Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 18th of July 2023.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
ONAP disaggregation impact on SECCOM activities | Disaggregation is getting its momentum. 5-10% of projects time to be focussed on integration efforts. Aarna used EMCO to deploy slices, the same could be done with ONAP. ONAP is still handling high level orchestration if it comes to CNF orchestration it is delegated to Nephio. EMCO is talking about connecting to Nephio. We are looking at dev side of the security which is half part picture. Imact analysis is needed for ONAP disaggregation with focus on security, testing etc. SECCOM recommendations: (June 27)
Integration is needed when we want to keep ONAP notion as platform. Otherwise we have several individual components. Those components may have different testing strategies. With service mesh implementation individual authn and authz, or Keyclock are gone. We need to talk how to guide and educate companies on each function. It is critical to document and test APIs (min 3 APIs: management, service and autoreporting) - this is the scope of integration. Each TSC meeting we plan to progress with the discussion and decisions on ONAP evolution. | Pawel to work with ONAP TSC on addressing target evolution by identifying one by one migration concerns. | ||
LF IT CI/CD security review | Muddasar is not getting support for the ticket opened 1 month ago: IT-25429 Review of ONAP CI Threat Model and Security Controls Matt contacted Muddasar to say he will be on holidays and he will address this issue once he comes back. | Muddasar to send an e-mail to Jess, Kevin and Matt with additional info on what is needed. We expect this is info that could be provided on the fly by REL ENG. | ||
5 Years security questionnaire for Policy project | -https://wiki.onap.org/display/DW/PF+-+ONAP+Security+Review+Questionnaire -Confirmation from Policy project received about review completion. | ongoing | Tony to share initial feedback with Policy team. Next discussion point is 18th of July. | |
PTL meeting (July 10th) | Interesting discussion with Fiachra, Liam and Toine Java 17 migration takes several weeks Wiki already created by Liam for Policy: Dependency Upgrade in Policy Framework Oparent has served its purpose, multiple projects already override Oparent – to be discussed at the next PTL meeting. | To continue the discussion on Oparent removal at the next PTL meeting. Secure CI/CD for disaggregated ONAP to be further discussed too. | ||
TSC meeting (July 6th) | -Update on new Global Requirement: Use Native Service Mesh Authentication and Authorization for Intra-ONAP Communication
Voting on a London release – accepted. | Meeting with Infosys done. They will do the analysis. Access to environment will be crucial. Jira ticket for the new Global Requirement to be issued. | ||
Watching SA5 in the scope of Intelligence and automation | Maggie will keep an eye on it and keep us posted. | |||
LFN liason with 3GPP Working Groups | It is not clear whether LFN has umbrella liasons - to be further elaborated with Kenny. | Pawel to discuss on Wednesday's meeting with LFN team and book the slot for TSC meeting. | ||
NEXT SECCOM MEETING CALL WILL BE HELD ON 25th JULY 2023. |
Recordings:
SECCOM presentation: