Versions Compared

Old Version 3

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Pawel Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolutionSECCOM electionsPlease validate your company representative status to be able to vote as requested by Kenny in his e-mail.doneTo know when elections are scheduled.

Guilin M4 status update 

To be provided by SECCOM requirements leaders - requirementsongoingM4 deadline shifted to next TSC on 17th of September.Meeting with David last Friday for Correlation of Guilin Issues to Release Requirements and Component Commitments

Requirements under review:

  • Upgrades on java (REQ-351)
  • Upgrades on Python (REQ-373)
  • Ensuring HTTPS runs (REQ-231)
  • Non running as root (REQ-362)
  • Limits on amount of resources that are consumed by a container - part of CIS Benchmak (REQ-356REQ-357)

There are tests built for the pipeline for all of above. If not meeting those requirements, exception process must be issued, so integration team could white list it and not block the tests.

Krzysztof presented on the last PTL call how to remove Python2 interpreter. 

PTL update

Maintenance release – too much proces.

Issue with Windriver lab

HELMv2 EoL – Krzysztof - https://helm.sh/blog/helm-v2-deprecation-timeline/ - next step – TSC meeting, suggestion to migrate in RC0. Impact only on OOM.


Next week SECCOM meetingTo avoid conflict with ONES event, we decided to cancel our SECCOM meeting next week. doneE-mail reminder to be sent to SECCOM distribution list.

LFN Fall Technical Meetings October 13 - 15, 2020

Topics from SECCOM:

Service Mesh and packges upgrades.

ongoingTo propose topics by 25th of September.

ONAP Flow matrix - next steps

No specific updates since January'20. MVP definition (components without ONAP would  not work) is crucial to indicate which flows are more important to start with.

We keep format of yaml file.

PTLs collaboration is important.

We focus initially on RUN TIme components.

ongoing

Consultancy to be done with Architecture Subcommittee.

Feedback from DCAE PTL to be shared.

To be checked with Policy and CLAMP for flows 


Java version for CLAMP – open distro

Latest Open distro versions are 12 or 14 but not LTS.

We suggest to keep 11.0.1 for CLAMP.

ongoingComparison to be done between Java versions 11, 12 and 14. Vulnerabilities between 11.0.1 and 11.0.6 to be documentedTSC update

Need to present the table and how we are going to handle it.

Need to present HELMv2 EoL.

To synch up with Morgan, on who is going to fill-out the table with exceptions.

Amy to check for availability.

O-RAN cipher recommendations

We put reference to O-RAN documentation for SSH and TLS Cyphers. 

Test to be shared. 

SSH recommendations: ATT-2020.05.03-STG-Chapter_O-RAN-Security-CR0004.docx

TLS recommendations: ATT-2020.06.24-STG-Chapter_O-RAN-Security-CR0008-v5.docx

ongoing

SSL test to be provided by Fabian - to be shared with Morgan.

Document to be posted on the Wiki.


PTL update

CII Badging – Tony

Issue with Windriver lab – Azure considered as an alternative

PTLs to complete exception requests for security-related requirements for Guilin

HELMv2 EoL – Krzysztof - https://helm.sh/blog/helm-v2-deprecation-timeline/ - next step – TSC meeting (this week), suggestion to migrate in RC0 (NEW DATE: October 12th




CII Badging Silver Level questions

We focus on application security Must haves:

  • Crypto Weaknesses
  • Implement Secure Design
  • Crypto credentials Agility
Last SECCOM actions review

Ticket was opened to LFN IT (Nexus replacement with Harbor) but no response yet.

Fabian has service account and authorization policy.

E-mail was sent to Seshu (for Flow matrix update for SO), but no response received so far. 

Sylvain need to modofy the code to give achance to install ONAP with or without Service Mesh.



Open Networking & Edge Summit North America 2020
September 28 & 29, 2020 (Virtual Event)


Samuli and Amy will present a topic at ONES - presentation  to be shared with SECCOM LFN Fall Technical Meetings October 13 - 15, 2020

Topics from SECCOM: Service Mesh and packges upgrades.

Fabian to share outputs from Service Mesh and flow matrix.

Flow matrix must be top Priority for Honolulu release and its lack shall be blocking. 

To review the logs to collect flow matrix inputs! For external one we must get the info from PTLs, for internal we can get info from Service Mesh Kiali.

CII BadgingSession to be organized by Tony  at the PTLs call just after M4 is completed.To review Silver level questions for nomination for PTLs work in Honolulu release.Redhat presentation for ONAP container registryTo be shared with SECCOM distribution list.MVP for ONAPFor the definition it could be based on exception fields.Check list shall be defined and discussed.Service account - updateOne service account can be shared with several pods.


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON xx 6th OF SEPTEMBEROCTOBER'20. 

MVP check list.

CII Silver level questionsONES NA  testimony




Recording:

View file
name2020-09-22_SECCOM_week.mp4
height150

SECCOM presentation:

View file
name2020-09-22 ONAP Security Meeting - AgendaAndMinutes.pptx
height150

...