Versions Compared

Old Version 1

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Pawel Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolutionFinishing the RACI Matrix

https://wiki.onap.org/display/DW/Project+State%3A+Unmaintained

Some description modifications "or Delegated" in the TSC responsibility + TSC should be on updates.

ongoingPresent updates to TSC (Muddasar).

List of cryptographic protocols used in ONAP

Currently existing Wiki is not updated:

We could link to IANA with list of cypher up to date:

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

To consider default choice as best practice to use.

We focus first on the external API communication for the cyphers.

Tony proposed to make a direct reference per table to IANA in SECCOM Wiki.

ongoing

Network Slicing Security Enhancement Security Call Data Record presentation by David Armbrust from MITRE

View file
nameSCDR-Presentation-SECCOM.pptx
height250

STAY TUNED: At the upcoming DTF in Seattle MITRE will demonstrate one use case: detection of stolen or maliciously used credentials from authorized connections but anomalous locations.

Enterprise can use information exposed by SCDR records to identify suspicious behavior in their network slice​.

startedPTLs meeting

SECCOM Kohn upgrades status update:

DMaaP is finding false positive misidentification - waiting for more details from Fiachra.

Update on the Security Logging Fields and Global

Requirement  - need PoC for Python based containers. For Java based containers PTLs should strat adopting that. 

Requirement  

We need to have a volunteering PTL for Python container.ongoingWe come back have to PTLs at the next meeting with next update.identify right PTLs - Bob to generate the list.

Packages upgrades - updatePlease refer to slide no 3. No active PTLs type of projects have 0%. Some improvement achieved. ongoingTSC meeting

Catherine moving to TAC, not clear who is going to be a new TSC chair

3GPP YANG models usage and licensing problem – storing source code

ongoing

LFN projects after Amy’s discussion with Ranny

Security SME discussion for LFN TAC: https://wiki.lfnetworking.org/display/LN/2022+Security+SME+seat+role+definition

  • More secure best practices in place, being more proactice 
  • Security expertise provision to TAC
  • Advising TAC on security topics 
started

Update about Sonarcloud 

Bob opened the ticket: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-24461?sda_source=notification-email, all languages that are supported, are enabled. Some test, demo or archived code was obsered.closedTicket created by Thomas Kulik New request from Thomas: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-24491 resolved - not an issue

SECCOM MEETING CALL WILL BE HELD ON 20th 27th OF September'22. 

Architecture review template to be reviewed.

MITRE SCDR discussion.






Recordings: 

View file
name2022-09-20_SECCOM_week.mp4
height150

SECCOM presentation:

View file
name2022-09-20 ONAP Security Meeting - AgendaAndMinutes.pptx
height150