Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 28th of April 2020.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
New Notary v2 project - address container image signing | Tero shared info about this new project. In general it aims at validation of container images. Notary v2 use cases: https://github.com/notaryproject/requirements/blob/master/scenarios.md Industry telcom part is missing as contributor. According to lastest ETSI NFV specs containers could be also signed by the operator. OCI artefacts project aiming for modyfying image registry so that helm charts could be stored. | |||
TSC logging presentation – discussion point | 20_04_30_ONAPLoggingGuilin_V1.pptx | ONAP project use of Logging | TSC decision is needed, so proposal to be sent to TSC. Comments collection by 29th of April COB. | |
| Hardcoding certificates in docker images | PKI - public certificate that is signed by the Certificate Authority. AAF contains hardcoded trust store. According to Krzysztof this is a security issue as root CA in ONAP is already compromised. By default none of the ONAP images should trust that CA. Only If user is deploying ONAP for testing, in lab environemnt, it is fine to use that. A lot of components use AAF hardcoded certificate. Trust store that is in the AAF agent image should be removed from that image and placed in the OOM as a resource and delivered in the image at the deployment time. | We need to have an agreement from projects. This proposal to be presented at the PTLs call. | ||
Synch meeting with Requirements Subcommittee | Synch meeting with Requirements Subcommittee – we missed the one on 27th of April to present SECCOM requirements for Guilin release – next meeting is sccheduled on May 11th. CMPv2 requirements will be presented by Pawel on to the Requirements Subcommittee. | |||
| CII Badging requirement | Jira tickets to be created info to be shared with Krzysztof. | |||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 12th OF MAY'20. |