We start our meetings by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.
Agenda
START RECORDING
Duration
Agenda Item
Requested by
Notes / Links
Duration
Agenda Item
Requested by
Notes / Links
30 mins
Cross-project discussion
This meeting is reduced to 30 minutes
Rotating host
volunteer for this week: @Byung-Woo Jun
ONAP and LFN Collaboration
@Byung-Woo Jun
Discussions between Arpit Joshipura, Byung-Woo Jun, Jilll Lovato, Louis Llluzzi and Sunny Cai:
Arpit's input:
Highlight the value proposition of ONAP, including overall statistics (e.g., contributors, LOC, etc.) over its lifetime.
Provide deployment examples with links to DT, CMCC, Ericsson, and others
Emphasize the product integration of ONAP
Use headlines like: "From Control loops and Intent-based to full AI Orchestration and Management."
Highlight security contributions, such as those provided during the OPS 5G project by US Government for Networking slicing
Byung-woo Jun plans to add details about ONAP's service mesh and Ingress architecture and implementation
Address past criticisms of ONAP being too large and complex by emphasizing recent efforts, such as "streamlining microservices and modules, archiving legacy software, etc."
Byung-Woo Jun explained the ONAP Streamlining Evolution initiative to address these concerns
This is one shot we get. Let's make it BIG!
Byung-Woo Jun, together with ONAP TSC members, will collaborate with Jill, Louise, Sunny to create compelling marketing catch points.
Byung-Woo Jun, Jill Lovato, Louise Lluzzi and Sunny Cai (along with others) plan to hold an initial call sometime next week to outline our plans. Byung intends to engage with TSC members following the initial discussion.
Nephio GenAI Whitepaper
@Byung-Woo Jun
Sana Tariq from Telus is leading this effort, with Byung and other contributors also contributing to the paper.
Byung-Woo Jun presented the brainstorm at the TSC meeting this week.
Brainstorm:
Ensure ONAP core components are focused and operate independently, from build to runtime
DT finishes Argo-CD based component independent deployment
Argo-CD is a DT choice, but ONAP can allow other CDs, e.g., Flux (need contributors)
DT plans to productize some of the selected ONAP core components early next year in their TNAP production environment
Declarative and Intent-based component operations by the Repository-based Network Automation : see the ideas from ONAP Architecture Evolution - 2025.pdf
Make ONAP core components more autonomous and ready for use by both ONAP, LF and other external users
During New Delhi and Oslo releases, CPS and Policy achieved the OpenSSF Gold Badging status. Kudos to the team!
Continue to promote/facilitate other ONAP core components for the Gold Badging status (e.g., UUI, SDNC)
Incorporate more GenAI capabilities and use cases to the ONAP components, and promote the adoption of open-source LLM models and frameworks aligned with LF AI & Data and GenAI Commons
Collaborate with LF AI & Data GenAI Commons and Nephio GenAI for 5G and 6G
Open-source based models and controls
AI-Based Control Loop
AI Model-As-A-Service
ETSI ISG NFV compliance for AI?
Foster inter-community collaboration with other LF communities, such as O-RAN and Nephio
SDNC enhancements (which is used by O-RAN OAM as is)
Resource-based Orchestration Pattern (leveraging CD and Operator)
Energy saving / monitoring
Ensure the security of ONAP components and operations
The latest security mechanism for communications (service mesh enhancements leveraging Istio and coming Ambient Mesh)
Deprecate unused sub-components and mitigate security vulnerabilities
Define a secure LFN CI/CD pipeline by leveraging OpenSSF-associated reference tools
Security
@Amy Zwarico
@Paweł Pawlak
@Byung-Woo Jun
SECCOM will review the Java 21, Python, and Maven upgrades from the security perspective.
Paweł Pawlak, will explore the current status of versions; will discuss this further at the SECCOM; scanner from the weekly pipelines may help?? Andreas Geißler, will check, and let us know. Then, SECCOM will discuss.
How to deal with vulnerabilities. e.g., SDC, UUI - Angular dependency issues. Also, MPM
SECCOM plans to discuss these issues with PTLs at the next SECCOM meeting (next SECCOM meeting 2/4/2025)
Ramesh Murugan Iyer, Policy team will check vulnerabilities on direct dependencies; may need to open a ticket for the product (Sonatype) company; Kevin Sandi, asked Murali to send the test results before raising tickets; CycloneDX-based SBOM; may need a conversion between CycloneDX and SPDX; @Kevin Sandi , is working on it, still we cannot see the scan; will open a ticket for dependency tree .
So far, LFN supports SPDX only for their pipeline SBOM. SECCOM will discuss it further with the LF team. We need a conversion between CycloneDX and SPDX.
will discuss this at SECCOM tomorrow; Is it worth to bring CycloneDX to LFN???
Note: PTLs, thank you very much for closing the package update.
Note: SO, SDC, MultiCloud and DCAE (without PTLs) are open; DT offered their help on SDC, MultiCloud and DCAE. Thank you very much!!! @Andreas Geißler , any update / plan? Thanks.