-
Type:
Story
-
Status: Closed (View Workflow)
-
Priority:
Minor
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 1.3.0
-
Component/s: None
-
Labels:
-
Story Points:5
-
Epic Link:
-
Sprint:Drake Sprint 2 (7/27-8/14) 2, Drake Sprint 3 (8/17-8/28)
As a deployer of ONOS, I need to be able to trust that the ONOS has been protected from unauthorized access via CLI, REST API & GUI so that I can deploy it in sensitive environments.
Implementation Notes:
- Document & provide tools to change default set of credentials in Karaf in order to disable the untrusted passwordless bin/client and to enable trusted passwordless ssh access to the Karaf CLI.
- Document & provide tools to configure HTTPS on Karaf/Jetty including on how to setup SSL certificates.
- Modify ONOS REST web.xml file to require HTTPS.
- Modify ONOS GUI web.xml file to require HTTPS.
Potential extras:
- Switch REST API security model to token-based authentication.
- Enhance GUI to use form-based login for better aesthetics.
Clearly, this epic story ought to be split into individual & smaller stories.
Also, this would be an ideal project for external contributors as it offers high value, but has low intersect with other core features.