Minutes of Technical Community Discussion on June 30, 2016
Date and Time: 6:00am PDT / UTC 13:00, Thursday June 30, 2016
Convener: Bin Hu (AT&T)
- Alok Gupta (AT&T)
Amanda Xiang (Huawei)
Brian Skerry (Intel)
Carlos Goncalves (NEC)
- Christopher Price (Ericsson)
- Dan Druta (AT&T)
Fatih Degirmenci (Ericsson)
Luke Hinds (RedHat)
- Mark D Gray (Intel)
- Murat Parlakisik (Argela USA)
Prakash Ramchandran (Huawei)
Stuart Mackie (Juniper)
Ulrich Kleber (Huawei)
Active Project Proposal Discussion
Luke introduced project proposal. Luke indicated that calling it a "project proposal" may be misleading, because only a repo is needed for Security WG so as not to bother FuncTest. The scanning tool itself is from upstream.
Uli (Huawei) asked what is the difference between Inspector, Moon and this Security Scanning? Luke answered that Inspector is upstream checking for CADF for Auditing, and Moon is security for provision a set of different cloud resources/services for VNFs. CI/CD Security Scanning project focuses on OPNFV CI/CD platform using SCANF for NFVi.
Luke shared a link https://scap.nist.gov/revision/1.2/. Openscap is tool for scap NIST standard and we use it for NFVi security here
Uli (Huawei) indicated that it sounds more than a repo, because some upstream work is also done there. Further, Security WG doesn't define committers role, so who can review the code and maintain the repo? It is confusing.
Prakash (Huawei) also agreed that it would be better to have a project with committer's role.
Chris (Ericsson) also agreed that we need a project, and once we have clear procedures and "goals" on this toolchain we might include it as a gating function for a release. Certainly not in the Colorado timeline for sure.
Fatih (Ericsson) asked why it should tie to CI? It can be run by any user. So Fatih also thinks that it should be a Project. This scan is a good candidate as part of weekly runs if we don't want to run it for each and every build/test.
All agreed that it should be a new project. Luke will take action to:
- clarify the scope more
- clarify its relationship with infrastructure projects and test projects
- clarify that deliverables include documentation for other projects to reuse it
Once Luke finishes revising the proposal,he will re-start the email discussion, and bring it to TSC on July 12th.
- MANO WG Discussion - led by Prakash Ramchandran
Prakash shared his plan of how to start the work, including external stakeholders such as ETSI, IETF, ONF, OASIS etc. The group plans to do use case, requirement, gap analysis and interfaces. We will also work with upstream, such as OPEN-O, OSM, OpenBaton, etc.
Chris (Ericsson) indicated that the intention of WG is to provide a venue for cross-project collaboration, and solve those common issues of all projects. But actual work (use case, gap analysis, interface requirement etc) needs to be driven and done within individual projects. We don't see many projects participating, only 2 today Domino and Movie. This is a gap.
Brian S (Intel) said that if there are few projects participating in this WG, it doesn’t seem necessary to have this WG at all. We do need to see engagements from those projects.
Prakash will communicate with more projects to participate.