2021-10-19 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 19th of October 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

AAF replacement with ISTIO & Envoy & Open- Source Authentication & Authorization 

Byung presented reasons why not to using ONAP AAF. Uniform open-source standard-based architecture (ISTIO and Envoy based) was discussed.

OOM team for Instanbul release tried to achieve mTLS Service 2 Service communication.

Only commmunication to service via proxy allowed.

Please refer to attached slides in the bottom of this page. 

ongoing

We need the flow matrix - Byung might share.

More information about policy to be provided by Byung.

 

New Jira ticket template

Tracebility is crucial here. Muddasar shared deck on new Jira ticket template.

Goal is to use an existing ticketing system.

ongoing

comparizon analysis to be prepared by Muddasar.

 

SBOM update

SPDX has become ISO standard. New version to come in next few months.

ongoing

Slides to be shared with Kenny by Muddasar.

 

ONAP code quality improvement 

Work in Progress, Fabian received an e-mail last week - name of Kevin Sandy from LFN will be contacted. Eric Debau is also involved, 

ongoing

Kevin Sandy from LFN to be contacted.

 

PTLs meeting update

ongoing

Working session on Friday to continue the discussion.

 

Synch with Integration 

Fabian met Integration team last week for the tools around security.

 

To be checked if all tools used for security are still usefull.

Study to be performed for the Kubescape

 

Friday's calls

We keep on using Friday's calls for topics to be discussed.

ongoing

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 26th OF OCTOBER'21. 

 

 

 

 

Recording: 

SECCOM presentation: