Date   

ONAP Casablanca Maintenance 3.0.2 - Now available !

Catherine LEFEVRE
 

Dear ONAP Community,

 

The ONAP Casablanca Maintenance Release 3.0.2 is now finalized !

 

The focus of this maintenance release was to address issue of certificate expiry across the following projects: AAI, CLAMP, DMAAP Data Router, Policy, Portal and VID.

   

The release note is available on readthedocs: https://docs.onap.org/en/casablanca/release/index.html#casablanca-maintenance-release-3-0-2

 

Feel free to give us any feedback on this maintenance release that you think would be relevant.

 

Thank you to all the teams that were part of this maintenance release !

 

Many thanks and regards

Catherine & Jim

 

Catherine Lefèvre

AVP Software Development & Engineering

 

AT&T Labs – Network Cloud & Infrastructure

D2 Platform & Systems Development

ECOMP/RUBY/SPP-NEAM-Appl. Servers/SIA

ONAP TSC Chair

 

 

Phone: +32 81 84 09 08

Mobile: +32 475 77 36 73

catherine.lefevre@...

 

TEXTING and DRIVING… It Can Wait

AT&T

BUROGEST OFFICE PARK SA

Avenue des Dessus-de-Lives, 2

5101 Loyers (Namur)

Belgium

 

 

NOTE: This email (or its attachments) contains information belonging to the sender, which may be confidential. proprietary and/or legally privileged. The information is intended only for the use of the individual(s) or entity(ies) named above. If you are not the intended recipient, you are hereby notified that any disclosure, distribution or taking of any action in reliance on the content of this is strictly forbidden. If you have received this e-mail in error please immediately notify the sender identified above

 


SECCOM on Tuesdays

Pawel Pawlak
 

Please find attached an invitation for our SECCOM  meeting today.

I have some problem with sending the invitation directly from the groups.io – the ics file does not open…so I downloaded it manually ;-)

 

Best regards

 

Paweł Pawlak

 

ONAP SECCOM Chair

Leader in IT & Network Convergent Operations
FT/TGI/OLN/QOP/OST

 

Orange Polska S.A.

Corporate Services Agency

Obrzeżna 7, 02-691 Warszawa
tel. +48 22 699 52 17
fax +48 22 857 99 86
tel. mob. +48 501 501 030

P   Czy musisz drukować tę wiadomość? Pomyśl o środowisku.
__________________________________________________________________
Treść tej wiadomości jest własnością Orange Polska i zawiera informacje stanowiące tajemnicę przedsiębiorstwa Orange Polska. Jeżeli nie jesteście Państwo jej adresatem, bądź otrzymaliście ją przez pomyłkę, prosimy o powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Orange Polska Spółka Akcyjna z siedzibą i adresem w Warszawie (02-326) przy Al. Jerozolimskich 160, wpisana do Rejestru Przedsiębiorców prowadzonego przez Sąd Rejonowy dla m.st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000010681; REGON 012100784, NIP 526-02-50-995; z pokrytym w całości kapitałem zakładowym wynoszącym 3.937.072.437 złotych.

 


Updated Event: #seccom Subcommittee (UTC) #seccom #cal-invite

onap-seccom@lists.onap.org Calendar <onap-seccom@...>
 

#seccom Subcommittee (UTC)

When:
Wednesday, 10 April 2019
1:00pm to 2:00pm
(GMT+00:00) UTC
Repeats: Weekly on Tuesday

Where:
https://zoom.us/j/793296315

Organizer:
pawel.pawlak3@... Bridge: ONAP2

Description:

https://zoom.us/j/793296315
 
One tap mobile
+16465588656,,793296315# US (New York)
+16699006833,,793296315# US (San Jose)
 
Dial by your location
        +1 646 558 8656 US (New York)
        +1 669 900 6833 US (San Jose)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
Meeting ID: 793 296 315
Find your local number: https://zoom.us/u/aedFyNdWz8


Semi Farewell ONAP

Arul Nambi
 

Hi Everyone,

I wanted to let you all know that I will be moving company. Tomorrow May 18th will be my last day at Amdocs and ONAP.

It has been fun being a part of ONAP from day one. I want to thank you for proving me the opportunity for being a part of something great.

This is my personal email arul.n.mohan@.... Keep in touch.

Regards

Arul

This email and the information contained herein is proprietary and confidential and subject to the Amdocs Email Terms of Service, which you may review at https://www.amdocs.com/about/email-terms-of-service


SECCOM meeting - we start now!

Pawel Pawlak
 

Hello Guys,

Although I update the SECCOM meeting schedule to start at 1 PM UTC, the invitation was not updated automatically, so please join our meeting now as usual…

Best regards

 

Paweł Pawlak

 

ONAP SECCOM Chair

Leader in IT & Network Convergent Operations
FT/TGI/OLN/QOP/OST

 

Orange Polska S.A.

Corporate Services Agency

Obrzeżna 7, 02-691 Warszawa
tel. +48 22 699 52 17
fax +48 22 857 99 86
tel. mob. +48 501 501 030

P   Czy musisz drukować tę wiadomość? Pomyśl o środowisku.
__________________________________________________________________
Treść tej wiadomości jest własnością Orange Polska i zawiera informacje stanowiące tajemnicę przedsiębiorstwa Orange Polska. Jeżeli nie jesteście Państwo jej adresatem, bądź otrzymaliście ją przez pomyłkę, prosimy o powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Orange Polska Spółka Akcyjna z siedzibą i adresem w Warszawie (02-326) przy Al. Jerozolimskich 160, wpisana do Rejestru Przedsiębiorców prowadzonego przez Sąd Rejonowy dla m.st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000010681; REGON 012100784, NIP 526-02-50-995; z pokrytym w całości kapitałem zakładowym wynoszącym 3.937.072.437 złotych.

 


Updated Event: #seccom Subcommittee (UTC) - Wednesday, 17 April 2019 #seccom #cal-invite

onap-seccom@lists.onap.org Calendar <onap-seccom@...>
 

#seccom Subcommittee (UTC)

When:
Wednesday, 17 April 2019
1:00pm to 2:00pm
(GMT+00:00) UTC

Where:
https://zoom.us/j/793296315

Organizer:
pawel.pawlak3@... Bridge: ONAP2

Description:

https://zoom.us/j/793296315
 
One tap mobile
+16465588656,,793296315# US (New York)
+16699006833,,793296315# US (San Jose)
 
Dial by your location
        +1 646 558 8656 US (New York)
        +1 669 900 6833 US (San Jose)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
Meeting ID: 793 296 315
Find your local number: https://zoom.us/u/aedFyNdWz8


Review of ONAP Security Requirements - 7th session

Samuli Kuusela
 

Hi all, longer pause in-between due to F2F in San Jose (we reviewed all the IdAM reqs!) & my vacation..


We’ll continue from SECCOM-132, then the following reqs in the order of Jira ticket numbers.

Please use this link, it produces a list of requirements in the correct order of review, starting with the SECCOM-132:

https://jira.onap.org/browse/SECCOM-132?jql=project%20%3D%20SECCOM%20AND%20labels%20%3D%20ONAPSECURITYREQUIREMENT%20ORDER%20BY%20created%20ASC

 

If you have the possibility: please read the reqs in advance and write your comments in the Jira tickets.

 

Brs,

   Samuli

 


meeting today

Pawel Pawlak
 

We start in less than 15 minutes, I hope to hear you soon!

 

Best regards

 

Paweł Pawlak

 

ONAP SECCOM Chair

Leader in IT & Network Convergent Operations
FT/TGI/OLN/QOP/OST

 

Orange Polska S.A.

Corporate Services Agency

Obrzeżna 7, 02-691 Warszawa
tel. +48 22 699 52 17
fax +48 22 857 99 86
tel. mob. +48 501 501 030

P   Czy musisz drukować tę wiadomość? Pomyśl o środowisku.
__________________________________________________________________
Treść tej wiadomości jest własnością Orange Polska i zawiera informacje stanowiące tajemnicę przedsiębiorstwa Orange Polska. Jeżeli nie jesteście Państwo jej adresatem, bądź otrzymaliście ją przez pomyłkę, prosimy o powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Orange Polska Spółka Akcyjna z siedzibą i adresem w Warszawie (02-326) przy Al. Jerozolimskich 160, wpisana do Rejestru Przedsiębiorców prowadzonego przez Sąd Rejonowy dla m.st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000010681; REGON 012100784, NIP 526-02-50-995; z pokrytym w całości kapitałem zakładowym wynoszącym 3.937.072.437 złotych.

 


Re: [E] Re: [Onap-seccom] RBAC

D'Elia, John
 

As far as I understand, OOM uses helm for LCM and consul for monitoring. It may suffice to state that RBAC for OOM is controlled using native helm/consul/k8s mechanisms. We should also look at integration project, and possibly take the same approach there. However, we need to clearly specify the recommended approach so we're addressing all aspects of ONAP RBAC.

-----Original Message-----
From: Krzysztof Opasiak [mailto:k.opasiak@...]
Sent: Tuesday, April 9, 2019 10:52 AM
To: D'Elia, John <@johndelia92>; onap-seccom@...
Subject: Re: [E] Re: [Onap-seccom] RBAC



On 09.04.2019 15:20, D'Elia, John wrote:
I would agree except that ONAP delivers OOM specifically for the purpose of managing ONAP: see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_pages_viewpage.action-3FpageId-3D3246809&d=DwICaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=UiDlzD3ZtXcd-vsun4KvKG9MmGFyAGBWINC4gfRsSjc&m=nrGA_S4ILCRK36858qxRn0dzkvzr4Bog432JzryfWeM&s=rsMQGtcWLDLXOv0IMfY3-DkoauCg5Q1t53_Q4KJioQc&e=. So I don't see how we can avoid addressing access control in a tool we are delivering.
That's true but taking into account that those are only set of helm charts that, in the end of the day, are just deployed using kubernetes API how would you like to implement RBAC there?

BTW.
ONAP taking this part we may also try to look at integration project.
They are also part of ONAP but should thir scripts also support RBAC?;)

Best regards,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


Re: [E] Re: [Onap-seccom] RBAC

Krzysztof Opasiak
 

On 09.04.2019 15:20, D'Elia, John wrote:
I would agree except that ONAP delivers OOM specifically for the purpose of managing ONAP: see https://wiki.onap.org/pages/viewpage.action?pageId=3246809. So I don't see how we can avoid addressing access control in a tool we are delivering.
That's true but taking into account that those are only set of helm
charts that, in the end of the day, are just deployed using kubernetes
API how would you like to implement RBAC there?

BTW.
ONAP taking this part we may also try to look at integration project.
They are also part of ONAP but should thir scripts also support RBAC?;)

Best regards,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


Re: [E] Re: [Onap-seccom] RBAC

D'Elia, John
 

I would agree except that ONAP delivers OOM specifically for the purpose of managing ONAP: see https://wiki.onap.org/pages/viewpage.action?pageId=3246809. So I don't see how we can avoid addressing access control in a tool we are delivering.

-----Original Message-----
From: onap-seccom@... [mailto:onap-seccom@...] On Behalf Of Krzysztof Opasiak
Sent: Tuesday, April 9, 2019 8:02 AM
To: D'Elia, John <@johndelia92>; onap-seccom@...
Subject: Re: [E] Re: [Onap-seccom] RBAC



On 09.04.2019 13:45, D'Elia, John wrote:
Hi Krzysztof,
Yes, the last item is about protecting the ability to manage ONAP as an application. So, any functions related to start, stop, monitor, upgrade, etc.
Hmmm... ok but then how is it related to ONAP?
If I understand this correctly then it you are redeploying containers in that process no one apart from kubernetes can prevent you from doing so, right?

So I think that this is not a requirement for ONAP but for configuration of underlying k8s cluster.

Best regards,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


Re: [E] Re: [Onap-seccom] RBAC

Krzysztof Opasiak
 

On 09.04.2019 13:45, D'Elia, John wrote:
Hi Krzysztof,
Yes, the last item is about protecting the ability to manage ONAP as an application. So, any functions related to start, stop, monitor, upgrade, etc.
Hmmm... ok but then how is it related to ONAP?
If I understand this correctly then it you are redeploying containers in
that process no one apart from kubernetes can prevent you from doing so,
right?

So I think that this is not a requirement for ONAP but for configuration
of underlying k8s cluster.

Best regards,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


Re: [E] Re: [Onap-seccom] RBAC

D'Elia, John
 

Hi Krzysztof,
Yes, the last item is about protecting the ability to manage ONAP as an application. So, any functions related to start, stop, monitor, upgrade, etc.
John

-----Original Message-----
From: Krzysztof Opasiak [mailto:k.opasiak@...]
Sent: Tuesday, April 9, 2019 5:10 AM
To: D'Elia, John <@johndelia92>; onap-seccom@...
Subject: [E] Re: [Onap-seccom] RBAC



On 05.04.2019 17:23, D'Elia, John via Lists.Onap.Org wrote:
FYI, I've posted the latest version of _Verizon RBAC Requirements for
ONAP_
<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_download_attachments_50202249_Verizon-2520RBAC-2520Requirements-2520for-2520ONAP-2520-2D-2520040419.pptx-3Fapi-3Dv2&d=DwID-g&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=UiDlzD3ZtXcd-vsun4KvKG9MmGFyAGBWINC4gfRsSjc&m=PHYr5PsUpxmbpzzYVH5hHlhvt0NTJ-IfcIHJEuUKs0k&s=Yo5WAPK-5ZjI0AdLbH2vibpAup_eWoXyTl05wtXSSH0&e=>.
Based on recent internal discussions, there are some additional
requirements:

* Need for permission grouping (i.e., roleàpermission
groupsàpermissions) to facilitate permission administration
* The RBAC mechanism must address management of ONAP itself (e.g.,
OOM)
Could you please elaborate more about this one? What would you would like to protect? The deployment of containers or what?

Best regards,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


Re: RBAC

Krzysztof Opasiak
 

On 05.04.2019 17:23, D'Elia, John via Lists.Onap.Org wrote:
FYI, I’ve posted the latest version of _Verizon RBAC Requirements for ONAP_ <https://wiki.onap.org/download/attachments/50202249/Verizon%20RBAC%20Requirements%20for%20ONAP%20-%20040419.pptx?api=v2>. Based on recent internal discussions, there are some additional requirements:
* Need for permission grouping (i.e., roleàpermission
groupsàpermissions) to facilitate permission administration
* The RBAC mechanism must address management of ONAP itself (e.g., OOM)
Could you please elaborate more about this one? What would you would like to protect? The deployment of containers or what?

Best regards,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


Updated Event: #seccom Subcommittee (UTC) #seccom #cal-invite

onap-seccom@lists.onap.org Calendar <onap-seccom@...>
 

#seccom Subcommittee (UTC)

When:
Wednesday, 10 April 2019
1:00pm to 2:00pm
(GMT+00:00) UTC
Repeats: Weekly on Wednesday

Where:
https://zoom.us/j/793296315

Organizer:
pawel.pawlak3@... Bridge: ONAP2

Description:

https://zoom.us/j/793296315
 
One tap mobile
+16465588656,,793296315# US (New York)
+16699006833,,793296315# US (San Jose)
 
Dial by your location
        +1 646 558 8656 US (New York)
        +1 669 900 6833 US (San Jose)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
Meeting ID: 793 296 315
Find your local number: https://zoom.us/u/aedFyNdWz8


Updated Event: #seccom Subcommittee (UTC) #seccom #cal-invite

onap-seccom@lists.onap.org Calendar <onap-seccom@...>
 

#seccom Subcommittee (UTC)

When:
Wednesday, 10 April 2019
1:00am to 2:00am
(GMT+00:00) UTC
Repeats: Weekly on Wednesday

Where:
https://zoom.us/j/793296315

Organizer:
pawel.pawlak3@... Bridge: ONAP2

Description:

https://zoom.us/j/793296315
 
One tap mobile
+16465588656,,793296315# US (New York)
+16699006833,,793296315# US (San Jose)
 
Dial by your location
        +1 646 558 8656 US (New York)
        +1 669 900 6833 US (San Jose)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
Meeting ID: 793 296 315
Find your local number: https://zoom.us/u/aedFyNdWz8


RBAC

D'Elia, John
 

FYI, I’ve posted the latest version of Verizon RBAC Requirements for ONAP.  Based on recent internal discussions, there are some additional requirements:
  • Need for permission grouping (i.e., roleàpermission groupsàpermissions) to facilitate permission administration
  • The RBAC mechanism must address management of ONAP itself (e.g., OOM)
  • For cases where external IdP is unavailable, the internal IdP must support two-factor authN
Perhaps we can discuss at next SecCom meeting.
John
 


Re: [ONAP Helpdesk #67450] Jira board for Vulnerability Management

Catherine LEFEVRE
 

Thank you Bengt and great job again on this one !

-----Original Message-----
From: Bengt Thuree via RT [mailto:onap-helpdesk-comment@...]
Sent: Tuesday, April 02, 2019 10:09 PM
Cc: keong.lim@...; Lefevre, Catherine <catherine.lefevre@...>; ZWARICO, AMY <az9121@...>; Pawel.Pawlak3@...; Keong.Lim@...; onap-seccom@...; Close, Pierre <pierre.close@...>; pawel.pawlak3@...; jwagantall@...; k.opasiak@...
Subject: [ONAP Helpdesk #67450] Jira board for Vulnerability Management

closing this ticket for now.
Any new things, please open a new ticket


[ONAP Helpdesk #67450] Jira board for Vulnerability Management

Bengt Thuree via RT <onap-helpdesk-comment@...>
 

closing this ticket for now.
Any new things, please open a new ticket


[ONAP Helpdesk #67450] Jira board for Vulnerability Management

Bengt Thuree via RT <onap-helpdesk@...>
 

Ok, will close this ticket today, unless someone wants to keep it open.

I have also added the Reporter to have access to the issue he/she created.

Cheers

Bengt

On Sat Mar 30 18:21:26 2019, az9121@... wrote:
+1

-----Original Message-----
From: onap-seccom@... [mailto:onap-seccom@...]
On Behalf Of Krzysztof Opasiak via RT
Sent: Friday, March 29, 2019 6:00 PM
To: stephen.terrill@...
Cc: onap-seccom@...
Subject: Re: [Onap-seccom] [ONAP Helpdesk #67450] Jira board for
Vulnerability Management



On 28.03.2019 11:54, Bengt Thuree via RT wrote:
Hi Pawel,

The OJSI-Security-Group now only contains the 10 people you provided.

The OJSI-CIA project contains two extra LF names just for testing
temporarily, will remove them tomorrow.
and I am still the owner of OJSI project. Whom should be owner of it?
I think Pawel Pawlak as a SECCOM chair should be the owner, later we
can
modify this if we decide differently

--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics