/
2021-11-30 Security Subcommittee Meeting Notes

2021-11-30 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Dec 02, 2021
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 30th of November 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

Request from the Policy project group (Ramesh and Liam) 

‘cluster-admin’ permission on one of their helm charts in OOM for automate helm chart installation for microservice. 

Requested change in the OOM repository by defining a cluster role binding for the K8s participant (provided by CLAMP repository) in its HELM chart which allows the component to create/update/delete resources on the cluster scope.

K8s participant should have a mechanism that would validate HELM chart before deploying it. Those would be signatures, hashed or signed HELM chart. Service mesh in Jakarta could take part of securing access.

ongoing

Need to have a mechanism to validate the HELM chart and repository from which fetching the HELM chart from.

 

SECCOM presentations for incoming DDF (January).

Deadline for submission: December 3rd: 

  • SECCOM topics backlog for DDF (4 bullets we merge into one presentation: use cases, GRs and BPs):

    • Logging requirements clarification – Bob (why, rationale, requirement),/Byung (how, architecture and design perspective) - https://wiki.lfnetworking.org/display/LN/2022-01-DD+-+ONAP%3A+Security+and+Logging - flow matrix importance for authentication between components

    • New requirements for Jakarta – Amy/Pawel – all in one – GR review with David

    • Recommended versions (SECCOM and OOM) – Amy/Pawel/Sylvain

    • Packages upgrades - Jakarta update - Amy/Pawel

    • Unmaintained code handling and its impact on documentation (SECCOM + Documentation) - main session stream Amy/Pawel/Thomas/Eric

    • Code quality demo - main session stream - Fabian/Kevin

  • Interproject proposals:

    • SBOMs ONAP story – Muddasar/Pawel

ongoing

Fabian to share by e-mail his insight on flow matrix.

Fabian to check with Kevin/Thierry if by DDF we could provide demo.

 

TSC voting process for submitted requirements

Deadline is on 2nd of December.

ongoing

No action required on our side.

 

SECCOM MEETING CALL WILL BE HELD ON 4th OF DECEMBER'21. 

Quality gates for code quality improvements.

 

 

 

Recording: 

 

SECCOM presentation: