Page History

Meeting Administration

•  Linux Foundation Anti-trust Policy
•  Recording
•  Agenda Bashing
•  Attendance/Quorum (13/15)
  
•  Approval of previous meeting minutes

• :  2021-01-12 TSC Agenda and Minutes
  

• Minutes of last week's meeting

• approved.

•  Workstream Leads/ Project PTLs standup (continued)
  •  Moon - https://wiki.opnfv.org/display/moon
  •  Dovetail - https://wiki.opnfv.org/display/dovetail
  •  NFVbench - https://wiki.opnfv.org/display/nfvbench
  •  Others missed at Jan 12 meeting?
•   

• Moon status provided by Philippe Calvet

https://github.com/opnfv/moon

https://docs.openstack.org/oslo.policy/ussuri/admin/policy-json-file.html

Why we did Moon ?

• Openstack was designed for those building a cloud infra, while telco cloud requires security configuration for the security administrator,  thus the need of Moon, a security policy engine that allows fine grained control under the supervision of security administrator,
• Orange based its first version of telco cloud based an OpenStack release where security policy are managed by policy files that are depending on each Openstack module  aka .json policy ( = complex configurations)
• The rationale for Moon : have a global security policy management plane, that could unify the security  of the various Openstack modules ( fully tested on Nova, and partially on Neutron , Cinder, Swift ) , and historically  Opendaylight
• Moon helps addressing requirements from security authorities in virtualized environments  

What are the contributions to other communities ?

• Orange with Openstack community added the concept of Identity/Keystone hook that allows from a .json policy file to interrogate through an API call an external policy decision point (aka Moon) that authorizes the requests based on a given security policy ( E.g allow or not the start of VM )

Why we republish Moon in 2020 ?

• The initial contribution was initially linked with OPNFV . We redesign it internally to make as more an independent component and contributed the work in 2020 , this resulted in a major commit last year.
• We also completey redesign the web interface to allow a security administrator within a telco to authorize certains commands through a simple user interface ( instead of CLI ) , and repackage the service as two libraries that could be easily integrated in any virtualized platform (in the micro-services spirit).
• Moon was used in an experiment by one Orange Affiliate  to distinguish administrator roles depending of the status of the platform : design/maintenance status versus run status . As a consequence, this has been added to our recommendations.

What are next plans ?

• Cover next generation telco cloud requirements : Extend Moon to manage dual environments like K8S and Openstack, and extend GUI to simplify policy generations.

Reference :

• For French speaking :  https://www.sstic.org/2020/presentation/Moon_un_framework_pour_la_gestion_des_autorisations/

•  Elbrus Release - Important Dates
  
  • Content freeze: Jan/15
  • Proof-reading freeze: Jan/22
  • RC: Jan/26
  • Candidate sign-off date: Jan/29

•  Monday Technical Discussion follow-up
  •   Qiao Fu  to discuss the options in which PDF 2.0 frame work should be done with the TSC
    
    • (Pharos, new Anuket project, RI[12] or something else)

•  Continue

• Release process discussions, Goals and Management
  
  • Should specification and conformance streams operate independently or integrated?
  • What should the Release cadence be?
  • Artifacts to be included (#agree, hold-over from meld)

Anuket Release Process Issues and Objectives r1.pdf

•  Mailing list deprecation https://lists.anuket.io/g/main/subgroups

•  

  Status Updates

  •  Linux Foundation Lab (Portland) hardware upgrade status
  •  LF IT/Infra update: (Aric Gardner, Trevor Bramwell)
  •  gitlab POC