 Original line number Original line Diff line number Diff line # NFV SOL012 - OpenAPIs for the Policy Management Interface # NFV SOL012 - OpenAPIs for the Policy Management Interface This repository contains OpenAPIs for ETSI GS NFV-SOL 012 v4.4.1, RESTful protocols This repository contains OpenAPIs for ETSI GS NFV-SOL 012 v4.5.1, RESTful protocols specification for the Policy Management Interface. specification for the Policy Management Interface. More information at [NFV Solutions wiki](https://nfvwiki.etsi.org/index.php?title=NFV_Solutions). More information at [NFV Solutions wiki](https://nfvwiki.etsi.org/index.php?title=NFV_Solutions). Loading src/SOL012/PolicyManagement/PolicyManagement.yaml +3 −3 Original line number Original line Diff line number Diff line Loading @@ -15,8 +15,8 @@ info: name: ETSI Forge copyright notice name: ETSI Forge copyright notice url: https://forge.etsi.org/etsi-forge-copyright-notice.txt url: https://forge.etsi.org/etsi-forge-copyright-notice.txt externalDocs: externalDocs: description: ETSI GS NFV-SOL 012 v4.4.1 description: ETSI GS NFV-SOL 012 v4.5.1 url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.04.01_60/gs_NFV-SOL012v040401p.pdf url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.05.01_60/gs_NFV-SOL012v040501p.pdf security: security: - OauthSecurity: - OauthSecurity: Loading src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml +2 −2 Original line number Original line Diff line number Diff line Loading @@ -15,8 +15,8 @@ info: name: ETSI Forge copyright notice name: ETSI Forge copyright notice url: https://forge.etsi.org/etsi-forge-copyright-notice.txt url: https://forge.etsi.org/etsi-forge-copyright-notice.txt externalDocs: externalDocs: description: ETSI GS NFV-SOL 012 v4.4.1 description: ETSI GS NFV-SOL 012 v4.5.1 url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.04.01_60/gs_NFV-SOL012v040401p.pdf url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.05.01_60/gs_NFV-SOL012v040501p.pdf security: security: - OauthSecurity: - OauthSecurity: Loading src/SOL012/definitions/SOL012_def.yaml +102 −48 Original line number Original line Diff line number Diff line Loading @@ -144,84 +144,138 @@ definitions: type: number type: number SubscriptionAuthentication: SubscriptionAuthentication: description: > NOTE 1: The clientId and clientPassword passed in a subscription shall not be the same as the clientId and clientPassword that are used to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 certificates, this mode which uses client password to authenticate may be used in the access token request toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. "TLS_CERT" to signal an alternative non-token based authorization method using TLS certificates has been removed because the method is no longer supported. NOTE 4: The client certificate is established by means outside the scope of the present document. type: object type: object required: oneOf: - required: - authType - paramsOauth2ClientCredentials - required: - authType - authType - paramsOauth2ClientCert properties: properties: authType: authType: description: > description: > Defines the types of Authentication / Authorization which the API Defines the types of Authentication/Authorization which consumer is willing to accept when receiving a notification. the API consumer is willing to accept when receiving a Permitted values: notification. * BASIC: In every HTTP request to the notification endpoint, use Permitted values (see note 3): HTTP Basic authentication with the client credentials. - OAUTH2_CLIENT_CREDENTIALS: In every * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the HTTP request to the notification endpoint, use notification endpoint, use an OAuth 2.0 Bearer token, obtained an OAuth 2.0 token, obtained using the client using the client credentials grant type. credentials grant type after authenticating * TLS_CERT: Every HTTP request to the notification endpoint is sent using client identifier and client password over a mutually authenticated TLS session, i.e. not only the towards the token endpoint. server is authenticated, but also the client is authenticated - OAUTH2_CLIENT_CERT: In every HTTP during the TLS tunnel setup. request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after mutually authenticating using client identifier and X.509 certificates towards the token endpoint. type: array type: array items: items: type: string type: string enum: enum: - BASIC - OAUTH2_CLIENT_CREDENTIALS - OAUTH2_CLIENT_CREDENTIALS - TLS_CERT - OAUTH2_CLIENT_CERT paramsBasic: paramsOauth2ClientCert: description: > description: > Parameters for authentication/authorization using BASIC. Parameters for authentication/authorization using Shall be present if authType is "BASIC" and the contained OAUTH2_CLIENT_CERT. information has not been provisioned out of band. Shall be present if authType is Shall be absent otherwise. "OAUTH2_CLIENT_CERT" and the contained type: object type: object required: - clientId - certificateRef - tokenEndpoint properties: properties: userName: clientId: description: > description: > Username to be used in HTTP Basic authentication. Shall be Client identifier to be used in the access token request present if it has not been provisioned out of band. of the OAuth 2.0 client credentials grant type. The client identifier is unique in the scope of the tokenEndpoint. type: string type: string password: certificateRef: description: > description: > Password to be used in HTTP Basic authentication. Shall be Fingerprint of the client certificate. The hash function present if it has not been provisioned out of band. shall use SHA256 or higher. See note 4. type: object required: - type - value properties: type: description: > The type of the fingerprint. Permitted values: - x5t#S256: The SHA-256 thumbprint of the X.509 certificate as defined in section 4.1.8 of IETF RFC 7515 [23]. type: string value: description: > The fingerprint value as defined by the type. type: string type: string tokenEndpoint: description: > The token endpoint from which the access token can be obtained. paramsOauth2ClientCredentials: paramsOauth2ClientCredentials: description: > description: > Parameters for authentication/authorization using Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. OAUTH2_CLIENT_CREDENTIALS. Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the Shall be present if authType is contained information has not been provisioned out of band. "OAUTH2_CLIENT_CREDENTIALS" and the contained information has not been provisioned out of band. Shall be absent otherwise. Shall be absent otherwise. See note 2. type: object type: object properties: properties: clientId: clientId: description: > description: > Client identifier to be used in the access token request of the Client identifier to be used in the access token request OAuth 2.0 client credentials grant type. of the OAuth 2.0 client credentials grant type. The client Shall be present if it has not been provisioned out of band. identifier is unique in the scope of the tokenEndpoint. The clientId and clientPassword passed in a subscription shall Shall be present if it has not been provisioned out of not be the same as the clientId and clientPassword that are used band. See note 1. to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. type: string type: string clientPassword: clientPassword: description: > description: > Client password to be used in the access token request of the Client password to be used in the access token request OAuth 2.0 client credentials grant type. of the OAuth 2.0 client credentials grant type. Shall be Shall be present if it has not been provisioned out of band. present if it has not been provisioned out of band. See The clientId and clientPassword passed in a subscription shall note 1. not be the same as the clientId and clientPassword that are used to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. type: string type: string tokenEndpoint: tokenEndpoint: description: > description: > The token endpoint from which the access token can be obtained. The token endpoint from which the access token can be Shall be present if it has not been provisioned out of band. obtained. Shall be present if it has not been provisioned out of band. $ref: "#/definitions/schemas/Uri" $ref: "#/definitions/schemas/Uri" ProblemDetails: ProblemDetails: Loading Loading
Readme.md +1 −1 Original line number Original line Diff line number Diff line # NFV SOL012 - OpenAPIs for the Policy Management Interface # NFV SOL012 - OpenAPIs for the Policy Management Interface This repository contains OpenAPIs for ETSI GS NFV-SOL 012 v4.4.1, RESTful protocols This repository contains OpenAPIs for ETSI GS NFV-SOL 012 v4.5.1, RESTful protocols specification for the Policy Management Interface. specification for the Policy Management Interface. More information at [NFV Solutions wiki](https://nfvwiki.etsi.org/index.php?title=NFV_Solutions). More information at [NFV Solutions wiki](https://nfvwiki.etsi.org/index.php?title=NFV_Solutions). Loading
src/SOL012/PolicyManagement/PolicyManagement.yaml +3 −3 Original line number Original line Diff line number Diff line Loading @@ -15,8 +15,8 @@ info: name: ETSI Forge copyright notice name: ETSI Forge copyright notice url: https://forge.etsi.org/etsi-forge-copyright-notice.txt url: https://forge.etsi.org/etsi-forge-copyright-notice.txt externalDocs: externalDocs: description: ETSI GS NFV-SOL 012 v4.4.1 description: ETSI GS NFV-SOL 012 v4.5.1 url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.04.01_60/gs_NFV-SOL012v040401p.pdf url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.05.01_60/gs_NFV-SOL012v040501p.pdf security: security: - OauthSecurity: - OauthSecurity: Loading
src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml +2 −2 Original line number Original line Diff line number Diff line Loading @@ -15,8 +15,8 @@ info: name: ETSI Forge copyright notice name: ETSI Forge copyright notice url: https://forge.etsi.org/etsi-forge-copyright-notice.txt url: https://forge.etsi.org/etsi-forge-copyright-notice.txt externalDocs: externalDocs: description: ETSI GS NFV-SOL 012 v4.4.1 description: ETSI GS NFV-SOL 012 v4.5.1 url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.04.01_60/gs_NFV-SOL012v040401p.pdf url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.05.01_60/gs_NFV-SOL012v040501p.pdf security: security: - OauthSecurity: - OauthSecurity: Loading
src/SOL012/definitions/SOL012_def.yaml +102 −48 Original line number Original line Diff line number Diff line Loading @@ -144,84 +144,138 @@ definitions: type: number type: number SubscriptionAuthentication: SubscriptionAuthentication: description: > NOTE 1: The clientId and clientPassword passed in a subscription shall not be the same as the clientId and clientPassword that are used to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 certificates, this mode which uses client password to authenticate may be used in the access token request toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. "TLS_CERT" to signal an alternative non-token based authorization method using TLS certificates has been removed because the method is no longer supported. NOTE 4: The client certificate is established by means outside the scope of the present document. type: object type: object required: oneOf: - required: - authType - paramsOauth2ClientCredentials - required: - authType - authType - paramsOauth2ClientCert properties: properties: authType: authType: description: > description: > Defines the types of Authentication / Authorization which the API Defines the types of Authentication/Authorization which consumer is willing to accept when receiving a notification. the API consumer is willing to accept when receiving a Permitted values: notification. * BASIC: In every HTTP request to the notification endpoint, use Permitted values (see note 3): HTTP Basic authentication with the client credentials. - OAUTH2_CLIENT_CREDENTIALS: In every * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the HTTP request to the notification endpoint, use notification endpoint, use an OAuth 2.0 Bearer token, obtained an OAuth 2.0 token, obtained using the client using the client credentials grant type. credentials grant type after authenticating * TLS_CERT: Every HTTP request to the notification endpoint is sent using client identifier and client password over a mutually authenticated TLS session, i.e. not only the towards the token endpoint. server is authenticated, but also the client is authenticated - OAUTH2_CLIENT_CERT: In every HTTP during the TLS tunnel setup. request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after mutually authenticating using client identifier and X.509 certificates towards the token endpoint. type: array type: array items: items: type: string type: string enum: enum: - BASIC - OAUTH2_CLIENT_CREDENTIALS - OAUTH2_CLIENT_CREDENTIALS - TLS_CERT - OAUTH2_CLIENT_CERT paramsBasic: paramsOauth2ClientCert: description: > description: > Parameters for authentication/authorization using BASIC. Parameters for authentication/authorization using Shall be present if authType is "BASIC" and the contained OAUTH2_CLIENT_CERT. information has not been provisioned out of band. Shall be present if authType is Shall be absent otherwise. "OAUTH2_CLIENT_CERT" and the contained type: object type: object required: - clientId - certificateRef - tokenEndpoint properties: properties: userName: clientId: description: > description: > Username to be used in HTTP Basic authentication. Shall be Client identifier to be used in the access token request present if it has not been provisioned out of band. of the OAuth 2.0 client credentials grant type. The client identifier is unique in the scope of the tokenEndpoint. type: string type: string password: certificateRef: description: > description: > Password to be used in HTTP Basic authentication. Shall be Fingerprint of the client certificate. The hash function present if it has not been provisioned out of band. shall use SHA256 or higher. See note 4. type: object required: - type - value properties: type: description: > The type of the fingerprint. Permitted values: - x5t#S256: The SHA-256 thumbprint of the X.509 certificate as defined in section 4.1.8 of IETF RFC 7515 [23]. type: string value: description: > The fingerprint value as defined by the type. type: string type: string tokenEndpoint: description: > The token endpoint from which the access token can be obtained. paramsOauth2ClientCredentials: paramsOauth2ClientCredentials: description: > description: > Parameters for authentication/authorization using Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. OAUTH2_CLIENT_CREDENTIALS. Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the Shall be present if authType is contained information has not been provisioned out of band. "OAUTH2_CLIENT_CREDENTIALS" and the contained information has not been provisioned out of band. Shall be absent otherwise. Shall be absent otherwise. See note 2. type: object type: object properties: properties: clientId: clientId: description: > description: > Client identifier to be used in the access token request of the Client identifier to be used in the access token request OAuth 2.0 client credentials grant type. of the OAuth 2.0 client credentials grant type. The client Shall be present if it has not been provisioned out of band. identifier is unique in the scope of the tokenEndpoint. The clientId and clientPassword passed in a subscription shall Shall be present if it has not been provisioned out of not be the same as the clientId and clientPassword that are used band. See note 1. to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. type: string type: string clientPassword: clientPassword: description: > description: > Client password to be used in the access token request of the Client password to be used in the access token request OAuth 2.0 client credentials grant type. of the OAuth 2.0 client credentials grant type. Shall be Shall be present if it has not been provisioned out of band. present if it has not been provisioned out of band. See The clientId and clientPassword passed in a subscription shall note 1. not be the same as the clientId and clientPassword that are used to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. type: string type: string tokenEndpoint: tokenEndpoint: description: > description: > The token endpoint from which the access token can be obtained. The token endpoint from which the access token can be Shall be present if it has not been provisioned out of band. obtained. Shall be present if it has not been provisioned out of band. $ref: "#/definitions/schemas/Uri" $ref: "#/definitions/schemas/Uri" ProblemDetails: ProblemDetails: Loading
