2021-02-09 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Feb 16, 2021
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 9th of February 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

LFN event

2 presentations provided:

  • packages upgrades (Amy, Vijay and  Pawel)

  • CII Badging (Tony)

Feedback from Kenny on maintaining historical data on CII Badging answers - done by Tony.

done

Slides on SECCOM requirements to be presented at the next Requirements Subcommittee meeting on Monday February 15th. 

POM file version to be provided to PTLs.

Exception process with deadline before RC0.

 

ONAP Log security management

Fabian shared his presentation:

2 types of basic image hardening. It was done by Morgan (for both java and python).

PoCs with SPC (brand news project) and Policy (project which already took efforts to integrate with logging and uses stdout aready!) proposed to move forward.

ongoing

Next steps 

Deploy logging architecture

Analyze events linked to threats

 

 

 

Morgan to be consulted with standard images.

To be confirmed if Policy uses a standard image - not yet but planned to use in Honolulu release.

 

Anuket - new project

Update from Samuli:

Anuket and XGVela: define common PaaS services. Anuket: the basic PaaS services, XGVela the telco specific.
Presentation on Feb 3rd : “Beyond IaaS/CaaS for Cloud Infrastructure in RM”; Walter Kozlowski, Petar Torre, Pankaj Goyal, ..  Slides: https://wiki.lfnetworking.org/download/attachments/50528563/Platform_Services_Beyond_IaaS_CaaS.pdf?version=2&modificationDate=1612116560000&api=v2 .
Minutes, & assume also link to recording will be here: https://wiki.lfnetworking.org/x/MwEDAw 
Summary:
Anuket (merge of CNTT and OPNFV) aims to define common PaaS services for telco CNF platforms!
There was discussion of what services could those be (see a draft/example list on slide 6).
There was also discussion on how deep Anuket can/shall go, see slide 9. Eg: specify only the service type, or the concrete CNCF service like Prometheus, also the version, also the usage ie ‘common data model’ like written on slide 9.
Motivation: to avoid operators to have a lot of integration work of CNFs. Eg: CNFs are using various logging.

 

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 16th OF FEBRUARY'21. 

 

 

 

Recording:

 

SECCOM presentation: