ONAP security meeting 2018 03 14 Agenda topics

  • Slides: 7
Download presentation
ONAP security meeting 2018 -03 -14

ONAP security meeting 2018 -03 -14

Agenda topics are driven from Jira. Security sub-committee Jira Kanban board: https: //jira. onap.

Agenda topics are driven from Jira. Security sub-committee Jira Kanban board: https: //jira. onap. org/secure/Rapid. Board. jspa? rapid. View=103 As viewed in the security sub-committee coordination page: https: //wiki. onap. org/display/DW/ONAP+Security+coordination

Agenda • Information Update • • Beijing Vulnerability Support • Reflections on the CII

Agenda • Information Update • • Beijing Vulnerability Support • Reflections on the CII badging process (Pawel Pawlak) • OOM questions (OOM team – if joining) • Casablanca focus – what do we want to focus on? • ONS meeting content • CII – vs CLM … • VNF package security – next steps? • Authentication and authorization microservice – next steps (andrew, all) • AOB

Vulnerability Support in Beijing • Projects are doing vulnerability management, and request support in

Vulnerability Support in Beijing • Projects are doing vulnerability management, and request support in the analysis to ensure that no attacks surface. • Is there a list of security experts that the Security Subcommittee can identify to provide this type of help to the PTLs?

Casablanca – what do we want to focus on • Great to consider concrete

Casablanca – what do we want to focus on • Great to consider concrete deliverables. • Some ideas • Communication Security guide to projects (guide like was done for CII badging) • Authorization (what andrew has been proposing). • Proposed solution • Guide to projects on how to use • Identity Management • • • Further security implications? • Guide to projects Threat analysis and proposals VNF package next steps Anything on PNF security? Scanning?

Meeting notes • Logging, security review (Michel obrian): • Logs are visible or can

Meeting notes • Logging, security review (Michel obrian): • Logs are visible or can be retrieved. • There is no log-in/security. Is this an issue. • Meeting: For Casablanca, look at locking down the thoughts with authentication and authentication. • Check that the password is not logged. • CII badging feedback (Pawel). • Critical vulnerability fix time. ONAP should have KPIs for vulnerability. • Steve to create a jira • Create guidelines about what to use and not use regarding protocols. • Look at R 19678 and R 85419, R-55380, but all of them

Meeting notes • ONS meeting content. • Request to present AAF. Wish from security

Meeting notes • ONS meeting content. • Request to present AAF. Wish from security sub-committee is to include the AAF users perspective. • Note – missing class in their docker container for getting AAF to run in containers. • • https: //jira. onap. org/browse/AAF-170 https: //jira. onap. org/browse/OOM-324 log code related - so https: //jira. onap. org/browse/LOG-179 • CII – CLM • Note: Jira for “CII badging task: Document on how to handle diff releases. ”

ONAP Architecture Overview Template ONAP Architecture Review ONAPONAP Architecture Overview Template ONAP Architecture Review ONAP
ONAP CLI Kanagaraj Manickam ONAP CLI PTL ONAPONAP CLI Kanagaraj Manickam ONAP CLI PTL ONAP
ONAP Security Meeting 2018 08 15 Agenda TopicsONAP Security Meeting 2018 08 15 Agenda Topics
ONAP Security Meeting 2018 10 10 Agenda TopicsONAP Security Meeting 2018 10 10 Agenda Topics
ONAP security meeting 2018 01 30 Agenda topicsONAP security meeting 2018 01 30 Agenda topics
ONAP Security Meeting 2018 04 25 Agenda TopicsONAP Security Meeting 2018 04 25 Agenda Topics