...
| Jira No | Summary | Description | Status | Solution | ||||
|---|---|---|---|---|---|---|---|---|
| Oparent.pom update | To ensure that Oparent.pom file has the latest references to available versions of components. | Amy updated Oparent.pom file with the latest and greatest versions available in the last week. | Warning: Jackson-mapper-asl - functionality moved to Jackson-databind with the latest version 2.10.0. For Guilin release Jackson-mapper-asl will be fully removed. | |||||
| VNF security requirements | Leftovers from El Alto to be collected. Special focus on ensuring that the language is clear and definition allows for an automatic tests - fitting OVP process. | 2 tickets were created from last week's call. Dealine before early spring. | We focus on testable requirements. | |||||
| OOM password generation update | Passwords in ONAP should be randomly generated but it generates issues related to update of components. That is an alternative idea is considered - person deploying ONAP must provide master password- based on HMAC. If we provide the same password for deployments, the passwords generated inside ONAP will gonna be the same. For upgrade with Master passrod, ONAP passwords will not change. | Change of password done with a reliable way. | Consequences of using m,aster password - if it is compromised . See Master Password attached file. | |||||
CII Badging update – Tony | To discuss with David McBride his role in supporting CII Badging | David to be invited for the next SECCOM meeting | E-mail was sent to David. David confirm his availability on 17th of December. | |||||
| ONAP access management - Natacha | User has an access to all services which is not ok | Service All ONAP components should implement fine grained authorization. Service Mesh POC could be a solution to further investigate, amount of work with AAF could be high as an alternative. | SECCOM proposed release assessment for TSC at 12/5 meeting -KPIs
-Define the passing criteria for security | Define the KPIs for the Frankfurt release Define the SECCOM passing criteria Owners of each KPI asked to update the KPI and passing criteria in Frankfurt security assessment | Code Coverage:
CII badging:
| Common session during DDF in Prague should be organized to address what do we want from service mesh to be solved and what are our short term plans.. | ||
remediating known vulnerabilities in third party packages - Amy | Upgrading direct dependencies to the latest greatest versions | We need to have Jira tickets opened for direct dependencies. at M2 and to be completed by M4. If not exception asked to TSC | Frankfurt security assessment (https://wiki.onap.org/display/DW/Frankfurt+Security+Assessment+Proposal) | Percentage values are proposed for each KPI. | Wiki with proposals is ready for comments | We have to book a slot at the next PTL call to present those proposals and then at the TSC call to present recommendation for approval. | ||
| Topics identified for next week's SECCOM agenda |
|
...