...
| Jira No | Summary | Description | Status | Solution | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Update on the Security Logging Fields and Global Requirement | -DRAFT slides: https://wiki.onap.org/display/DW/Security+Logging+Fields+-+Global+Requirement -Bob presented the deck and collected feedback.Implementatiojn does not require highly qualified resources to modify XML files. To be further investigated the project complexity and resources needed to implement.integrated comments from the last session -If no dependencies, 4 hours per container- info from CPS project Influencing O-RAN specs: security log tech report: https://oranalliance.atlassian.net/wiki/download/attachments/2547417415/O-RAN.SFG.Security%20Log%20Management-v00.02.docx?api=v2 | ongoing | Other than CPS project shall be involved for resource estimation for requirement implementation. Test proposal - can it be taken from CPS on how do you know it works? | ||||||||
| SBOM creation | Good news: It worked on DCAE VES repo. - SBOM file is generated successfully without any further manipulation after the SBOM SW upgrade LF IT will be introducing an another parameter in the Jenkins job that will allow to define the target path for the repo. | ongoing | Waiting for the feedbck on introducing and testing | Superblueprint | They preparing some demo for ONES NA. Security aspects would be good to cover, it would require to contribute and attend their meetings (on Tuesdays and Wednesdays). -Currently project team is seeking suggestion on Use cases: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=68792322 - Advisory group: https://wiki.lfnetworking.org/display/LN/Advisory+Group+Meeting+Minutes - Please feel free to add what you think will add value. - SBP FAQs: https://wiki.lfnetworking.org/display/LN/5G+Super+Blueprint+FAQ Security slicing definition to be explored. Is it related only to confidentiality? It can be securing entire Ci/CD pipeline | ongoing | Amy to share meeting invitation to SECCOM distribution list. | LF IT still veryfying cases – code should be modified as cleaner solution. LF IT seems to be short in resources. Sessions by Alain Friedman:
| ongoing | ||
Superblueprint | Use cases to be added, limited resources to go with E2E solution integration. | ongoing | |||||||||
| Service Mesh for Kohn release | followFollow-up of the Andreas presentation - service mesh used for communication as default. AuN and AuZ as next steps by E/// team. Connection to Keyclock is needed for user management with token. For London to be applied. E/// confirmed resources to contribute. AAF removal not ready for Kohn as providing full RBAC and certificates. Target to London. ISTIO GW configuration.We ave only one ONAP namespace. | Andreas will talk to Seshu.Byung will have internal meeting at E/// to keep resources to support service Mesh. | |||||||||
PTL meeting – July 25thKohn M3 scheduled for Sept 1August 1st | Cancelled. | ||||||||||
TSC meeting – July 21stApproved Kohn M2 under the condition that GR / Best Practice are color coded by all projects by M3.28th | -Confluence injection attack – plugin disabled -DTF submissions, no deadline yet | ||||||||||
Pawel and Amy submitted proposal, : ONAP’s Recipe for Managing CVEs and Securing Open Source Software Byung will present service descriptor and potentially new ONAP security architecture with service mesh. Proposal to be submitted - CFP deadline is July 29th | |||||||||||
| LFN Developer & Testing Forum NA | Productization of Assured Opensource Software SBOM implementation and challenges in ONAP | Brian to be asked by Muddasar as co-presenter for SBOM. | |||||||||
SECCOM MEETING CALL WILL BE HELD ON 9th OF August'22. |
...
| View file | ||||
|---|---|---|---|---|
|
SECCOM presentation:
| View file | ||||
|---|---|---|---|---|
|