2022-08-02 Security Subcommittee Meeting Notes
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 2nd of August 2022.
Jira No | Summary | Description | Status | Solution |
| Update on the Security Logging Fields and Global Requirement | -DRAFT slides: https://wiki.onap.org/display/DW/Security+Logging+Fields+-+Global+Requirement -Bob integrated comments from the last session -If no dependencies, 4 hours per container- info from CPS project Influencing O-RAN specs: security log tech report: https://oranalliance.atlassian.net/wiki/download/attachments/2547417415/O-RAN.SFG.Security%20Log%20Management-v00.02.docx?api=v2 | ongoing | Other than CPS project shall be involved for resource estimation for requirement implementation. Test proposal - can it be taken from CPS on how do you know it works? |
| SBOM creation | LF IT still veryfying cases – code should be modified as cleaner solution. LF IT seems to be short in resources. Sessions by Alain Friedman:
| ongoing |
| Superblueprint | Use cases to be added, limited resources to go with E2E solution integration. | ongoing |
| Service Mesh for Kohn release | Follow-up of the Andreas presentation - service mesh used for communication as default. AuN and AuZ as next steps by E/// team. Connection to Keyclock is needed for user management with token. For London to be applied. E/// confirmed resources to contribute. AAF removal not ready for Kohn as providing full RBAC and certificates. Target to London. ISTIO GW configuration.We ave only one ONAP namespace. |
| Andreas will talk to Seshu.
| PTL meeting – August 1st | Cancelled. |
| TSC meeting – July 28th | -Confluence injection attack – plugin disabled -DTF submissions, no deadline yet |
| Pawel and Amy submitted proposal: ONAP’s Recipe for Managing CVEs and Securing Open Source Software Byung will present service descriptor and potentially new ONAP security architecture with service mesh. |
| |
| Productization of Assured Opensource Software SBOM implementation and challenges in ONAP |
| Brian to be asked by Muddasar as co-presenter for SBOM. | |
SECCOM presentation: