2023-08-01 Security Subcommittee Meeting Notes

Documenting APIs

Meeting with Thomas Kulik on Thursday planned by Muddasar

ORAN and other standardization bodies are good in documenting APIs and good be good reference for ONAP.

Disaggregation impact on quality assurance and testing 

Byung prepared slide deck that was presented at the TSC as intro. Meetings at SECCOM, ARCCOM and OOM moving forward. We plan to prepare more detailed deck - more formal report for the TSC.

ONAP Streamlining - The Process (Link)

Java 17 vs. Java 21

We propose ONAP project to upgrade to Java 17, packages as there might be some missing dependencies for Java 21, so projects might target it but juno from 11 directlly to 21 might be a significant effort.

LF IT CI/CD security review

85-90% information received by Muddasar. 

Good security hardening is already in place.

Matt will take a look what other enterprise tools have accesss to CI/CD pipeline- to be further documented.

Amy to look into the slide deck sent by Muddasar.

3GPP and Intent Based Networking

Next Tuesday at the Architecture Subcommittee 3 companies will be presenting their interest in this area:

China Telecom - focus on native traslation in UUI and fitting existing ONAP to control loop

China Mobile - handle more generic modeling and API based on TMForum and 3GPP SA5 specs.

E/// - different focus

SA3 focus on security.

5 Years security questionnaire for Policy project

https://lf-onap.atlassian.net/wiki/display/DW/PF+-+ONAP+Security+Review+Questionnaire

All answers were reviewed, additional comments and questions were raised.

Tony to send to Policy team an update from today's review.- TBC

ONAP plans

Montreal most probably will be run as marketing umbrella for short to mid term.

Projects will play with minor and patch versions.

NEXT SECCOM MEETING CALL WILL BE HELD ON 8th of August 2023.