Date   

Re: VNF Security Requirements Refresh for El Alto - 2019/9/5 Meeting Minutes

Hampus Tjader
 

Dear Seccom,

 

 

After initial community feedback, we have decided to take a softer position on these three HTTPS requirements. This for faster reaching an alignment in the community. For not using too much time of the SECCOM meeting today, I will instead send this suggested updates over mail prior to the meeting.

 

 

  • VNFRQTS-692
    • Proposed modification:
      • VNF or PNF MUST support one of the following authentication methods for authenticating HTTPS connections to the DCAE VES Event Listener:
        - The preferred method is certificate authentication
        - The non-preferred option is Basic authentication
    • Reason: In the current formulation of the HTTPS requirements it is not clear that certificate authentication is the primary solution. We are suggesting a clearer formulation that Basic Auth or Certificate Auth must be supported.
  • VNFRQTS-693
    • Proposed modification:
      • If the VNF or PNF is using Certificate Authentication, the VNF or PNF MUST support mutual TLS authentication and the Subject Name in the end-entity certificate MUST be used according to RFC 5280.
    • Reason: Removal of conditional related to DCAE VES Event Listener as it should also be the case for interacting with other ONAP components. New proposal is to keep that it does only apply if certificate auth. is used.
  • VNFRQTS-694
    • Proposed modification
      • If VNF or PNF is using Basic Authentication, then the VNF or PNF MUST be in compliance with RFC 7617 for authenticating HTTPS connections to the DCAE VES Event Listener.
    • Reason: Initial proposal was to remove this requirement. Removal seems not to be an option in the community. Suggestion is instead to modify this requirement as above, hence it does only apply if basic auth. is supported by the xNF. This is a similar formulation as in 693.

 

 

Best regards,

Hampus Tjäder

 

 

Ericsson

Datalinjen 4

58330, Linköping, Sweden

Mobile: +46 107113292

ericsson.com

 

 

 

 

From: onap-seccom@... <onap-seccom@...> On Behalf Of Amy Zwarico via Lists.Onap.Org
Sent: den 8 september 2019 21:35
To: onap-seccom@...; LOVETT, TREVOR J <tl2972@...>; THORPE, HENRY E <ht1659@...>; 'Nowak, Damian (Nokia - PL/Wroclaw)' <damian.nowak@...>; 'Krzysztof Opasiak' <k.opasiak@...>; HANSEN, TONY L <tony@...>; 'Harald.Fuchs@...' <Harald.Fuchs@...>; 'Pawlak Pawel 3 - Korpo' <Pawel.Pawlak3@...>; 'Parayil, Shiby' <sparayil@...>; 'Zygmunt Lozinski' <zygmunt_lozinski@...>; 'natacha.mach@...' <natacha.mach@...>; Samuli Kuusela <samuli.kuusela@...>; 'Baniewski, Pawel (Nokia - PL/Wroclaw)' <pawel.baniewski@...>; MCCRAY, CHRISTOPHER <cm6826@...>; 'Jason Hunt' <djhunt@...>
Cc: onap-seccom@...
Subject: Re: [Onap-seccom] VNF Security Requirements Refresh for El Alto - 2019/9/5 Meeting Minutes

 

Linda Horn provided a status update for the VNF certificate requirements

1.      The review period is over

2.      Many have added +1 to the comments for  VNFRQTS-687, VNFRQTS-688, VNFRQTS-689, VNFRQTS-690, VNFRQTS-691

3.      The requirements allow both certificate and basic authentication

VNFRQTS-692: Ericsson position is that VNF MUST support certification authentication (currently a SHOULD)
VNFRQTS-693: Ericsson position is that the conditional should be removed
VNFRQTS-694: Ericsson asked to remove and have no requirement to support basic auth
This will be taken to the larger SECCOM meeting on 9/10

Configuration and monitoring requirements

1.      We completed a revision of the requirements for monitoring the configuration of a VNF

2.      Review the Jiras attached to VNFRQTS-456 (parent jira) and provide comments and +/-1 by 13 Sept.

 

 

-----Original Appointment-----
From: ZWARICO, AMY
Sent: Monday, September 02, 2019 1:15 PM
To: ZWARICO, AMY; onap-seccom@...; LOVETT, TREVOR J; THORPE, HENRY E; 'Nowak, Damian (Nokia - PL/Wroclaw)'; 'Krzysztof Opasiak'; HANSEN, TONY L; 'Harald.Fuchs@...'; 'Pawlak Pawel 3 - Korpo'; 'Parayil, Shiby'; 'Zygmunt Lozinski'; 'natacha.mach@...'; 'Samuli Kuusela'; 'Baniewski, Pawel (Nokia - PL/Wroclaw)'; MCCRAY, CHRISTOPHER; 'Jason Hunt'
Cc: MAY, JOHN; Horn, Linda (Nokia - US/Murray Hill)
Subject: VNF Security Requirements Refresh for El Alto
When: Thursday, September 05, 2019 8:00 AM-9:00 AM (UTC-06:00) Central Time (US & Canada).
Where: webex

 

 

Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the invitation to others in your organization who should participate.

 
-- Do not delete or change any of the following text. --  
 
 
Join Webex meeting  
Meeting number (access code): 735 282 790
Meeting password: wmUJCe7* 
 

Join from a video system or application
Dial 735282790@... 
You can also dial 173.243.2.68 and enter your meeting number.  
 
Join by phone 
Tap to call in from a mobile device (attendees only) 
1-844-517-1415 United States Toll Free 
1-618-230-6039 United States Toll 
Global call-in numbers  |  Toll-free calling restrictions  
 
 
Accessibility and Assistive Technologies  
Select this job aid for tips and guides to make Webex Meetings accessible to persons with disabilities who may rely on assistive technologies.
 
 
Can't join the meeting?
 
If you are a host, go here to view host information.

IMPORTANT NOTICE: Please note that this Webex service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.

 

 


Re: VNF Security Requirements Refresh for El Alto - 2019/9/5 Meeting Minutes

Amy Zwarico
 

Linda Horn provided a status update for the VNF certificate requirements
  1. The review period is over
  2. Many have added +1 to the comments for  VNFRQTS-687, VNFRQTS-688, VNFRQTS-689, VNFRQTS-690, VNFRQTS-691
  3. The requirements allow both certificate and basic authentication
  1. VNFRQTS-692: Ericsson position is that VNF MUST support certification authentication (currently a SHOULD)
  2. VNFRQTS-693: Ericsson position is that the conditional should be removed
  3. VNFRQTS-694: Ericsson asked to remove and have no requirement to support basic auth
  4. This will be taken to the larger SECCOM meeting on 9/10
Configuration and monitoring requirements
  1. We completed a revision of the requirements for monitoring the configuration of a VNF
  2. Review the Jiras attached to VNFRQTS-456 (parent jira) and provide comments and +/-1 by 13 Sept.
 
 
-----Original Appointment-----

From: ZWARICO, AMY
Sent: Monday, September 02, 2019 1:15 PM
To: ZWARICO, AMY; onap-seccom@...; LOVETT, TREVOR J; THORPE, HENRY E; 'Nowak, Damian (Nokia - PL/Wroclaw)'; 'Krzysztof Opasiak'; HANSEN, TONY L; 'Harald.Fuchs@...'; 'Pawlak Pawel 3 - Korpo'; 'Parayil, Shiby'; 'Zygmunt Lozinski'; 'natacha.mach@...'; 'Samuli Kuusela'; 'Baniewski, Pawel (Nokia - PL/Wroclaw)'; MCCRAY, CHRISTOPHER; 'Jason Hunt'
Cc: MAY, JOHN; Horn, Linda (Nokia - US/Murray Hill)
Subject: VNF Security Requirements Refresh for El Alto
When: Thursday, September 05, 2019 8:00 AM-9:00 AM (UTC-06:00) Central Time (US & Canada).
Where: webex
 
 
Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the invitation to others in your organization who should participate.
 
-- Do not delete or change any of the following text. --  
 
 
Join Webex meeting  
Meeting number (access code): 735 282 790
Meeting password: wmUJCe7* 
 

Join from a video system or application
Dial 735282790@... 
You can also dial 173.243.2.68 and enter your meeting number.  
 
Join by phone 
Tap to call in from a mobile device (attendees only) 
1-844-517-1415 United States Toll Free 
1-618-230-6039 United States Toll 
Global call-in numbers  |  Toll-free calling restrictions  
 
 
Accessibility and Assistive Technologies  
Select this job aid for tips and guides to make Webex Meetings accessible to persons with disabilities who may rely on assistive technologies.
 
 
Can't join the meeting?
 
If you are a host, go here to view host information.

IMPORTANT NOTICE: Please note that this Webex service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.
 
 


FW: [PTL] OPARENT 2.1.0 available in nexus.onap.org

Amy Zwarico
 

oparent 2.1.0 is updated with the latest non-vulnerable versions of commonly used packages where such versions exist.

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of FREEMAN, BRIAN D
Sent: Wednesday, September 04, 2019 12:05 PM
To: onap-discuss@...
Subject: [onap-discuss] [PTL] OPARENT 2.1.0 available in nexus.onap.org

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

 

ONAP PTL’s

 

Oparent 2.1.0 is available in nexus.onap.org.

Projects referencing the common versions defined in oparent should up-rev to 2.1.0

 

There were three changes from 2.0.0

 

Brian

 

 

diff --git a/dependencies/pom.xml b/dependencies/pom.xml

index b263a04..3171add 100644 (file)

--- a/dependencies/pom.xml

+++ b/dependencies/pom.xml

@@ -74,12 +74,12 @@

       <dependency>

         <groupId>commons-beanutils</groupId>

         <artifactId>commons-beanutils</artifactId>

-        <version>1.9.3</version>

+        <version>1.9.4</version>

       </dependency>

       <dependency>

         <groupId>org.apache.tomcat.embed</groupId>

         <artifactId>tomcat-embed-core</artifactId>

-        <version>9.0.14</version>

+        <version>9.0.24</version>

       </dependency>

       <dependency>

         <groupId>org.codehaus.jackson</groupId>

@@ -99,7 +99,7 @@

       <dependency>

         <groupId>org.webjars</groupId>

         <artifactId>jquery</artifactId>

-        <version>3.3.1-1</version>

+        <version>3.4.1</version>

       </dependency>

       <dependency>

         <groupId>ch.qos.logback</groupId>


Re: Vulnerabilities fixed within 60 days

Krzysztof Opasiak
 

On 08.08.2019 19:14, Krzysztof Opasiak via Lists.Onap.Org wrote:
Dear SECCOM members,

before I sent the excel to the mailing list I'd like to get your opinion
about SDNC situation.

There are some serious vulnerabilities in SDNC admportal. The SDNC Team
has been working pretty well with us even before the pentest results
publication and disabled admportal in Dublin so the vulnerability is not
exploitable any more (unless someone runs the admportal container on
their own) but it's is still there at the code level.

I'm seeking now your opinion whether or the SDNC Team can still meets
the Vulnerabilities fixed within 60 days CII Badging criteria.
Still waiting for your feedback guys;)


On 06.08.2019 23:00, Krzysztof Opasiak via Lists.Onap.Org wrote:
Dear SECCOM members,

I've just analyzed status of OJSI tickets with a view to the
"Vulnerabilities fixed within 60 days" CII Badging question.
You can find the results in the attached excel.

I plan to present the list of projects that should modify the answer
during next TSC call. Feel free to provide your input till Thursday.

Best regards,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


Re: VNF Security Requirements Refresh for El Alto - Minutes of 2019-08-29 meeting

Amy Zwarico
 

We spent most of the meeting discussing the requirements to allow an operator to harden the configuration of a VNF and to monitor (audit) that configuration. (VNFRTS-456). Three cases were enumerated.
  1. A VNF to be deployed on a virtual machine where the VNF provider delivers both the VNF application and the underlying guest OS
  2. A VNF to be deployed on a virtual machine where the VNF provider delivers the VNF application by the operator provides the underlying guest OS
  3. A containerized VNF
VNFRTS-456 has been updated with all of the VNF requirements for configuration hardening and configuration monitoring (audit).
 
-----Original Appointment-----

From: ZWARICO, AMY
Sent: Sunday, July 14, 2019 9:50 AM
To: ZWARICO, AMY; onap-seccom@...; LOVETT, TREVOR J
Cc: THORPE, HENRY E; 'Nowak, Damian (Nokia - PL/Wroclaw)'; 'Krzysztof Opasiak'; HANSEN, TONY L; 'Harald.Fuchs@...'; 'Pawlak Pawel 3 - Korpo'; 'Parayil, Shiby'; 'Zygmunt Lozinski'; 'natacha.mach@...'; 'Samuli Kuusela'; 'Baniewski, Pawel (Nokia - PL/Wroclaw)'; MCCRAY, CHRISTOPHER; Jason Hunt
Subject: VNF Security Requirements Refresh for El Alto
When: Thursday, August 29, 2019 8:00 AM-9:00 AM (UTC-06:00) Central Time (US & Canada).
Where: webex
 
 
Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the invitation to others in your organization who should participate.
 
-- Do not delete or change any of the following text. --  
 
 
Join Webex meeting  
Meeting number (access code): 738 361 518
Meeting password: xtppmX?3 
 

Join from a video system or application
Dial 738361518@... 
You can also dial 173.243.2.68 and enter your meeting number.  
 
Join by phone 
Tap to call in from a mobile device (attendees only) 
1-844-517-1415 United States Toll Free 
1-618-230-6039 United States Toll 
Global call-in numbers  |  Toll-free calling restrictions  
 
 
Accessibility and Assistive Technologies  
Select this job aid for tips and guides to make Webex Meetings accessible to persons with disabilities who may rely on assistive technologies.
 
 
Can't join the meeting?
 
If you are a host, go here to view host information.

IMPORTANT NOTICE: Please note that this Webex service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.
 
 


VNF Security Requirements Refresh for El Alto

Amy Zwarico
 

Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the invitation to others in your organization who should participate.
 
-- Do not delete or change any of the following text. --  
 
 
Join Webex meeting  
Meeting number (access code): 735 282 790
Meeting password: wmUJCe7* 
 

Join from a video system or application
Dial 735282790@... 
You can also dial 173.243.2.68 and enter your meeting number.  
 
Join by phone 
Tap to call in from a mobile device (attendees only) 
1-844-517-1415 United States Toll Free 
1-618-230-6039 United States Toll 
Global call-in numbers  |  Toll-free calling restrictions  
 
 
Accessibility and Assistive Technologies  
Select this job aid for tips and guides to make Webex Meetings accessible to persons with disabilities who may rely on assistive technologies.
 
 
Can't join the meeting?
 
If you are a host, go here to view host information.

IMPORTANT NOTICE: Please note that this Webex service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.
 
 


CVE assigned for vulnerability in hibernate-validator

Krzysztof Opasiak
 

Hi,

This is a note and warning about a vulnerability in hibernate-validator
(CVE-2019-10219). The SafeHtml validator fails to properly sanitize
payloads. This could result in an XSS attack[1].

The vulnerability has not been fixed yet which means that even the
newest versions of hibernate-validator is vulnerable and all projects
that use it should consider it as a known vulnerability.

This is the bug that I've been mentioning for quite some time during
SECCOM meetings as discovered by one of my team members and reported to
Red Hat but couldn't share any details due to standard 90 embargo period.

I hope that the bug is going to be fixed soon and a simple upgrade of
this library should fix the issue.

Footnotes:
1 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219

Best regards,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


slides for next SECCOM Crypto Focus Topic for next Monday's PTL call

Tony Hansen
 

Here are slides for our next SECCOM Crypto Focus Topic for next Monday's PTL call, about using secure protocols/versions instead of insecure ones. Review comments welcome.

 

                Tony

 


VNF Security Requirements Refresh for El Alto - Meeting Minutes 2019-8-22

Amy Zwarico
 

We finished reviewing the CIS Docker Benchmark v1.2.0 and agreed to create VNF security requirements that point to the CIS Docker Benchmarks. I decided to create two requirements – one for the images and the other for the run-time – and updated VNFRQTS-457 with the proposed requirements. Thank you Trevor for providing the language.

 

​​​​​Amy Zwarico, LMTS

Chief Security Office / Emerging Services Security

AT&T Services

(205) 613-1667

 

"This e-mail and any files transmitted with it are the property of AT&T,  and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your electronic device. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."

 


MoM - CMPv2 and secure communication for Frankfurt

Hampus Tjader
 

Thank you all for attending the meeting. Please see the MoM from the recommended Secure Communication targets for Frankfurt release. Presented proposal and video recording can be seen in wiki

 

Attendances had an initial alignment regarding the suggested targets and recommendations to be in place for Frankfurt. Please see summary of suggested Frankfurt targets and affected projects in slide 16.

  • Comment was made to also include this material in ONAP readthedocs, either as a new reference security architecture part or included under AAF documentation. Need to discuss with SECCOM for the possibility of introducing a reference security architecture section in future release document.
  • There were comments regarding current formulation of ONAP security requirements related to certificate handling. These will be revisited in the near future.

There are still several aspects to consider for ensuring proper certificate handling capabilities. Other topics to be further discussed:

  • As the acquisition of IAK/RV is non-standardized and said to be out-of-band. Suggestion was to first discuss and brainstorm this internally and then call for a community discussion session. We came to the conclusion of having two options:
    1. Standardize this solution.
    2. Find another technical solution, such as using a certificate already inside ONAP SO/AAF that will be sent to VNF for ensuring CSR protection.
  • We decided to investigate open-source alternatives for CMPv2 server/client implementation. Revisit as suggestions are made to the community.
  • Future community targets regarding revocation handling of certificates is of interest. Either by using legacy CRL solutions or online driven such as OSCP. We wanted to hear any targets from AAF, but no attended this meeting from the project. Revisit

 

For those of you that did not attend this meeting please review and provide feedback regarding the proposed targets. As the attendances of the meeting had an initial alignment of these targets, please feel free to review over mail. If needed we can have another session.

 

Best regards,
Hampus

 

 

 

Hampus Tjäder

System Developer

4G5G Product Architecture O&M and Security

 

Ericsson

Datalinjen 4

58330, Linköping, Sweden

Mobile: +46 107113292

ericsson.com

 

 


Re: CMPv2 and secure communication for Frankfurt

Hampus Tjader
 

Hi,

 

Please see the bridge information for ONAP2 for Tuesday 20th, 14:00-15:00 Central European Time:

 

ONAP Meeting 2 is inviting you to a scheduled Zoom meeting.

 

Join Zoom Meeting

https://zoom.us/j/202825323

 

One tap mobile

+16465588656,,202825323# US (New York)

+16699006833,,202825323# US (San Jose)

 

Dial by your location

        +1 646 558 8656 US (New York)

        +1 669 900 6833 US (San Jose)

        877 369 0926 US Toll-free

        855 880 1246 US Toll-free

        +1 647 558 0588 Canada

        855 703 8985 Canada Toll-free

Meeting ID: 202 825 323

Find your local number: https://zoom.us/u/aedFyNdWz8

 

 

Best regards,

Hampus

 

 

-----Original Appointment-----

From: Hampus Tjäder
Sent: den 12 augusti 2019 08:31
To: Hampus Tjäder; onap-seccom@...; Pawlak Paweł 3 - Korpo; ZWARICO, AMY
Cc: Harald.Fuchs@...; Samuli Kuusela; Horn, Linda (Nokia - US/Murray Hill); MAY, JOHN; Baniewski, Pawel (Nokia - PL/Wroclaw); Zygmunt Lozinski; TIMONEY, DAN; Gunnar Forssell; Masoud Asadi; natacha.mach@...
Subject: CMPv2 and secure communication for Frankfurt
When: den 20 augusti 2019 14:00-15:00 (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
Where: Zoom

 

Hi,

 

Please see this as a placeholder for continuing the discussion initiated in Stockholm F2F regarding external certificate handling enhancements for Frankfurt release. As you might remember from the session, we lifted the need for having CMPv2 support in place. Three new requirements for PKI in ONAP Frankfurt were proposed. Alternative 1, using a CMPv2 client, was said to be the initial target for the community. This target would modify two previous Dublin requirements, as a CMPv2 client does not provide full RA possibilities for a xNF.

 

We concluded that further discussion might be needed, thus the need for this session to provide an aligned SECCOM recommendation. I hope you all have had the time to investigate the proposal.

 

Zoom link and material will be added closer to the meeting.

 

Best regards,

Hampus

 

 

 

 

Hampus Tjäder

System Developer

4G5G Product Architecture O&M and Security

 

Ericsson

Datalinjen 4

58330, Linköping, Sweden

Mobile: +46 107113292

ericsson.com

 

 


Re: Next SECCOM meeting - looking for a vounteer to lead it

Tony Hansen
 

Natacha, I should be able to turn on the recording. Between the two of us, we’ll manage.

 

                Tony

 

From: <onap-seccom@...> on behalf of "natacha.mach via Lists.Onap.Org" <natacha.mach=orange.com@...>
Reply-To: "natacha.mach@..." <natacha.mach@...>
Date: Monday, August 19, 2019 at 7:58 AM
To: PAWLAK Pawel O-PL <pawel.pawlak3@...>, "onap-seccom@..." <onap-seccom@...>
Cc: "onap-seccom@..." <onap-seccom@...>
Subject: Re: [Onap-seccom] Next SECCOM meeting - looking for a vounteer to lead it

 

Hello,

i can lead it, but i have never done it :-) so it will be co-working...

Is it needed to have a specific access to launch the zoom session?

regards

Natacha

 


De : onap-seccom@... [onap-seccom@...] de la part de Pawel Pawlak via Lists.Onap.Org [pawel.pawlak3=orange.com@...]
Envoyé : mercredi 14 août 2019 15:35
À : onap-seccom@...
Cc : onap-seccom@...
Objet : [Onap-seccom] Next SECCOM meeting - looking for a vounteer to lead it

Hello,

I will be out of office starting today till end of the month.

Is there a volunteer in our community who would like to lead next SECCOM meeting on 20th of August?

Just in case I attach you slides from last meeting.

Meeting on 27th will be under Amy’s responsibility.

 

Best regards  

 

Paweł Pawlak

 

ONAP SECCOM Chair

Leader in IT & Network Convergent Operations
FT/TGI/OLN/TPP/OST

 

Orange Polska S.A.

Corporate Services Agency

Obrzeżna 7, 02-691 Warszawa
tel. +48 22 699 52 17
fax +48 22 857 99 86
tel. mob. +48 501 501 030

P   Czy musisz drukować tę wiadomość? Pomyśl o środowisku.
__________________________________________________________________
Treść tej wiadomości jest własnością Orange Polska i zawiera informacje stanowiące tajemnicę przedsiębiorstwa Orange Polska. Jeżeli nie jesteście Państwo jej adresatem, bądź otrzymaliście ją przez pomyłkę, prosimy o powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Orange Polska Spółka Akcyjna z siedzibą i adresem w Warszawie (02-326) przy Al. Jerozolimskich 160, wpisana do Rejestru Przedsiębiorców prowadzonego przez Sąd Rejonowy dla m.st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000010681; REGON 012100784, NIP 526-02-50-995; z pokrytym w całości kapitałem zakładowym wynoszącym 3.937.072.437 złotych.

 

 

_________________________________________________________________________________________________________________________
 
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.


Re: review of editors of ONAP CII projects

Gerard Nugent
 

Hi Tony
I updated the page to have Mandar as the DMaaP PTL. I looked to add him to our badging using the instructions here:

https://wiki.onap.org/display/DW/CII+Badging+Program#CIIBadgingProgram-Howtoaddmultipleeditorstoaprojectreport

I don't get the "(Advanced) What other users have additional rights to edit this badge entry?" option. I am an editor but not the owner of the page. The owner is no longer involved in the program.
Any advice on how to advance would be appreciated.
Regards,
Gerard Nugent
Ericsson


Re: Next SECCOM meeting - looking for a vounteer to lead it

natacha.mach@...
 

Hello,

i can lead it, but i have never done it :-) so it will be co-working...

Is it needed to have a specific access to launch the zoom session?

regards

Natacha

 


De : onap-seccom@... [onap-seccom@...] de la part de Pawel Pawlak via Lists.Onap.Org [pawel.pawlak3=orange.com@...]
Envoyé : mercredi 14 août 2019 15:35
À : onap-seccom@...
Cc : onap-seccom@...
Objet : [Onap-seccom] Next SECCOM meeting - looking for a vounteer to lead it

Hello,

I will be out of office starting today till end of the month.

Is there a volunteer in our community who would like to lead next SECCOM meeting on 20th of August?

Just in case I attach you slides from last meeting.

Meeting on 27th will be under Amy’s responsibility.

 

Best regards  

 

Paweł Pawlak

 

ONAP SECCOM Chair

Leader in IT & Network Convergent Operations
FT/TGI/OLN/TPP/OST

 

Orange Polska S.A.

Corporate Services Agency

Obrzeżna 7, 02-691 Warszawa
tel. +48 22 699 52 17
fax +48 22 857 99 86
tel. mob. +48 501 501 030

P   Czy musisz drukować tę wiadomość? Pomyśl o środowisku.
__________________________________________________________________
Treść tej wiadomości jest własnością Orange Polska i zawiera informacje stanowiące tajemnicę przedsiębiorstwa Orange Polska. Jeżeli nie jesteście Państwo jej adresatem, bądź otrzymaliście ją przez pomyłkę, prosimy o powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Orange Polska Spółka Akcyjna z siedzibą i adresem w Warszawie (02-326) przy Al. Jerozolimskich 160, wpisana do Rejestru Przedsiębiorców prowadzonego przez Sąd Rejonowy dla m.st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000010681; REGON 012100784, NIP 526-02-50-995; z pokrytym w całości kapitałem zakładowym wynoszącym 3.937.072.437 złotych.

 

 

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.


Re: VNF Security Requirements Refresh for El Alto

Amy Zwarico
 

Minutes from the 8/8 meeting.
 
Container Standards
 
  • Ready to be merged into the El Alto release
  • Krzysztof Opasiak has done a +1
 
Discussion of running as root and running with root privileges
  • If a VNF needs to run as root or root privileges in order to operate, then the services that it will access must be documented
  • Create a requirement: “If a VNF requires access to hardware outside of the virtualized environment, then the VNF must run as a PNF.”
 
We would like to add requirements for storage volumes to the ONAP security requirements.
 
Question for Samuli: has VNF signature validation (SOL004) been contributed to ONAP. This is related to CIS Docker Benchmark 4.2 and 4.5.
 
 
 
 
-----Original Appointment-----

From: ZWARICO, AMY
Sent: Sunday, July 14, 2019 9:50 AM
To: ZWARICO, AMY; onap-seccom@...; LOVETT, TREVOR J
Cc: THORPE, HENRY E; 'Nowak, Damian (Nokia - PL/Wroclaw)'; 'Krzysztof Opasiak'; HANSEN, TONY L; 'Harald.Fuchs@...'; 'Pawlak Pawel 3 - Korpo'; 'Parayil, Shiby'; 'Zygmunt Lozinski'; 'natacha.mach@...'; 'Samuli Kuusela'; 'Baniewski, Pawel (Nokia - PL/Wroclaw)'; MCCRAY, CHRISTOPHER; Jason Hunt
Subject: VNF Security Requirements Refresh for El Alto
When: Thursday, August 08, 2019 8:00 AM-9:00 AM (UTC-06:00) Central Time (US & Canada).
Where: webex
 
 
Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the invitation to others in your organization who should participate.
 
-- Do not delete or change any of the following text. --  
 
 
Join Webex meeting  
Meeting number (access code): 738 361 518
Meeting password: xtppmX?3 
 

Join from a video system or application
Dial 738361518@... 
You can also dial 173.243.2.68 and enter your meeting number.  
 
Join by phone 
Tap to call in from a mobile device (attendees only) 
1-844-517-1415 United States Toll Free 
1-618-230-6039 United States Toll 
Global call-in numbers  |  Toll-free calling restrictions  
 
 
Accessibility and Assistive Technologies  
Select this job aid for tips and guides to make Webex Meetings accessible to persons with disabilities who may rely on assistive technologies.
 
 
Can't join the meeting?
 
If you are a host, go here to view host information.

IMPORTANT NOTICE: Please note that this Webex service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.
 
 


Canceled: VNF Security Requirements Refresh for El Alto

Amy Zwarico
 

I am cancelling because there is a holiday in several European countries.
Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the invitation to others in your organization who should participate.
 
 


Re: review of editors of ONAP CII projects

Tony Hansen
 

Thank you, Gerard.

 

If Ram is no longer the PTL, https://wiki.onap.org/pages/viewpage.action?pageId=8226539 needs to be updated.

 

That leaves SDC to be dealt with.

 

                Tony

 

From: <onap-seccom@...> on behalf of Gerard Nugent <gerard.nugent@...>
Date: Wednesday, August 14, 2019 at 4:19 PM
To: "onap-seccom@..." <onap-seccom@...>
Subject: Re: [Onap-seccom] review of editors of ONAP CII projects

 

Hi

Ram is no longer the PTL of DMaaP. The current PTL is Mandar Sawant. I will look to add him to datarouter tomorrow and will communicate to Dominic and Sunil to do likewise.

Regards,

Gerard Nugent

Ericsson_._,_._,_


Re: review of editors of ONAP CII projects

Gerard Nugent
 

Hi
Ram is no longer the PTL of DMaaP. The current PTL is Mandar Sawant. I will look to add him to datarouter tomorrow and will communicate to Dominic and Sunil to do likewise.
Regards,
Gerard Nugent
Ericsson


review of editors of ONAP CII projects

Tony Hansen
 

As requested in yesterday’s meeting, I reviewed all of the ONAP project editors against the list of PTLs. Most of the projects have the current PTL as one of their editors. However, there is a mismatch in these four projects:

 

ONAP Project Name

PTL

CII Project Name

CII ID

CII Editors

Data Movement as a Platform (DMaaP)

Ram Koya

ONAP DMaaP Buscontroller

2147

Dominc Lunanuova

 

 

ONAP DMaaP Data-Router

2192

Conor Ward, Gerard Nugent, Fiacha Corcoran

 

 

ONAP-DMaaP-MessageRouter

1751

Sunil

Service Design & Creation (SDC)

Ofir Sonsino

ONAP SDC (Service Design and Creation)

1629

Lior Nachmias

 

(All projects also include Jim Baker in the above.)

 

                Tony


Next SECCOM meeting - looking for a vounteer to lead it

Pawel Pawlak
 

Hello,

I will be out of office starting today till end of the month.

Is there a volunteer in our community who would like to lead next SECCOM meeting on 20th of August?

Just in case I attach you slides from last meeting.

Meeting on 27th will be under Amy’s responsibility.

 

Best regards  

 

Paweł Pawlak

 

ONAP SECCOM Chair

Leader in IT & Network Convergent Operations
FT/TGI/OLN/TPP/OST

 

Orange Polska S.A.

Corporate Services Agency

Obrzeżna 7, 02-691 Warszawa
tel. +48 22 699 52 17
fax +48 22 857 99 86
tel. mob. +48 501 501 030

P   Czy musisz drukować tę wiadomość? Pomyśl o środowisku.
__________________________________________________________________
Treść tej wiadomości jest własnością Orange Polska i zawiera informacje stanowiące tajemnicę przedsiębiorstwa Orange Polska. Jeżeli nie jesteście Państwo jej adresatem, bądź otrzymaliście ją przez pomyłkę, prosimy o powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Orange Polska Spółka Akcyjna z siedzibą i adresem w Warszawie (02-326) przy Al. Jerozolimskich 160, wpisana do Rejestru Przedsiębiorców prowadzonego przez Sąd Rejonowy dla m.st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000010681; REGON 012100784, NIP 526-02-50-995; z pokrytym w całości kapitałem zakładowym wynoszącym 3.937.072.437 złotych.

 

 

261 - 280 of 1717