update Data Models in SOL023CertificateManagement_def.yaml (f0440b6e) · Commits · NFV - Network Functions Virtualisation / SOL023

src/SOL023/CertificateManagement/definitions/SOL023CertificateManagement_def.yaml

+265 −145

Original line number	Diff line number	Diff line
		definitions:
		CreateSubjectRequest:
		PkiHeader:
		description: >
		This type reqpresents request parameters for the "Register" operation as defined in ETSI GS NFV-IFA 033.
		NOTE: As concept of the design of the type "CreateSubjectRequest", the attributes are profiling of mandatory defined
		parameters in the CMP in IETF RFC 4210.
		NOTE 1: At the time of sending CreateSubjectRequest, nothing about the sender is known to the sending
		entity (the end entity may not know its own Distinguished Name (DN), e-mail name, IP address, etc.),
		then the "sender" attribute shall contain a "NULL" value and the "senderKID" attribute shall be present.
		NOTE 2: "senderKID" attribute and "recipKID" attribute can be used to protect the message. "senderKID" attribute
		and "recipKID" attribute shall be present if required to uniquely identify a key, otherwise should be absent.
		Editor's note: it is FFS how to use OID for "generalInfo" attribute in ETSI NFV, e.g., same approach of URN.
		Editor's note: it is FFS how to use to realize authenticated scheme. The mandatory to support basic authenticated scheme
		uses the IAK secret for this purpose. Consequences of using/requiring other schemas shall be considered.
		type: object
		required:
		- pkiHeader
		- pkiBody
		properties:
		pkiHeader:
		description: >
		A common informatio0n of PKI message for addressing and transaction identification. The structure and
		attributes are defined in IETF RFC 4210 and RFC 9480.
		This type represents a PkiHeadear.

		NOTE: At the time of use "PkiHeader" data type, e.g. for CreateSubjectRequest, nothing about the
		sender is known to the sending entity (the end entity may not know its own Distinguished Name (DN),
		e-mail name, IP address, etc.), then the "sender" field shall contain a "NULL" value.

		NOTE: The attributes in the table 4.3.2.1-1 are aligned to the mandatory-defined parameters
		in the CMPv2 in IETF RFC 4210.

		Editor's note: it is FFS how to use OID for “generalInfo” attribute in ETSI NFV, e.g. same approach of URN.

		Editor's note: it is FFS how to realize authenticated scheme. The mandatory to support basic authenticated
		scheme uses the IAK secret for this purpose. Consequences of using/requiring other schemas shall be considered.
		type: object
		required:
		- pvno
		@@ -30,129 +23,230 @@ definitions:
		properties:
		pvno:
		description: >
		Protocol Version Number. Fixed value "2" shall be set.
		Protocol Version Number. Fixed value “2” shall be set.
		type: integer
		sender:
		description: >
		Name of the sender of the Request. See note 1.
		Name of the sender of the Request.
		$ref: "#/definitions/GeneralName"
		recipient:
		description: >
		Name of the recipient of the Request
		Name of the recipient of the Request.
		$ref: "#/definitions/GeneralName"
		senderKID:
		description: >
		Identifier that indicates to the receiver the appropriate shared secret information to use
		to verify the message. See note 1 and 2.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		recipKID:
		description: >
		Identifier that indicates to the receiver the appropriate shared secret information to use
		to veridy the message. See note 2.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		generalInfo:
		description: >
		It shall contain two of the attributes.
		The first generalInfo shall contain the set of
		- InfoType for Certificate type
		- Infovalue for Choice of MANO or VNFC or VNF OAM
		Unless the InfoValue of the first generalInfo is MANO, the second generalInfo shall contain
		The first generallInfo shall contain the set of
		• InfoType for Certificate type
		• Infovalue for Choice of MANO or VNFC or VNF OAM

		Unless the InfoValue of the first generallInfo is MANO, the second generallInfo shall contain
		the set of
		- InfoType for Type of VNFC certification handling
		- InfoValue for Choice of direct or delegation
		• InfoType for Type of VNFC certification handling
		• Infovalue for Choice of direct or delegation
		type: object
		required:
		- InfoType
		properties:
		infoType:
		InfoType:
		description: >
		Indicate the type of Info. The namespaces and conventions for the values of this attribute
		that is OID defined as clause x.x.x.
		Indicate the type of Info. The namespaces and conventions for the values of this attribute that
		is OID defined as clause x.x.x.
		Permit values:
		- Certificationb type
		- Type of VNFC certification handling
		• Certification type
		• Type of VNFC certification handling
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		infoValue:
		InfoValue:
		description: >
		If the value of "infoType" is "Certification type", it shall be set.
		If the value of “InfoType” is “Certification type”, it shall be set.
		Permit values:
		- MANO certificate
		- VNFCI certificate
		- VNF OAM certificate
		If the value of "InfoType" is "Type of VNFC certification handling", it shall be set.
		• MANO certificate
		• VNFCI certificate
		• VNF OAM certificate

		If the value of “InfoType” is “Type of VNFC certification handling”, it shall be set.
		Permit values:
		- Direct mode
		- Delegation mode
		• Direct mode
		• Delegation mode
		Only the value "Delegation mode" is allowed for this version of the present document.
		type: string

		CertRepMessages:
		description: >
		This type represents a CertRepMessages.

		NOTE: For the case of MANO certificate, this attribute is not supported in this version of the present document.
		type: object
		required:
		- certResponse
		properties:
		certResponse:
		description: >
		The structure and attributes are defined in IETF RFC 5912.
		type: object
		required:
		- certReqId
		- status
		properties:
		certReqId:
		description: >
		Identifier of "CertReqMessages" or “CSRRequest” to corresponding to this "CertRepMessages".
		type: integer
		status:
		description: >
		State of the subject.
		$ref: "#/definitions/PKIStatusInfoType"

		SubjectInstance:
		description: >
		This type represents a subject instance.

		NOTE: As concept of the design of the type "SubjectInstance", the attributes in the table 5.6.2.2-1
		are aligned to the mandatory-defined parameters in the CMPv2 in IETF RFC 4210 with extending to RESTful design.
		type: object
		required:
		- pkiHeader
		- pkiBody
		- _links
		properties:
		pkiHeader:
		description: >
		A common information of PKI message for addressing and transaction identification.
		The structure and attributes are defined in IETF RFC 4210 and RFC 9480.
		$ref: "#/definitions/PkiHeader"
		pkiBody:
		description: >
		Message specific information. The structure and attributes are aligned/defined in IETF
		RFC 4210 and IETF RFC 9480.
		Message-specific information. The structure and attributes are aligned/defined in
		IETF RFC 4210 and IETF RFC 9480.
		type: object
		required:
		- ir
		- ip
		properties:
		ir:
		description: >
		Information for Initialization Request.
		Information for Initialization request.
		$ref: "#/definitions/CertReqMessages"

		CertReqMessages:
		ip:
		description: >
		This type represents a CertReqMessages.
		Information for Initialization response.
		$ref: "#/definitions/CertRepMessages"
		_links:
		description: >
		Links to resources related to this resource.
		type: object
		required:
		- CertReqMsg
		- self
		properties:
		CertReqMsg:
		self:
		description: >
		The structure and attributes are defined in IETF RFC 5912.
		URI of this resource.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Link"

		CertificateInstance:
		description: >
		This type represents a certificate instance. It shall comply with the provisions defined in table 5.6.2.3-1.

		NOTE: As concept of the design of the type "CertificateInstance", the attributes in the table 5.6.2.3-1 are
		aligned to the mandatory-defined parameters in the CMPv2 in IETF RFC 4210 with extending to RESTful design.
		type: object
		required:
		- CertRequest
		- pkiHeader
		- pkiBody
		- _links
		properties:
		CertRequest:
		pkiHeader:
		description: >
		Information for the certificate request.
		A common information of PKI message for addressing and transaction identification.
		The structure and attributes are defined in IETF RFC 4210 and RFC 9480.
		$ref: "#/definitions/PkiHeader"
		pkiBody:
		description: >
		Message-specific information. The structure and attributes are aligned/defined in
		IETF RFC 4210 and IETF RFC 9480.
		type: object
		required:
		- CertTemplate
		- p10cr
		- cp
		properties:
		CertTemplate:
		p10cr:
		description: >
		Information for the certificate to be issued.
		Encoded Information for CSR Request. The structure and attributes are aligned and defined in IETF RFC 2986.
		$ref: "#/definitions/CSRRequest"
		cp:
		description: >
		Information for CSR response.
		$ref: "#/definitions/CertRepMessages"
		_links:
		description: >
		Links to resources related to this resource.
		type: object
		required:
		- subjectUID
		- self
		properties:
		subjectUID:
		self:
		description: >
		The value of the Identifier of the certificate target VNFCI as subject ID if
		this operation is used for the VNFCI certificate or VNF OAM certificate. See note.
		URI of this resource.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Link"

		NOTE: For the case of MANO certificate, this attribute is not supported in this
		version of the present document.
		type: integer
		CreateSubjectRequest:
		description: >
		This type represents request parameters for the "Register" operation as defined in ETSI GS NFV-IFA 033.
		type: object
		required:
		- pkiHeader
		- pkiBody
		properties:
		pkiHeader:
		description: >
		A common informatio0n of PKI message for addressing and transaction identification. The structure and
		attributes are defined in IETF RFC 4210 and RFC 9480.
		$ref: "#/definitions/PkiHeader"
		pkiBody:
		description: >
		Message specific information. The structure and attributes are aligned/defined in IETF
		RFC 4210 and IETF RFC 9480.
		type: object
		required:
		- ir
		properties:
		ir:
		description: >
		Information for Initialization Request.
		$ref: "#/definitions/CertReqMessages"

		CSRRequest:
		description: >
		This type represents request parameters for the "Certificate Signing Request" operation.
		NOTE: As concept of the design of the type “CSRReuqest”, the attributes are aligned to the mandatory-defined parameters in the CMPv2 in IETF RFC 4210

		NOTE: As concept of the design of the type “CSRReuqest”, the attributes are aligned to the mandatory-defined
		parameters in the CMPv2 in IETF RFC 4210

		Editor's note: it is FFS how to use OID for "generalInfo" attribute in ETSI NFV, e.g. same approach of URN.
		Editor’s note: another contribution is required for CSRMessage.
		Editor;s note: it is FFS how to realize authenticated scheme. The mandatory to support basic authenticated scheme uses the IAK secret for this purpose.
		Consequences of using/requiring other schemas shall be considered.

		Editor's note: another contribution is required for CSRMessage.

		Editor's note: it is FFS how to realize authenticated scheme. The mandatory to support basic authenticated
		scheme uses the IAK secret for this purpose. Consequences of using/requiring other schemas shall be considered.
		type: object
		required:
		- pkiHeader
		- pkiBody
		properties:
		pvno:
		pkiHeader:
		description: >
		A common information of PKI message for addressing and transaction identification.
		The structure and attributes are defined in IETF RFC 4210 and RFC 9480.
		type: object
		required:
		- pvno
		- sender
		- recipient
		- generalInfo
		properties:
		pvno:
		description: >
		Protocol Version Number. Fixed value “2” shall be set.
		type: integer
		sender:
		description: >
		@@ -179,7 +273,8 @@ definitions:
		properties:
		InfoType:
		description: >
		Indicate the type of Info. The namespaces and conventions for the values of this attribute that is OID defined as clause x.x.x.
		Indicate the type of Info. The namespaces and conventions for the values of this attribute that
		is OID defined as clause x.x.x.
		Permit values:
		• Certification type
		• Type of VNFC certification handling
		@@ -212,33 +307,58 @@ definitions:
		defined in IETF RFC 2986.
		$ref: "#/definitions/CSRMessage"

		#############################################################
		######################## TODOs ##############################

		CertificateInstance:
		CertReqMessages:
		description: >
		TBD

		SubjectInstance:
		This type represents a CertReqMessages.
		type: object
		required:
		- CertReqMsg
		properties:
		CertReqMsg:
		description: >
		TBD

		GeneralName:
		The structure and attributes are defined in IETF RFC 5912.
		type: object
		required:
		- CertRequest
		properties:
		CertRequest:
		description: >
		TBD

		CSRMessage:
		Information for the certificate request.
		type: object
		required:
		- CertTemplate
		properties:
		CertTemplate:
		description: >
		TBD
		Information for the certificate to be issued.
		type: object
		required:
		- subjectUID
		properties:
		subjectUID:
		description: >
		The value of the Identifier of the certificate target VNFCI as subject ID if
		this operation is used for the VNFCI certificate or VNF OAM certificate. See note.

		pkiHeader:
		NOTE: For the case of MANO certificate, this attribute is not supported in this
		version of the present document.
		type: integer

		#############################################################
		######################## TODOs ##############################

		GeneralName:
		description: >
		TBD

		CertRepMessages:
		CSRMessage:
		description: >
		TBD

		PKIStatusInfoType:
		description: >
		TBD
		type: string
		enum:
		- TBD
		- TBD1
		No newline at end of file