As a deployer of ONOS, I need to be able to trust that the ONOS has been protected from unauthorized access via CLI, REST API & GUI so that I can deploy it in sensitive environments.
- Document & provide tools to change default set of credentials in Karaf in order to disable the untrusted passwordless bin/client and to enable trusted passwordless ssh access to the Karaf CLI.
- Document & provide tools to configure HTTPS on Karaf/Jetty including on how to setup SSL certificates.
- Modify ONOS REST web.xml file to require HTTPS.
- Modify ONOS GUI web.xml file to require HTTPS.
- Switch REST API security model to token-based authentication.
- Enhance GUI to use form-based login for better aesthetics.
Clearly, this epic story ought to be split into individual & smaller stories.
Also, this would be an ideal project for external contributors as it offers high value, but has low intersect with other core features.