...
Jira No | Summary | Description | Status | Solution | Logging security discussion by Byung | Node vs. pod level logging update, pods logs visible but not yet with content, kyverno used for policy management. Meeting with Justin and Maggie scheduled later today by Byung. | ongoing | CPS Security review questionaire by Tony | Slot for a meeting with CPS team still under setup. | ongoing | Security issues raised by External researchers |
| ongoing |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Upcoming D&TF | Please register! -SECCOM proposals (TBD): https://wiki.lfnetworking.org/display/LN/2023-02+LFN+Developer+Event+Topics+February#id-202302LFNDeveloperEventTopicsFebruary-ONAPTopics | ongoing | Python PoC by Bob | Environment for testing is available ORAN SC is actively using Pylog, libraries under testing, | ongoing | Work in progress. Fiachra still to be contacted. | TSC meeting (26th January) | Architecture Subcommittee shared London status: niorttech.net | PTL meeting (30th JanuaryTSC meeting (2nd Fabruary) | TSC agrees in principle to form a special squad or task force to manage changes to projects that lack a PTL. Participants and details to be determined. Chaker is leading meeting at the Archcom later today. | |||
PTL meeting (6th Fabruary) | Review of Release Management tasks – started Looks like there is overlap between Architecture Subcommittee and PTLs tasks.continued | ||||||||||||
Unmaintained projects updateupdate | Jira tickets to be were issued for repos (34!) where no changes for last 12 months done. Feedback from 2 projects, one of them AAI and Sparky related one. Projects under OOM removal and from official architecture Wiki page (List from Byung): • AAF • CLAMP (still shown as a subcomponent) List from Amy:
| ||||||||||||
Logging security discussion | Problem of multitenancy and . SDC is doing tenant isolation by adding attribute tenant in logging. Focus on node level logging. Namespace is treated as object that would get privileges. We treat multitenancy in a sense: ONAP running as a Service. | ||||||||||||
CPS Security review questionaire by Tony | CPS provided their feedback. | ongoing | We should now review answers and provide comments by February 21st and CPS team could be invited to SECCOM on February 28th. | ||||||||||
Adoption of security practices | TAC meeting will be addressing it on Wedesday.
LF IT is entity that should implement SBOM tools insertion for all LF projects. | NTIA recommendation on integrity protections on SBOMs to be reviewed by Amy | |||||||||||
NSA NIST has also just joined ORAN Alliance.Security | logging support by Bob for AI/ML - 25 use cases proposed.https://www.nist.gov/news-events/news/2023/01/nist-joins-alliance-promote-open-wireless-technologies-and-supply-chains | ||||||||||||
SECCOM MEETING CALL WILL BE HELD ON 14th 21st February 2023. Node vs. pod level logging update by Byung. | CPS Security questionaire review questionaire by TonySECCOM. |
Recordings:
SECCOM presentation:
2023-02-07 ONAP Security Meeting - AgendaAndMinutes.pptx