Page History

...

• Short Description:  One line description of topic

• Community:  ONAP
• Detailed Description: Continuation of efforts in removing hardcoded passwords in ONAP
• Topic Leader(s): Krzysztof Opasiak 
• Scribe (Capture important commentary and record action items): name1, name2
• Moderator (Monitor Chat, organize questions, manage time): name1
• Host (Manage/Control Bridge functions):  You can appoint an alternate host, but we recommend that the Moderator and the Host be the same person.
• Expected duration: 30/45 mins?
• Interested In Attending: Pawel Pawlak Samuli Kuusela .

...

ONAP: Communication matrix 

• Short Description:  Review of the Communication matrix status for an external communication in DCAE context

• Community:  ONAP
• Detailed Description: Detailed description of topic
• Topic Leader(s): Natacha Mach 
• Scribe (Capture important commentary and record action items): name1, name2
• Moderator (Monitor Chat, organize questions, manage time): Natacha Mach name1
• Host (Manage/Control Bridge functions):  You can appoint an alternate host, but we recommend that the Moderator and the Host be the same person.
• Expected duration: 30/45 mins?
• Interested In Attending: Pawel Pawlak Samuli Kuusela

...

ONAP: Package upgrade strategy

...

• Short Description:  Continuation of VNF secirity requirements updates

• Community:  ONAP
• Detailed Description: Set of requirements under review
• Topic Leader(s): Amy Zwarico 
• Scribe (Capture important commentary and record action items): name1, name2
• Moderator (Monitor Chat, organize questions, manage time): Amy Zwarico 
• Host (Manage/Control Bridge functions):  You can appoint an alternate host, but we recommend that the Moderator and the Host be the same person.
• Expected duration: 60 mins?
• Interested In Attending: Pawel Pawlak  Samuli Kuusela

...

Logs management evolution in ONAP

• Short Description:  From security perspective this topic is very important and unfortunately not progressing in ONAP

• Community:  ONAP
• Detailed Description: 

  • Draft recommendation idea:

    1. common place for data - all applications should generate logs that can be collected by Kubernetes (rtarget for G release)
    2. common format for data - format of minimum data that we want that is usefull (target for H release)
• Topic Leader(s): Pawel Pawlak 
• Scribe (Capture important commentary and record action items): name1, name2
• Moderator (Monitor Chat, organize questions, manage time): Pawel Pawlak 
• Host (Manage/Control Bridge functions):  You can appoint an alternate host, but we recommend that the Moderator and the Host be the same person.
• Expected duration: 30 mins
• Interested In Attending: Samuli Kuusela .

...

Service Mesh analysis as alternative for part of ONAP AAF (policy enforcement)

• Short Description:  One line description of topic

• Community:  ONAP
• Detailed Description: Discussion on policy enforcement part and how Service MEsh could fulfill this gap
• Topic Leader(s): Krzysztof Opasiak 
• Scribe (Capture important commentary and record action items): name1, name2
• Moderator (Monitor Chat, organize questions, manage time): Krzysztof Opasiak name1
• Host (Manage/Control Bridge functions):  You can appoint an alternate host, but we recommend that the Moderator and the Host be the same person.
• Expected duration: 30/45 mins?
• Interested In Attending: Pawel Pawlak Krzysztof Opasiak Amy Zwarico Samuli Kuusela .

...

ONAP and CNTT allignment meeting

...

• Short Description:  Review of best practices implemented in Akraino taht could be used for ONAP

• Community:  ONAP
• Detailed Description: 
• Topic Leader(s): Amy Zwarico 
• Scribe (Capture important commentary and record action items): 
• Moderator (Monitor Chat, organize questions, manage time): Amy Zwarico
• Host (Manage/Control Bridge functions):  You can appoint an alternate host, but we recommend that the Moderator and the Host be the same person.
• Interested In Attending: Pawel Pawlak  Samuli Kuusela

...

Holistic view of ONAP security

• Short Description:  Full view of ONAP security

• Community:  ONAP
• Detailed Description: 
  • Access control
  • Hardening
  • Logging
  • Gaps identified
• Topic Leader(s): Krzysztof Opasiak Amy Zwarico 
• Scribe (Capture important commentary and record action items): Pawel Pawlak 
• Moderator (Monitor Chat, organize questions, manage time): Krzysztof Opasiak name1
• Host (Manage/Control Bridge functions):  You can appoint an alternate host, but we recommend that the Moderator and the Host be the same person.
• Expected duration: 60 mins
• Interested In Attending: Pawel Pawlak Amy Zwarico Krzysztof Opasiak Samuli Kuusela

...

ONAP: SECCOM Guilin security requirements update

• Short Description:  Review of priorities for Guilin release from Security Subcommittee perspective with split into priorities.

• Community:  ONAP
• Detailed Description:
  • Priority1:

    • Updates of the languages (java from v8 -> v11 and Python 2.7 -> to 3.x) – Interns from LFN could be gained

    • Updates of directly dependent software components (Here we are thinking about benefiting from LFN Interns that could support projects in their packages upgrades, in addition the new version of Nexus-IQ is able to display components with direct and indirect dependencies, we should define priorities, release manager should help in coordination between projects) 

    • Automated security testing – containers not running as root – SDNC good example 

    • Increase the number of CIS Docker Benchmark checks in the Integration healthchecks.

  • Priority2:

    • Secrets management

    • No root access to the DB from main application container. Currently we have some pods (i.e. OOF) that require root access to their mariadb-galera instance for main application to work. This is obviously a security issue. Each application should have its own DB account that allows to access only its own DB.

    • All config files inside the main container should be ReadOnly There are some weird design like in APPC where main container modifies properties provided by the user at runtime. I believe that application configuration should be read only.

  • Priority3:

    • Increase of code coverage (to be honest in Frankfurt release it seems that not that much happened) – each project was supposed to propose a % feasible for them and follow the actions to achieve it.

    • CII badging

  • High priority SECCOM initiative - service mesh recommendation

  • SECCOM initiative: OJSIs to be solved

  • SECCOM initiative: https communication

  • SECCOM initiative: User access management

  • SECCOM initiative:: ONAP MVP 

  • SECCOM initiative: Flow management 

  • SECCOM initiative: Logs management

• Topic Leader(s): Pawel Pawlak , Amy Zwarico Krzysztof Opasiak Tony Hansen Natacha Mach
• Scribe (Capture important commentary and record action items): Amy Zwarico
• Moderator (Monitor Chat, organize questions, manage time): Pawel Pawlak
• Host (Manage/Control Bridge functions):  You can appoint an alternate host, but we recommend that the Moderator and the Host be the same person.
• Expected duration: 60 mins
• Interested In Attending: Pawel Pawlak Samuli Kuusela

...

ONAP: ETSI NFV modeling and API

...

• Short Description:  Deploying CNFs onto OpenShift via ONAP4K8s
• Community:  ONAP
• Detailed Description: In this session, we will describe the process of deploying CNFs on RedHat OpenShift platform by using the ONAP4K8s profile of ONAP. We will highlight the changes that need to be done in the CNF packaging to support this onboarding process, and some of the challenges that we encountered along the way.  
• Topic Leader(s):  Sandeep Sharma
• Scribe (Capture important commentary and record action items): Sriram Rupanagunta
• Moderator (Monitor Chat, organize questions, manage time): Sriram Rupanagunta
• Host (Manage/Control Bridge functions):  Sriram Rupanagunta
• Expected Duration: 30 minutes
• Interested In Attending: Pawel Pawlak Samuli Kuusela

ONAP: Developing environment for ONAP Certification exam

...