2021-10-19 Security Subcommittee Meeting Notes
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 19th of October 2021.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
| AAF replacement with ISTIO & Envoy & Open- Source Authentication & Authorization | Byung presented reasons why not to using ONAP AAF. Uniform open-source standard-based architecture (ISTIO and Envoy based) was discussed. OOM team for Instanbul release tried to achieve mTLS Service 2 Service communication. Only commmunication to service via proxy allowed. Please refer to attached slides in the bottom of this page. | ongoing | We need the flow matrix - Byung might share. More information about policy to be provided by Byung. |
| New Jira ticket template | Tracebility is crucial here. Muddasar shared deck on new Jira ticket template. Goal is to use an existing ticketing system. | ongoing | comparizon analysis to be prepared by Muddasar. |
| SBOM update | SPDX has become ISO standard. New version to come in next few months. | ongoing | Slides to be shared with Kenny by Muddasar. |
| Work in Progress, Fabian received an e-mail last week - name of Kevin Sandy from LFN will be contacted. Eric Debau is also involved, | ongoing | Kevin Sandy from LFN to be contacted. | |
| PTLs meeting update |
| ongoing | Working session on Friday to continue the discussion. |
| Synch with Integration | Fabian met Integration team last week for the tools around security. |
| To be checked if all tools used for security are still usefull. Study to be performed for the Kubescape |
| Friday's calls | We keep on using Friday's calls for topics to be discussed. | ongoing |
|
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 26th OF OCTOBER'21. |
|
|
|
Recording:
SECCOM presentation:
AAF replacement with Service-Mesh and Open-Source Security, AAF-CADI_Replacement_W_ISTIO-Envoy-MutualTLS.pptx