Date   
T Shirt size definitions

Amy Zwarico
 

This link includes the definitions of T Shirt size for the Guilin release.

https://wiki.onap.org/display/DW/Guilin+Release+Requirements

 

Amy Zwarico, LMTS

Chief Security Office / Platform Security

AT&T Services

(205) 613-1667

 

URGENT - Proposal for Onboarding students / ONAP Project Liaison - Are you interested?

Catherine LEFEVRE
 

Good morning ONAP SECCOM and PTLs,

 

LF Networking projects create release artifacts across the open source networking stack from expert perspectives.

 

Consequently, end users attempting to integrate LFN projects into their stacks, labs, and networks can experience varying outcomes based on the skill level of the technician installing the software. Identified as a potential key blocker to project update, LFN staff are proposing a simple task/review user experience test utilizing university students to perform specific onboarding tasks and chronicle their experiences.

 

LFN staff will be responsible for structuring the program, coordinating the relationship with universities, and administering the rewards.

Project leadership will need to define tasks, desired feedback, and provide basic support to the volunteers.

 

Specific skill levels of student volunteers can be specified in advance -- with initial pilots focused on Computer Science students.

I believe that this initiative can help us to progress on our non-functional requirements.

Task definitions should indicate specific outcomes, time frames, and support paths if needed (i.e. when technically blocked from completing the necessary tasks).

 

Project or SECCOM Subcommittee investments

A first pass of the needed resources to produce good outcomes includes:

1. LFN PM oversight to engage with project TSCs and identify a project liaison

2. LFN PM oversight to connect the project liaison with the test volunteer

3. Project liaison that will set the assignment, milestones, deliverables, and provide basic support if needed

4. University test volunteer to recruit and provide local assistance (if needed)

5. LF staff to administer “thank you” packages and a “Newbie Survey” to test volunteers

 

Known challenges

Securing test volunteers and project liaisons

  1. Avoiding complexity requiring unsustainable project liaison support
  2. Processing the feedback and insights into tangible, practical improvements
  3. Scaling the idea across many campuses - think https://userbrain.net/ for networking
  4. products
  5. Delivering more value to LFN projects than resources it consumes
  6. Making it a sustainable process

 

Implementation Process

1. Consult project leadership to recruit project liaison (LFN Staff)

2. Define 4 - 6 hour task related to getting started with the project (Project Liaison)

a. Task to include:

i. Clear beginning state

ii. Clear final objective

iii. Instructions

iv. Support channel

3. Recruit appropriately skilled test volunteer to participate (LFN Staff)

4. Conduct the onboarding test (Test Volunteer)

a. Collect screenshots along the way to document progress

b. Answer support questions

c. Conclude the test and complete newbie survey

5. Reward test volunteers (LFN Staff)

6. Present results showing the points where help was needed and elapsed time (Project Liaison)

7. Project remediation plans (Project Leadership)

 

If you are interested to be the ONAP Project Liaison with LFN to support this initiative then can you please contact me before Friday July 24th EOD?

 

Many thanks & regards

Catherine

 

 

Catherine Lefèvre

AVP Software Development & Engineering

 

AT&T Labs – Network Cloud and SDN Platform Integration

SDN Platform & Systems

ECOMP/RUBY/SPP-NEAM-Appl. Servers/SIA

ONAP TSC Chair

 

       

 

Phone: +32 2 418 49 22

Mobile: +32 475 77 36 73

catherine.lefevre@...

 

TEXTING and DRIVING… It Can Wait

AT&T

BUROGEST OFFICE PARK SA

Avenue des Dessus-de-Lives, 2

5101 Loyers (Namur)

Belgium                                                   

 

 

NOTE: This email (or its attachments) contains information belonging to the sender, which may be confidential. proprietary and/or legally privileged. The information is intended only for the use of the individual(s) or entity(ies) named above. If you are not the intended recipient, you are hereby notified that any disclosure, distribution or taking of any action in reliance on the content of this is strictly forbidden. If you have received this e-mail in error please immediately notify the sender identified above.

 

Re: Guilin M1 - CII Badging Update

Catherine LEFEVRE
 

Here is the JIRA query containing

labels = relman AND fixversion = "Guilin Release" AND "Epic Link" = "R7 M1 Planning" AND project not in (SANDBOX, CIMAN) AND type = Task AND summary ~ "cii"  ORDER BY status ASC, updated ASC

 

Best regards

Catherine

 

From: Lefevre, Catherine
Sent: Wednesday, July 8, 2020 11:25 AM
To: 'onap-seccom@...' <onap-seccom@...>
Subject: Guilin M1 - CII Badging Update
Importance: High

 

Good morning ONAP SECCOM,

 

As part of the Guilin M1, we are asking to the PTLs to update their CII Badging.

There is a specific M1 JIRA Management ticket per project.

Please review PTL’s feedback and let us know if any concern.

 

Many thanks & regards

Catherine

 

Catherine Lefèvre

AVP Software Development & Engineering

 

AT&T Labs – Network Cloud and SDN Platform Integration

SDN Platform & Systems

ECOMP/RUBY/SPP-NEAM-Appl. Servers/SIA

ONAP TSC Chair

 

       

 

Phone: +32 2 418 49 22

Mobile: +32 475 77 36 73

catherine.lefevre@...

 

TEXTING and DRIVING… It Can Wait

AT&T

BUROGEST OFFICE PARK SA

Avenue des Dessus-de-Lives, 2

5101 Loyers (Namur)

Belgium                                                   

 

 

NOTE: This email (or its attachments) contains information belonging to the sender, which may be confidential. proprietary and/or legally privileged. The information is intended only for the use of the individual(s) or entity(ies) named above. If you are not the intended recipient, you are hereby notified that any disclosure, distribution or taking of any action in reliance on the content of this is strictly forbidden. If you have received this e-mail in error please immediately notify the sender identified above.

 

Guilin M1 - CII Badging Update

Catherine LEFEVRE
 

Good morning ONAP SECCOM,

 

As part of the Guilin M1, we are asking to the PTLs to update their CII Badging.

There is a specific M1 JIRA Management ticket per project.

Please review PTL’s feedback and let us know if any concern.

 

Many thanks & regards

Catherine

 

Catherine Lefèvre

AVP Software Development & Engineering

 

AT&T Labs – Network Cloud and SDN Platform Integration

SDN Platform & Systems

ECOMP/RUBY/SPP-NEAM-Appl. Servers/SIA

ONAP TSC Chair

 

       

 

Phone: +32 2 418 49 22

Mobile: +32 475 77 36 73

catherine.lefevre@...

 

TEXTING and DRIVING… It Can Wait

AT&T

BUROGEST OFFICE PARK SA

Avenue des Dessus-de-Lives, 2

5101 Loyers (Namur)

Belgium                                                   

 

 

NOTE: This email (or its attachments) contains information belonging to the sender, which may be confidential. proprietary and/or legally privileged. The information is intended only for the use of the individual(s) or entity(ies) named above. If you are not the intended recipient, you are hereby notified that any disclosure, distribution or taking of any action in reliance on the content of this is strictly forbidden. If you have received this e-mail in error please immediately notify the sender identified above.

 

Cancelled Event: #seccom Subcommittee (UTC) - Tuesday, 23 June 2020 #seccom #cal-cancelled

onap-seccom@lists.onap.org Calendar <onap-seccom@...>
 

Cancelled: #seccom Subcommittee (UTC)

This event has been cancelled.

When:
Tuesday, 23 June 2020
1:00pm to 2:00pm
(UTC+00:00) UTC

Where:
https://zoom.us/j/793296315

Organizer: Pawel Pawlak pawel.pawlak3@...

Description:

https://zoom.us/j/793296315

One tap mobile

+16465588656,,793296315# US (New York)

+16699006833,,793296315# US (San Jose)

Dial by your location

+1 646 558 8656 US (New York)

+1 669 900 6833 US (San Jose)

877 369 0926 US Toll-free

855 880 1246 US Toll-free

Meeting ID: 793 296 315

Find your local number: https://zoom.us/u/aedFyNdWz8

Canceled: ONAP SECCOM Documentation (13:00 UTC)

Harald Fuchs
 

Canceled as discussed in the last meeting (28.5.2020)

 

 

Dear all,

finally after pushing the slot back and forth I was able to use the slot we agreed in Prag.

So this should become the meeting to discuss and provide the documentation we want to

deliver for the ONAP community addressing the SECCOM work results.

Target is read-the-docs :-).

Kind regards

Harald

ONAP SECCOM weekly meeting - 19/05/2020 Agenda proposal

Pawel Pawlak
 

Hello,

Please find below the agenda proposal for our tomorrow’s meeting.

  • Non functional SECCOM requirements for Guilin release (Wiki to be updated)
  • AAF removal proposal
  • OOM testing requirements

 

Best regards

 

Pawel Pawlak | Product Owner

Service Provider

ONAP SECCOM Chair

Mobile +48 501 501 030  

signature_1253180772

NGINX is now part of F5. See why we’re better together

 

 

Service Mesh Risk Analysis

Amy Zwarico
 

Shortening today’s call to 30min.

 

https://zoom.us/j/793296315 ( https://zoom.us/j/793296315 )

 

Canceled: ONAP SECCOM Documentation (13:00 UTC)

Harald Fuchs
 

No good fortune for these meetings. I have parallel assignements...

KR

Harald

 

 

 

 

Dear all,

finally after pushing the slot back and forth I was able to use the slot we agreed in Prag.

So this should become the meeting to discuss and provide the documentation we want to

deliver for the ONAP community addressing the SECCOM work results.

Target is read-the-docs :-).

Kind regards

Harald

FW: [onap-tsc] ESR Subproject status

Jimmy Forsyth
 

Dear ONAP Seccom,

 

Please see the below – AAI/ESR seeks a waiver to run the El Alto version of its containers.  This means that we will not meet the requirement to run the containers as a non-root user.

 

Thanks,

jimmy

 

From: <onap-tsc@...> on behalf of "LEFEVRE, CATHERINE" <catherine.lefevre@...>
Reply-To: "onap-tsc@..." <onap-tsc@...>
Date: Tuesday, May 12, 2020 at 5:30 PM
To: "onap-tsc@..." <onap-tsc@...>, "andreas-geissler@..." <andreas-geissler@...>, "sylvain.desbureaux@..." <sylvain.desbureaux@...>, "Yang, Bin" <Bin.Yang@...>, "morgan.richomme@..." <morgan.richomme@...>, "k.opasiak@..." <k.opasiak@...>, "he.peng6@..." <he.peng6@...>
Cc: WILLIAM E REEHIL <wr148d@...>, "AGGARWAL, MANISHA" <amanisha@...>, VIVIAN A PRESSLEY <vp1234@...>, Steven Blimkie <Steven.Blimkie@...>, HARISH V KAJUR <vk250x@...>
Subject: Re: [onap-tsc] ESR Subproject status

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.


Thanks Jimmy.

So let’s move with Option #1 except if any concern is raised then we can discuss during the next TSC (if required)

 

Best regards

Catherine

 

From: onap-tsc@... <onap-tsc@...> On Behalf Of FORSYTH, JAMES
Sent: Tuesday, May 12, 2020 5:37 PM
To: onap-tsc@...; andreas-geissler@...; sylvain.desbureaux@...; Yang, Bin <Bin.Yang@...>; morgan.richomme@...; k.opasiak@...; he.peng6@...
Cc: REEHIL, WILLIAM E <wr148d@...>; AGGARWAL, MANISHA <amanisha@...>; PRESSLEY, VIVIAN A <vp1234@...>; Steven Blimkie <Steven.Blimkie@...>; KAJUR, HARISH V <vk250x@...>
Subject: Re: [onap-tsc] ESR Subproject status

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Hi, Catherine,

 

To the best of my knowledge, the El Alto containers work.  He Peng, Andreas or the Integration team can weigh in here, as well.

 

Thanks,

jimmy

 

From: <onap-tsc@...> on behalf of "LEFEVRE, CATHERINE" <catherine.lefevre@...>
Reply-To: "onap-tsc@..." <onap-tsc@...>
Date: Tuesday, May 12, 2020 at 11:25 AM
To: "onap-tsc@..." <onap-tsc@...>
Cc: WILLIAM E REEHIL <wr148d@...>, "AGGARWAL, MANISHA" <amanisha@...>, VIVIAN A PRESSLEY <vp1234@...>, Steven Blimkie <Steven.Blimkie@...>, HARISH V KAJUR <vk250x@...>
Subject: Re: [onap-tsc] ESR Subproject status

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.


Good morning Jimmy,

 

Thank you for bringing this issue to ONAP TSC’s attention.

 

Considering where we are with the Frankfurt release, we urgently need to stabilize ONAP therefore option #2 is no more viable.

 

I tend to suggest option #1 is aligned with the former TSC decision made on Nov 14th, 2014 i.e. re-use El Alto containers except if any blocking issue are identified during the Frankfurt testing cycle by the Integration Team. Any other finding (security, non-blocking issue) should be documented in the Frankfurt Release Note)

Have we a confirmation that ESR El-alto containers are OK?

 

Many thanks and regards

Catherine

From: onap-tsc@... <onap-tsc@...> On Behalf Of FORSYTH, JAMES
Sent: Monday, May 11, 2020 5:20 PM
To: onap-tsc@...
Cc: REEHIL, WILLIAM E <wr148d@...>; AGGARWAL, MANISHA <amanisha@...>; PRESSLEY, VIVIAN A <vp1234@...>; Steven Blimkie <Steven.Blimkie@...>; KAJUR, HARISH V <vk250x@...>
Subject: [onap-tsc] ESR Subproject status

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Dear ONAP TSC,

 

There has been an ongoing search for resources to support the ESR subproject, and the lack of an updated and working ESR component in the Frankfurt Release needs attention.

 

Background:

 

The original code was part of Open-O and was originally proposed as a standalone project, but ESR was assigned by the TSC to be a subproject of AAI at Release 1.  ESR was fully supported by Zi Li and Qi Sun from ZTE until the Casablanca release. They left the project and for the last few releases I have been trying to find resources who can take responsibility for this subproject.  ZTE staff, first Lv Bo and then He Peng, have volunteered to take over and both asked to be committers for the project.  Since community rules require that an individual can only be considered for promotion to committer if he or she has a track record of contributions, I have asked both Lv Bo and He Peng to make needed code commits and add design documentation or other planning documents in order to establish a history of significant contribution to the project and provide proof that they are SME on the technologies.  Lv Bo was unable to contribute and is no longer active and He Peng has been earnestly trying.  He has made good contributions to update 3rd party dependencies and I am hoping to recommend him as committer, but I judge that I cannot until I have an updated and functional ESR component.

 

Earlier in Frankfurt I raised this concern and asked if the project can be de-scoped due to lack of resources, but it was determined by the TSC that ESR was still necessary to support flows in multicloud.  At that point it was agreed that ESR would use the El Alto containers in the Frankfurt release with some updates to AAI config to unblock testing.

 

Current issue:

 

The integration team is requiring that containers be updated to run as non-root.  He Peng and I tried to produce a container from the Frankfurt branch that would meet the requirement, but to this point we have not seen a successful test with the updated containers.

 

Options in Frankfurt:

 

  1. Use the El Alto version of the ESR containers and get a waiver from SECCOM for security issues
  2. Find a resource who can fix the existing ESR containers and bring them inline with Frankfurt security requirements
  3. Descope ESR from the Frankfurt release and document a workaround for performing the ESR workflows by directly calling the AAI REST API or using CLI

 

For Guilin:

 

The ONAP Community needs to establish a plan for ongoing support for the ESR component.  I have recommended a review by the Arch subcommittee.

 

Thanks,

Jimmy Forsyth

A&AI PTL

PD: SECCOM / OOM requirements for Guilin

Pawel Pawlak
 

Please review Sylvain’s proposal, so it could be discussed next week at the SECCOM.

Best regards

 

Pawel Pawlak | Product Owner

Service Provider

ONAP SECCOM Chair

Mobile +48 501 501 030  

signature_1253180772

NGINX is now part of F5. See why we’re better together

 

 

Od: sylvain.desbureaux@... <sylvain.desbureaux@...>
Wysłano: wtorek, 5 maja 2020 15:01
Do: Pawel Pawlak <p.pawlak@...>; ZWARICO, AMY <az9121@...>; Krzysztof Opasiak <k.opasiak@...>
DW: RICHOMME Morgan TGI/OLN <morgan.richomme@...>
Temat: SECCOM / OOM requirements for Guilin

 

EXTERNAL MAIL: sylvain.desbureaux@...

Hi dear SECCOM experts!

 

I've made a mail to PTLs last weeks with "OOM requirements" for Guilin.

I believe that most of these requirements are also "shared" by SECCOM.

Here's the list I want to push:

 

* No more than 1 main process per container.

* All logs to STDOUT

* All upstream components should use an upstream (dockerhub, googlehub, ...) version

* You must be compatible with Mariadb 10.4.12 if used

* You must be compatible with PostgreSQL 12.2 if used

* You must be compatible with Cassandra 3.11.6 if used

* You must be compatible with MongoDB 4.2.2 if used

* You must be compatible with ElasticSearch 7.6.2 if used

* You must be compatible with etcd 3.4.7

* You must use common chart for Mariadb, PostgreSQL, Cassandra, MongoDB, ElasticSearch or Etcd if used

* You must be able to run without AAF, even in "degraded" (but functional) mode

* You must be able to run without MSB

* You must be able to serve HTTP traffic (HTTPS by default for external traffic but HTTP allowed)

* You must be able to use HTTP as client for every internal requests

* No root access to any Database from application container (at least for MariaDB, PostgreSQL and Cassandra -- when we move to bitnami/cassandra)

* No configuration generation using sed in the application container

* Your application must crash properly (if your component fails, it must exit with code > 0, and not wait or exit with code 0)

* Certificates must not be in docker or helm chart

 

I've also this one on top but not seccom related:

 

* Commit messages must be meaningful and follow the format shown below.

 

So for the first one, have you already created such requirements? if no, do you want me to create them or do you prefer to do so?

 

Regards,

Sylvain

 

_________________________________________________________________________________________________________________________
 
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: Service Mesh Risk Analysis

Krzysztof Opasiak
 

On 30.04.2020 16:18, Amy Zwarico wrote:
Service Mesh is a POC only for Guilin.
*From:* onap-seccom@... <onap-seccom@...> *On Behalf Of *fabian.rouzaut via lists.onap.org
*Sent:* Thursday, April 30, 2020 9:17 AM
*To:* onap-seccom@...
*Subject:* [onap-seccom] Service Mesh Risk Analysis
Sorry, just to complete the talk around service mesh (before I forget).
If we are using service mesh and ingress controller, the different component don’t need to manage the TLS, that mean the requirement for Guillin for projets to manage the TLS is wrong?
The requirement was for Frankfurt.

We never mandated TLS between components just for outside of the cluster and yes if we go with service mesh this will be automatically solved.

The problem is that we estimate that it may take us up to H or even I release to integrate that and we don't want to release next 2-3 version without basic security mechanisms...

For discussion Tuesday
Logo Orange <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.orange.com_&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=iNosnZ-59sZVf-C4HoxYGFr9hvLE3kqmMLcqUGjQN2k&m=laitlLJRUA_2qUfesJB587fSFsTfXdQ6enzesUxZosY&s=0g-chb2IPB3lOwe5anFk5Q7w2MxfvnSk1Lz_GSsSClY&e=>
*Fabian Rouzaut *
Ingénieur conception Sécurité pour l’Orchestrateur
Orange/TGI/OLN/CNC/SECRES/SIN
Fixe : +33 2 96 07 15 55 <https://protect2.fireeye.com/url?k=b8852ab8-e54b2b6b-b884a1f7-000babff317b-103ac6917fd20b0b&q=1&u=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__monsi.sso.francetelecom.fr_index.asp-3Ftarget-3Dhttp-253A-252F-252Fclicvoice.sso.francetelecom.fr-252FClicvoiceV2-252FToolBar.do-253Faction-253Ddefault-2526rootservice-253DSIGNATURE-2526to-253D-2B33-25202-252096-252007-252015-252055%26d%3DDwMFAw%26c%3DLFYZ-o9_HUMeMTSQicvjIg%26r%3DiNosnZ-59sZVf-C4HoxYGFr9hvLE3kqmMLcqUGjQN2k%26m%3DlaitlLJRUA_2qUfesJB587fSFsTfXdQ6enzesUxZosY%26s%3D9nF50eVROOlO2FGg5-r_P8_QcSDz99-Zck88koqkH_k%26e%3D>
Mobile : +33 6 86 07 57 38 <https://protect2.fireeye.com/url?k=8c294900-d1e748d3-8c28c24f-000babff317b-ac049c779f6fe7ad&q=1&u=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__monsi.sso.francetelecom.fr_index.asp-3Ftarget-3Dhttp-253A-252F-252Fclicvoice.sso.francetelecom.fr-252FClicvoiceV2-252FToolBar.do-253Faction-253Ddefault-2526rootservice-253DSIGNATURE-2526to-253D-2B33-25206-252086-252007-252057-252038%26d%3DDwMFAw%26c%3DLFYZ-o9_HUMeMTSQicvjIg%26r%3DiNosnZ-59sZVf-C4HoxYGFr9hvLE3kqmMLcqUGjQN2k%26m%3DlaitlLJRUA_2qUfesJB587fSFsTfXdQ6enzesUxZosY%26s%3D8mdlCP8eh0Gc8aXoFhod22e56lWKK00x88YTDFV8TxY%26e%3D>
fabian.rouzaut@... <mailto:fabian.rouzaut@...>
Orange Labs Lannion
OLN/CNC/NCS/IOS
2 avenue Pierre Marzin
22307 Lannion Cedex
France
www.orange.com <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.orange.com&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=iNosnZ-59sZVf-C4HoxYGFr9hvLE3kqmMLcqUGjQN2k&m=laitlLJRUA_2qUfesJB587fSFsTfXdQ6enzesUxZosY&s=_y_7HfafAEdZ-9g2FtOXpFN4ztAto36mPBMZSu4PO20&e=> _________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics

Re: Service Mesh Risk Analysis

Amy Zwarico
 

Service Mesh is a POC only for Guilin.

 

From: onap-seccom@... <onap-seccom@...> On Behalf Of fabian.rouzaut via lists.onap.org
Sent: Thursday, April 30, 2020 9:17 AM
To: onap-seccom@...
Subject: [onap-seccom] Service Mesh Risk Analysis

 

Sorry, just to complete the talk around service mesh (before I forget).

 

If we are using service mesh and ingress controller, the different component don’t need to manage the TLS, that mean the requirement for Guillin for projets to manage the TLS is wrong?

 

For discussion Tuesday

 

Logo Orange

 

Fabian Rouzaut
Ingénieur conception Sécurité pour l’Orchestrateur
Orange/TGI/OLN/CNC/SECRES/SIN

 

Fixe : +33 2 96 07 15 55
Mobile : +33 6 86 07 57 38
fabian.rouzaut@...

 

Orange Labs Lannion
OLN/CNC/NCS/IOS
2 avenue Pierre Marzin

22307 Lannion Cedex
France
www.orange.com

 

 

_________________________________________________________________________________________________________________________
 
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Service Mesh Risk Analysis

fabian.rouzaut@...
 

Sorry, just to complete the talk around service mesh (before I forget).

 

If we are using service mesh and ingress controller, the different component don’t need to manage the TLS, that mean the requirement for Guillin for projets to manage the TLS is wrong?

 

For discussion Tuesday

 

Logo Orange

 

Fabian Rouzaut
Ingénieur conception Sécurité pour l’Orchestrateur
Orange/TGI/OLN/CNC/SECRES/SIN

 

Fixe : +33 2 96 07 15 55
Mobile : +33 6 86 07 57 38
fabian.rouzaut@...

 

Orange Labs Lannion
OLN/CNC/NCS/IOS
2 avenue Pierre Marzin

22307 Lannion Cedex
France
www.orange.com

 

 

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Service Mesh Risk Analysis

Amy Zwarico
 

I am having trouble opening zoom.

 

Amy Zwarico, LMTS

Chief Security Office / Platform Security

AT&T Services

(205) 613-1667

 

ONAP SECCOM Documentation (13:00 UTC)

Harald Fuchs
 

Dear all,

really sorry, but I have to move this another time. Due to other assignments I have not been able to use the time (I had reserved ...) to prepare this and also today is full...

I’m still positive that things will improve for my ONAP work and hope it does not come across as “ducking out”.

KR

Harald

 
-------------------------------
IMPORTANT: DATA AND INFORMATION PROTECTION
-------------------------------

 
WebEx Meetings are released for use up to protection class "CONFIDENTIAL".
 
-------------------------------
MEETING DATA
-------------------------------

 
Meeting-ID: 847 740 402
Meeting Password: BApYJsjH358 
 
-------------------------------
Join the WEB CONFERENCE
-------------------------------

 
Click this link:
https://dtag.webex.com/dtag-en/j.php?MTID=mca4294f185217a1557c8e16a0a987e4e
If you are a participant, please enter your name and press "Join Meeting".
 
Alternatively go to
https://dtag.webex.com and enter your Meeting-ID.
 
PLEASE PAY ATTENTION: KEYBOARD AND MOUSE SHARING IS ONLY PERMITTED FOR DTAG EMPLOYEES.
 
Join from a video system or application
Dial 847740402@... 
You can also dial 62.109.219.4 and enter your meeting number.  
 

Join using Microsoft Lync or Microsoft Skype for Business

Dial 847740402.dtag@...

 
-------------------------------
Enter the AUDIO CONFERENCE
-------------------------------

 
1. Dial +49 69 791 2290
2. When asked, enter your Meeting-ID
 
Dial in with Cisco Jabber version 11.0 and higher:
tel:+49697912290,,,,2#,,,,847740402#
 
-------------------------------
International dial-in numbers
-------------------------------

 
If you have connection problems with an international dial-in number, or if there is no dial-in number for your country, please use the German dial-in number.
 
Germany: +49 69 791 2290
Austria: +43 18909080
Brazil: +55 1125967383
Croatia: +38 514917770
Denmark: +45 78774290
Finland: +358 931579190
France: +33 155941414
Greece: +30 2106112599
Hungary (landline): +36 12659800
Hungary (mobile): +36 309309800
Ireland: +353 212439299
Macedonia: +389 23242046
Malaysia: +603 83133231
Montenegro: +382 20433795
Poland: +48 224137788
Romania: +40 214006130
Russia: +7 8126776286
Singapore: +65 65106233
Slovakia mobile: +421 557858888
Spain: +34 830830001
Sweden: +46 840311290
Switzerland: +41 445769990
UK: +44 2036301290
USA (for customers): +1 3312147700
USA (for customers): +1 3312147999
 
 
For additional information, please go to DTAG Intranet:
http://webex.telekom.de/en
 
 
-------------------------------
Cisco Jabber
-------------------------------

 
Germany:
tel:+49697912290,,,,847740402#
Austria:
tel:+4318909080,,,,847740402#
Brazil:
tel:+551125967383,,,,847740402#
Croatia:
tel:+38514917770,,,,847740402#
Denmark:
tel:+4578774290,,,,847740402#
Finland:
tel:+358931579190,,,,847740402#
France:
tel:+33155941414,,,,847740402#
Greece:
tel:+302106112599,,,,847740402#
Hungary (landline):
tel:+3612659800,,,,847740402#
Hungary (mobile):
tel:+36309309800,,,,847740402#
Ireland:
tel:+353212439299,,,,847740402#
Macedonia:
tel:+38923242046,,,,847740402#
Malaysia:
tel:+60383133231,,,,847740402#
Montenegro:
tel:+38220433795,,,,847740402#
Poland:
tel:+48224137788,,,,847740402#
Romania:
tel:+40214006130,,,,847740402#
Russia:
tel:+78126776286,,,,847740402#
Singapore:
tel:+6565106233,,,,847740402#
Slovakia mobile:
tel:+421557858888,,,,847740402#
Spain:
tel:+34830830001,,,,847740402#
Sweden:
tel:+46840311290,,,,847740402#
Switzerland:
tel:+41445769990,,,,847740402#
UK:
tel:+442036301290,,,,847740402#
USA (for customers):
tel:+13312147700,,,,847740402#
USA (for customers):
tel:+13312147999,,,,847740402#

 

Logging Deck

Amy Zwarico
 

Please provide feedback on the logging deck by tomorrow so that it can be sent to the TSC for review. The link to the ppt is on the SECCOM meeting minutes page https://wiki.onap.org/pages/viewpage.action?pageId=84640840.

Best regards,

Amy Zwarico, LMTS

Chief Security Office / Platform Security

AT&T Services

(205) 613-1667

 

IAM requirement

fabian.rouzaut@...
 

Hello all,

Two remarks around the IAM requirements.

 

1)

SECCOM-136

ONAP MUST support the creation of multiple unique IDs so that individual accountability can be supported.

 

For our point of view must be:

ONAP MUST support the creation of multiple unique IDs so that individual accountability is supported.

 

2)

I didn’t find any requirement around the Traceability

 

New

ONAP MUST associate each action to a responsible user and logged in order to be exported to an external component (e.g. Syslog, SIEM/SOC, etc.)

 

For discussion topic  during  the Tuesday meeting.

 

Br

Fabian

 

 

 

Logo Orange

 

Fabian Rouzaut
fabian.rouzaut@...

 

 

 

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Service Mesh Risk Analysis

Amy Zwarico
 

I have moved the May 1 Service Mesh Risk Analysis meeting to April 30 and the May 8 meeting to May 7.

The meetings will be at UTC 13:00 to avoid conflict with the TSC call that begins at UTC 14:00.

 

Amy Zwarico, LMTS

Chief Security Office / Platform Security

AT&T Services

(205) 613-1667

 

Service Mesh Risk Analysis

Amy Zwarico
 

Moving one day earlier because of bank holiday

 

https://zoom.us/j/793296315 ( https://zoom.us/j/793296315 )