06-05-2023 TSC Meeting Minutes

TSC Meeting Zoom link

Meeting Recording: 

Meeting Chat File: 

Attendees & Representation. Please add your name to the attendance table below.

LF Staff: LJ Illuzzi 

Agenda

• LF Antitrust Policy

• Meeting note taker

• Welcome new attendees

• Issue discussion/Dev updates
  • Lead off with RBAC https://github.com/l3af-project/l3af-arch/discussions/57
• Release Management (Dhivya)
• LFN Developer & Testing Forum June 2023 - Review calendar/L3AF Schedule

• Optimising Traffic Mirroring
• AOB

• General Topics (cover as needed)

  • Use Cases

  • Roadmap

  • Project structure

    • Governance

    • Technical Steering Committee

Minutes/Updates

• Issue discussion/Dev updates
  • L3AF R2
    • RBAC https://github.com/l3af-project/l3af-arch/discussions/57
      • Option 1: RBAC framework using x.509 PKI Certificate Attributes
        • Not every CA will issue those types of certs (w/usernames)
      • Option 2 OATH
        • No work required. Just consume already existing resources.
        • Many enterprises already using it.
          • ex: Windows Active Directory
      • Option 3. Digital Signature based Authorization with mTLS
        • Minimal overhead.
        • Partly extensible. Partly standards compliant.
        • Protocols mature, framework not so mature.
      • Option 4. SHA256 Hash based Authorization with mTLS
        
        • Don't want l3af to be the actual auth service.
        • Custom implementation
    • We don't want to take ownership by building our own RBAC
      • Building an e2e RBAC does not align with L3AF goals
        • Also managing the RBAC lifecycle
      • Enterprises should use their own control plane to manage L3AFd
      • Supporting only 2 roles at first is okay, but we have to be extensible
      • Most enterprises will have central control.
        • Leave it up to them.
      • Option 2. mTLS with OAuth 2.0 Client Authentication, but:
        • If nobody is going to use anything other than read/write then we do not need to build RBAC now.
          • Give a recommendation on how to integrate RBAC
            • Document how L3AFd could integrate with the above
    • https://github.com/l3af-project/l3afd/pull/229
    • https://github.com/l3af-project/l3afd/pull/242
    • Loading XDP and TC program blockers
      • https://github.com/l3af-project/l3afd/issues/191
      • https://github.com/florianl/go-tc/issues/17 - Need to update our issue.
  • L3AFD v2.1
  • L3AF on Windows
    • LFN Mentorship Program for L3AF on Windows

• Release Management

• LFN Developer & Testing Forum June 2023 - June 6-8, 2023. Virtual event
  • Review calendar/L3AF Schedule
  • Link to L3AF topic submissions: 
  • Topics Submission Page
  • Virtual D&TF session guidelines
  • Reminder to Register
  • Best place for marketing the project- this is how we grow the community within LF/LFN
  • Question: should June 6 TSC meeting be canceled so the community can attend D&TF? (many LFN communities will cancel TSC meetings that week in lieu of D&TF).

• Optimising Traffic Mirroring (Arunkanth) Link

• Any Other Business

Action Items

• Dhivya R Release Management Plan- add milestones for testing, documentation, package. What else is needed from a delivery standpoint?
• LJ Illuzzi  Open SSF Scorecard. Is it visible on LFX Security
• LJ Illuzzi Draft LFN Board response to eBPF standards

Future Agenda Items

Start with 

• RBAC https://github.com/l3af-project/l3af-arch/discussions/57