Versions Compared

Old Version 1

changes.mady.by.user Paweł Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

ONAP disaggregation impact on SECCOM activities

Disaggregation is getting its momentum.

5-10% of projects time to be focussed on integration efforts.

Aarna used EMCO to deploy slices, the same could be done with ONAP.

ONAP is still handling high level orchestration if it comes to CNF orchestration it is delegated to Nephio. EMCO is talking about connecting to Nephio.

We are looking at dev side of the security which is half part picture.

Imact analysis is needed for ONAP disaggregation with focus on security, testing etc.

SECCOM recommendations: (June 27)

  • Create catalog of APIs for each ONAP project
  • Best practices and global requirements will still apply to each project
  • Keep SECCOM as a resource
  • ONAP becomes a service based on integrations
  • Definition of unmaintained project may have to be modified
  • TSC may have to decide on the bindings and projects
  • Need a task force for disaggregation
  • Action Item: Create a best practice for documenting APIs for the Montreal release – Muddasar will talk to Thomak KulickKulik

Integration is needed when we want to keep ONAP notion as platform. Otherwise we have several individual components. Those components may have different testing strategies. With service mesh implementation individual authn and authz, or Keyclock are gone. 

We need to talk how to guide and educate companies on each function.

It is critical to document and test APIs (min 3 APIs: management, service and autoreporting) - this is the scope of integration.

Each TSC meeting we plan to progress with the discussion and decisions on ONAP evolution.


Pawel to work with ONAP TSC on addressing target evolution by identifying one by one migration concerns.

LF IT CI/CD security review

Muddasar is not getting support for the ticket opened 1 month ago:

 IT-25429 Review of ONAP CI Threat Model and Security Controls

Matt

confirmed he will setup a meeting with Muddasar Ahmed  to better understand what is expected		TAC update

security presentation by Amy Zwarico   2023-06-21-TAC-LfnProjectSecurity.pptx

CPS Road to gold 

CPS PoC under preparation – Jess is configuring 2FA for committers - done.

OJSI list communication with Jess -some members should be removed/added

Amy to check with Jess on updated list for OJSI distribution list

contacted Muddasar to say he will be on holidays and he will address this issue once he comes back.


Muddasar to send an e-mail to Jess, Kevin and Matt with additional info on what is needed. We expect this is info that could be provided on the fly by REL ENG.

5 Years security questionnaire for Policy project

-https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/PF+-+ONAP+Security+Review+Questionnaire

-Confirmation from Policy project received about review completion.

ongoingTony to share initial feedback with Policy team. Next discussion point is 18th of July.

Latest weekly scans – still looking for owner of zk-tunnel-svc

Bob reviewed gerrit logs.


PTL meeting (June 26thJuly 10th)

discussion: pairwise testing may not be needed

Daily integration tests

  • root pods: UUI will add image to exception list; add dcae-snmptrap-collector to exception list
  • node port: dcae-snmptrap-collector must run as node port; Andreas Geißler to see how to suppress finding
  • versions: Andreas Geißler to fix problem with test and rerun the weekly test

July 3rd meeting cancelled

OpenSSF badging questionnaires updated to reflect status of unmaintained projects

TSC meeting (June 15th)

Interesting discussion with Fiachra, Liam and Toine

Java 17 migration takes several weeks

Wiki already created by Liam for Policy: Dependency Upgrade in Policy Framework

Oparent has served its purpose, multiple projects already override Oparent – to be discussed at the next PTL meeting.


To continue the discussion on Oparent removal at the next PTL meeting.

Secure CI/CD for disaggregated ONAP to be further discussed too.


TSC meeting (July 6th)

-Update on new Global Requirement: Use Native Service Mesh Authentication and Authorization for Intra-ONAP Communication

  • Meeting with Infosys team still to be organized on Wednesday June 21st.

Gerrit upgrade re-planned by Kevin - after TSC meeting Andreas will let Kevin know when upgrade could be provided

Kevin to prepare info on which version and what are the drivers for an upgrade 
  • Infosys will work on removing basic auth in SO and AAI

Voting on a London release – accepted.


Meeting with Infosys done. They will do the analysis. Access to environment will be crucial.

Jira ticket for the new Global Requirement to be issued.

Badging Dashboard

Projects in unmaintained status still have active badging questionnaire

David was asked to help in marking quesionnaire as unmaintained, Tony organized meeting with David to show what needs to be done.

Changes are made.


4th JULY SECCOM CANCELLED

SECCOM Watching SA5 in the scope of Intelligence and automation 		Maggie will keep an eye on it and keep us posted. 


LFN liason with 3GPP Working GroupsIt is not clear whether LFN has umbrella liasons - to be further elaborated with Kenny.

Pawel to discuss  on Wednesday's meeting with LFN team and book the slot for TSC meeting.


NEXT SECCOM MEETING CALL WILL BE HELD ON 18th JULY 2023. 







Recordings: 

2023-07-11_SECCOM_week.mp4

SECCOM presentation:

2023-07-11 ONAP Security Meeting - AgendaAndMinutes.pptx