ONAP security meeting 2017-10-11.

Slides:

Advertisements

Similar presentations

Commissioning Dignity in Care Homes Clare Henderson Asst. Director Planning, Independence & Older Adults Sue Newton Commissioning Manager Older Adults.

Advertisements

Chapter 3 Preparing and Evaluating a Research Plan Gay and Airasian

CE0825 Object-Oriented Programming 2 © Allan C. Milne Abertay University v

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

Filling in your Active Citizenship Profile

Senate Meeting Oct 3, Call to Order 1. Call To Order 2. Approval of Agenda 3. Approval of Minutes 4. Intro to GPSS 5. Parliamentary- Procedure Overview.

Outline Your one-minute feedback from last week

ONAP security meeting

OASIS Next Generation Project Summary

Tool Chain Architecture

CII badging program for ONAP ONAP security committee Stephen Terrill

ONAP security meeting

ONAP security meeting

ONAP security meeting

Proposal for ONAP Development Best Practices Gildas Lanilis – ONAP Release Manager June 23 , 2017.

ONAP security meeting

Joint ONAP security subcommittee – SDC and VNFSDK project meeting

CII Badging Program for CLAMP Xue Gao, Pierre Close, Anael Closson

Sign Off Mentor Preparation

Topics Introduction Structure and way of working

Security Working Group

Key Issues in Licensing Software and Associated Intellectual Property: Matching Licensing Models to Business Strategies Steve Mutkoski Regional Director,

Collaborative Learning

Review of ONAP Carrier Grade Requirements

ONAP security meeting

ONAP Software Architecture

Agenda 10:00 Welcome & Introductions 10:15 Community Resource Team

Academic Advisors Every student will be allocated a member of the lecturing team who will support and advise them individually throughout their.

ONAP security meeting

Outcome TFCS-11// February Washington DC

ONAP Security Sub-committee Update

ONAP Open Source Practice Codifying Upstream First with Lessons from OpenDaylight, OPNFV and OpenStack Marcus Williams - Intel Dec 12 , 2017.

WG Belgian Grid Implementation Network Codes.

BIS 320 Competitive Success-- snaptutorial.com

MKT 310 Competitive Success-- snaptutorial.com

BIS 320 Education for Service-- snaptutorial.com

HSCN Supplier Workshop – 16 June 2016

IS4550 Security Policies and Implementation

9th International Common Criteria Conference Report to IEEE P2600 WG

‘Making Marking Matter’ Effective Marking: Selective, Effective, Formative and Reflective D.I.R.T Thursday 22nd August 2013 Rachael Edgar Familiar story?

Supervisor role and responsibilities

Assessment and Development of Core Skills in Engineering Mathematics

EDU 300 Assessment for Learning

Role Models and Lifecycles in IoT and their Impact on the W3C WoT Thing Description Michele Blank.

The Community Project Silver Spring International Middle School

Leaving Cert: Physical Education How does it work?

Title Presentation sub title Your success is our success. We’ve prescription for your business. We are professional communication group. Presentation.

NPA 403/587/780/825 (Area Code) Relief in Alberta

Achieving Success on Upwork

OWASP Application Security Verification Standard

Reviews “How’s it going?”

BIOMIMICRY & PARAMETRIC DESIGN

ISO 9001:2008 – Key Changes NOTE: use of this webinar depends on the instructor/speaker using the text in the notes of the slides!! Examples and speaking.

Keith Puttick Christine Harrison Judith Tillson

HN Network Support Events

Akraino Sub-Committees

Review Group Action November 2008.

Contents Introduction/Contacts Description Of Module (& LOs)

Topic 1: Introduction to the Module and an Overview of Agile

Proposal on TSC policy for ONAP release Maintenance

Implementation Discussion Bin Hu

ONAP Edge Work – Suggested Next Steps

ONAP Risk Assessment – Preparation Material - Overview of the Process - Terminology - Assumptions

OWASP Application Security Verification Standard

Becoming a CCT-Enabled Scholar

Data Governance at Yale

What Does it Mean to Get Gold in CII Badging?

ONAP Security Requirements ONAP Virtual F2F, December overall requirements - security by design Stephen Terrill, et al.

Presentation transcript:

ONAP security meeting 2017-10-11

Agenda Information Update - S3P (carrier grade) - security aspects. Re: Carrier Grade Requirements (consolidated) common authentication/authorization service (amy) Topics to advance Credential protection and management Static Code Scanning AOB

“Carrier Grade” https://wiki.onap.org/pages/viewpage.action?pageId=15998867&focusedCommentId=16001108#comment- 16001108 Security Level 0: None Level 1: CII Passing badge Level 2: CII Silver badge, plus: All internal/external system communications shall be able to be encrypted. All internal/external service calls shall have common role-based access control and authorization. Level 3: CII Gold badge Meeting reflection From a release perspective we could have a % per release Question: Will the arch team follow-up on this or does the seccom team do that. .

common authentication/authorization service (amy) Meeting notes Using the credentials for secure communication Create entry in the best practices development wiki for secure communication.

Next Week Feedback on maturity of overall platform. Credential Management. Try to close. Static code scanning f/b from coverity.

CII Badging programe feedback from clamp The slides were presented. The self assessment approach is appreciated Facilitated the project to improve its way of working Was seen that it can provide an common terminology and approach for security issues in ONAP CLAMP sits at 83% approval for passing level, with some of the open issues an ongoing discussion in the security sub-committee Need to come back to code coverage question.

DevEvent feedback About 10 people there, not too bad given agenda competition and flexibility. Agenda move meant that we missed feedback on CII badging program Frank Brockners raised that OPNFV has a basic scan for obvious vulnerabilities: https://git.eclipse.org/r/Documentation/prolog-cookbook.html

DevEvent feedback Phil presented nexus IQ - informs of known vulnerabilities Note: We need a proposed process for this s.

DevEvent Feedback Credential management: Static Code scanning Questions: What about user pwd/credential What about the credential for interaction with other systems. How to the plugability to the credential management. Static Code scanning How to introduce

DevEvent Other questions that came up Describe how to have secure communication between onap components Describe examples of security communication between ONAP and other systems (e.g. credentials to get access to the VIM). Describe the User provisioning and rols

Other idea Some questions we have are specific to ONAP Some cannot be new. Should we have a cross org security share’n’care meeting?