Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

CMPv2 status update – Pawel/Hampus

Issue with lack of support from AAF for CMPv2 implementation.

CMPv2 client implementation connected with AAF CertMan as goal for Frankfurt release.

Issue with lack of support from AAF for CMPv2 implementation.

El Alto code does not build, some contradiction in the code.

Testing with 2 DCAE components (nokia) and SDNC (E///)

Meeting with Jonathan to be done today.VNF security requirementsLeftovers from El Alto to be collected. Special focus on ensuring that the language is clear and definition allows for an automatic tests - fitting OVP process.

2 tickets were created from last week's call.

Dealine before early spring.

We focus on testable requirements.OOM password generation updatePasswords in ONAP should be randomly generated but it generates issues related to update of components. That is an alternative idea is considered - person deploying ONAP must provide master password- based on HMAC. If we provide the same password for deployments, the passwords generated inside ONAP will gonna be the same. For upgrade with Master passrod, ONAP passwords will not change. Change of password done with a reliable way.Consequences of using m,aster password - if it is compromised . See Master Password attached file.

CII Badging update – Tony

To discuss with David McBride his role in supporting CII BadgingDavid to be invited for the next SECCOM meeting

E-mail was sent to David.

David confirm his availability on 17th of December.

 ONAP access management - NatachaUser has an access to all services which is not ok Service Mesh POC could be a solution to further investigate, amount of work with AAF could be high as an alternative.

SECCOM proposed release assessment for TSC at 12/5 meeting

-KPIs

  • CII badging – Tony
  • Closed OJSI tickets – Krzysztof
  • Known vulnerability management – Amy
  • Code Coverage – Amy/Pawel

-Define the passing criteria for security

Define the KPIs for the Frankfurt release

Define the SECCOM passing criteria

Owners of each KPI asked to update the KPI and passing criteria in Frankfurt security assessment


Code Coverage:

  • Pierre proposed a Frankfurt POC with CLAMP to measure testing on core and new functionality
  • Define core and non-core
  • Amy will reach out to Kenny and David to set up a meeting with SONAR to learn more about the tool.
  • SONAR reports on  the percentage of new code that is covered by a test. Need the definition of New and if it is possible to define in the tool.

CII badging:

  • Tony reviewed enhancements of his CII metrics website
  • Assurance case (documentation of project security measures)
    • Only 10 of 38 projects have answered this question (5 Met, 5 Unmet) d
    • Proposed that SECCOM produce a template for this case to be used by all projects
    • Get TSC approval for template
  • Communications Matrix pilot - Natacha working with DCAE project (Vijay)
Frankfurt security assessment (https://wiki.onap.org/display/DW/Frankfurt+Security+Assessment+Proposal)

Percentage values are proposed for each KPI.

Wiki with proposals is ready for commentsWe have to book a slot at the next PTL call to present those proposals and then at the TSC call to present recommendation for approval. Topics identified for next week's SECCOM agenda
  • CMPv2 status update – Pawel/Hampus
  • CII Badging update – Tony/DavidCII Badging update - Tony

    tlhansen.us/onap/cii.html


    None response still coming from some projects.

    Some of the CII editors moved and we need to have somebody who has an access to all .

    For silver level for some questions we have completely no answers.

    Tony will send a summary of answers to David, so ONAP wide answers could be unified accross projects.

    ONAP and SOL004 VNF signature update – Samuli

    View file
    namemasterpassword-algorithm.pdf
    height150

    View file
    nameaccess_management.pptx
    height150

    View file
    name2019-12-10 ONAP Security Meeting - AgendaAndMinutes.pptx
    height150

    ...

    ONAP SECCOM Priority 2: Integrity Verification at Instantiation

    ONAP SECCOM P.riority 3: Service Provider Ability to Sign the Artifacts - no exact mechanism specified yet.

    it is not yet an operational requirement.

    Package signature is valiated at the onboarding, in the instantiation individual signatures.

    Explot occured operationally already via lack of signatures in operators networks.