Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Andreas will talk to Seshu.

Jira No
SummaryDescriptionStatusSolution

Update on the Security Logging Fields and Global Requirement  

-DRAFT slides: https://wiki.onap.org/display/DW/Security+Logging+Fields+-+Global+Requirement

-Bob integrated comments from the last session

-If no dependencies, 4 hours per container- info from CPS project

Influencing O-RAN specs:  security log tech report: https://oranalliance.atlassian.net/wiki/download/attachments/2547417415/O-RAN.SFG.Security%20Log%20Management-v00.02.docx?api=v2

ongoing

Other than CPS project shall be involved for resource estimation for requirement implementation.

Test proposal - can it be taken from CPS on how do you know it works?

SBOM creation 

LF IT still veryfying cases – code should be modified as cleaner solution.

LF IT seems to be short in resources.

Sessions by Alain Friedman:

  • what tools do we need
  • how do we handle cloud SBOMs (serverless scenarios) and responsibilities
  • vulnerability exchange (format, exchange scenarios) etc.
ongoing

Bob on holidays. Byung's account on O-RAN was disabled.

Bob was in touch with Dan Timoney, potential issue with interface container which is Java based

Vijay’s opinion on 4 hours LoE: a bit too optimistic, non java projects (java script) to be explored as higher impact.

ongoing

Byung to re-gain access to O-RAN.


SBOM creation 

Muddasar talked to Jess last week. CPS was not failing due to path parameter, version was not according to LF recommendation: Release Versioning Strategy. Muddasar shared this info with PTLs on August 8th.

ongoing

Java script containers

Info from Tony:

Node.js

The even-numbered versions of Node.js roll through “current” status, “Active LTS” status, and “Maintenance LTS” status. New releases come out every 6 months. So a current release becomes LTS 1 year later, then Maintenance LTS 1 year after that for an additional 1.5 years.

The current version is v18, the active LTS is v16, and maintenance LTS is v14. V14 is active through Apr 2023.

We should make sure that we are using Containers with Node.js v14, v16 or v20.

This MIGHT be automatic if we are using current node.js containers.

startedto be further explored the number of java script containers and recommended releases.

Superblueprint

Use cases to be added, limited resources to go with E2E solution integration.

Weekly meetings: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=50528282

Architecture: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=53609061

Roadmap: https://wiki.lfnetworking.org/display/LN/5G+Super+Blueprint+Roadmap

Requirements and Use case Advisory Group: https://wiki.lfnetworking.org/display/LN/Requirements+and+Use+Case+Advisory+Group

Use cases: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=68792322

ongoingService Mesh for Kohn release

Follow-up of the Andreas presentation - service mesh used for communication as default.

AuN and AuZ as next steps by E/// team. Connection to Keyclock is needed for user management with token. For London to be applied. E/// confirmed resources to contribute.

AAF removal not ready for Kohn as providing full RBAC and certificates. Target to London.

ISTIO GW configuration.We ave only one ONAP namespace.

PTL meeting – August 1st

CancelledUse cases to be added, limited resources to go with E2E solution integration.

ØNext meeting later today, resource assignment needs to be done

Secure slicing needs to be better defined.

Major focus on setting up 5G with open source components.

ongoingLogistic from program perspective needs to be improved.

PTL meeting – August 8th

Naming convention has an impact on SBOM creation, PTLs need to follow LF recommended naming convention: https://lf-onap.atlassian.net/wiki/display/DW/Release+Versioning+Strategy

Unmaintained projects.




TSC meeting – July 28th

-Confluence injection attack – plugin disabled

-DTF submissions, no deadline yet




Pawel and Amy submitted proposal: ONAP’s Recipe for Managing CVEs and Securing Open Source Software

Byung will present service descriptor and potentially new ONAP security architecture with service mesh.




LFN Developer & Testing Forum NA 

Productization of Assured Opensource Software - Muddasar

SBOM implementation and challenges in ONAP - Muddasar

5G orchestration with ONAP, AI and ML. - Maggie


Brian to be asked by Muddasar as co-presenter for SBOM.

Node.js recommended upgrades

We start this topic.

The even-numbered versions of Node.js roll through “current” status, “Active LTS” status, and “Maintenance LTS” status. New releases come out every 6 months. So a current release becomes LTS 1 year later, then Maintenance LTS 1 year after that for an additional 1.5 years.

The current version is v18, the active LTS is v16, and maintenance LTS is v14. V14 is active through Apr 2023.

We should make sure that we are using Containers with Node.js v14, v16 or v20.

This MIGHT be automatic if we are using current node.js containers.

stratedto be further explored the number of java script containers and recommended releases.

SECCOM MEETING CALL WILL BE HELD ON 16th OF August'22. 





...

View file
name2022-08-09_SECCOM_week.mp4
height150


SECCOM presentation:

View file
name2022-08-09 ONAP Security Meeting - AgendaAndMinutes.pptx
height150