...
| Jira No | Summary | Description | Status | Solution | Logging update based on Tata Communication | How ONAP is used in their production environment. They use logging aggregation (Logstash). There is collaboration oportunity for PoC. Byung presented differences between generic ONAP and Tata Communication. They use syslog for metrics and Logstash for logs aggregation. We are not using sidecar while Tata is using it. In our reference architecture we separate generation from aggregation. Removing Filebit implementation is for London release. Folo logging architecture there is no Best Practice yet. PoC shall be satisfying first. | ongoing | Bob to send information on Byung who are the key players. Details to be discussed next week. | SBOM status update | Ongoing escalation with Ranny, Jess close to complete SBOM with CPS | ongoing | 5G security | Security was not explicitly stated in ONAP but some features are part of the implementation. Managing network function, policy to pickup a new version and automatically spin up new VNF or CNF this new version and get rid of old xNF that was running. At the design time we want to deploy 5G core, ONAP would have to create some artifacts in K8s, we shall confirm if ONAP could be used also as security orchestrator (policy language should be rich enough to do that). Shall we address it with Use Case Subcommittee? Helping implementing secure slices would be important in configuration examples, templates etc. | Try to follow up, as Muddasar partcipates in the 5G meetings. |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Service Mesh presentation by Andreas Geissler | Andreas presented 4 networking options. Option 3 with ISTIO and Sidecar was recommended by SECCOM as default. | started | Discussion with Byung to be continued during OOM meeting. | |||||||||||
| David Wheeler presentation on SBOM and digital signatures | Operationalization of OpenSSF recommendations is not an easy topic... David's slides: https://docs.google.com/presentation/d/1BptlMG8kV14FutTMx3s9u4EnIL1Yzxt6-NID5H5XfAE/edit#slide=id.g13d496f372e_0_110 https://openssf.org/oss-security-mobilization-plan/
SBOM recommended to be part of build process. Package managers are good first step. SPDX in SECCOM uses package manager. Dan Lorenc wrote an interesting paper on what is inside the container | Centos version | Was updated by Amy, thank you Maggie for sharing info and links. | CentoS 9-stream is not yet released. | Service Mesh | Byung is working on it - it is a prioritized topic for him. Andrew is working on it. Once deplouyed, we will move avway from AAF. then Authentication and Authorization policy. | OpenSSF recommedation | How to operationalize it? LF IT needs to make those capabilites available like in Marketplace. It is important to allign OpenSSF recommendations with the budget, resources and deployment activities on LF IT side. | ||||||
| Next LFN events | ONE Summit NA Registration Open
LFN Developer & Testing Forum NA Registration Open
| Proposals to be submitted. David was contacted and invited by Maggie to SECCOM meeting. | DevOPS Pipelines IRS presentation | Youtube link disappears ;-( https://www.cloudbees.com/customers/IRS | ||||||||||
SECCOM MEETING CALL WILL BE HELD ON 26th OF July'22. Session with David Wheeler on SBOM. | logging implementation discussion continuation. |
Recording:
| View file | ||||
|---|---|---|---|---|
|
SECCOM presentation:
| View file | ||||
|---|---|---|---|---|
|