Versions Compared

Old Version 1

changes.mady.by.user Amy Zwarico

Saved on

compared with

New Version Current

changes.mady.by.user Amy Zwarico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 19th 26th of October 2021.

Jira No
SummaryDescriptionStatusSolutionAAF replacement with ISTIO & Envoy & Open- Source Authentication & Authorization 

Byung presented reasons why not to using ONAP AAF. Uniform open-source standard-based architecture (ISTIO and Envoy based) was discussed.

OOM team for Instanbul release tried to achieve mTLS Service 2 Service communication.

Only commmunication to service via proxy allowed.

Please refer to attached slides in the bottom of this page. 

ongoing

We need the flow matrix - Byung might share.

More information about policy to be provided by Byung.

New Jira ticket template

Tracebility is crucial here. Muddasar shared deck on new Jira ticket template.

Goal is to use an existing ticketing system.

ongoingcomparizon analysis to be prepared by Muddasar.SBOM updateSPDX has become ISO standard. New version to come in next few months.ongoingSlides to be shared with Kenny by Muddasar.ONAP code quality improvement Work in Progress, Fabian received an e-mail last week - name of Kevin Sandy from LFN will be contacted. Eric Debau is also involved, ongoingKevin Sandy from LFN to be contacted.

PTLs meeting update
  • Bob’s presentation on logging requirements
    • Sylvain’s feedback: https://wiki.onap.org/display/DW/Jakarta+Best+Practice+Proposal+for+Standardized+Logging+Fields?focusedCommentId=111124278#comment-111124278TSC meeting report

    Security tests below 100% were traced to two problems

    • no exception in Java 8 in versions_xfail.txt for artifact-broker - Multicloud will add exception
    • no exception for non-ssl endpoint in nonssl_endpoints.txt for sndc-callhome - SDNC will add exception

    TSC approval for Istanbul RC and moved release signoff to 4 November.

    Discussion of project and repo statuses

    		committee report



    		Istanbul security achievements 

    Draft slides presented to SECCOM.

    • Action Item: present Logging, feature template, and SBOM to other LFN projects
    		ongoing

    		SBOM update

    To be confirmed if LFN would run SBOMs, as LFN signs the ONAP code. Kenny to be addressed

    Muddasar and Sean continuing to populate SBOM fields

    		ongoing

    		PTLs meeting update

    Logging feedback: questions about fields; confirmation that the proposal is approved by SECCOM; need sidecar to provide metadata

    		ongoingWorking session on Friday to continue the discussion.Synch with Integration Fabian met Integration team last week for the tools around security.

    To be checked if all tools used for security are still usefull.

    Study to be performed for the Kubescape

    		Friday's calls

    We keep on using Friday's calls for topics to be discussed.

    Moving bridge to zoom (ONAP13)

    		ongoing


    		OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 26th 2nd OF OCTOBERNOVEMBER'21. 





    Recording: 

    View file
    name2021-10-19_SECCOM_weekzoom_0.mp4
    height150

    SECCOM presentation:

    View file
    name2021-10-19 26 ONAP Security Meeting - AgendaAndMinutes.pptx
    height150

    ...