Re: 答复: [EdgeGallery] 【EdgeGallery】【Discussion Minutes】 EdgeGallery SEC WG Weekly Meeting #security


Chuanyu Chen
 

  • Monitoring Appication Repo would be newly added which has few security violations. As we are planning to release this repo also as part of Version 1.0 these issues cannot be open.

Hi Security Team, As example-apps repo is for a referring to application developers on how to use ONAP . First demo will be a “hello world” for  using EdgeGallery.

So we ask for that 1.2 REST Authorization  Rule won’t be considered in this demo application repo . Reason as Below:

1.       Demo app will not be a part of EdgeGallery system,  when user install EdgeGallery he will not install demo-app. Example-apps is only for reference to app developers.

2.       The purpose of the example app is for telling developer on how to call APIs of MEP , how to develop based on EdgeGallery .

So we won’t make the example app’s feature and security to complex but only focus on the  interaction with MEP, and used to explain the developer platform , APPD etc.

 

Best wishes,

Chuanyu Chen.

 

发件人: main@edgegallery.groups.io [mailto:main@edgegallery.groups.io] 代表 chengrundong
发送时间: 20201112 8:47
收件人: main <main@edgegallery.groups.io>
主题: [EdgeGallery] EdgeGallery】【Discussion Minutes EdgeGallery SEC WG Weekly Meeting #security

 

 

Thank you all for participating in security's meeting:

Meeting Attendees :

  • Shashi (华为)
  • Gaurav (华为)
  • Satish (华为)
  • Rama (华为)
  • 张倍源 (华为)
  • 刘慧玲 (华为)
  • 鹿鑫 (华为)
  • 张海龙 (华为)
  • 杨阳 (华为)
  • 扈冰 (华为)
  • 程润东 (华为)

Agenda Items

Item

Owner

Compliance test case use case step evaluation security test group progressing

程润东

App Store Security review

张倍源

MECM Security review

Gaurav Shashi Rama

APT Security review

刘慧玲

Discussion Items

  • Shashi Gaurav Rama introduced the requirements added by mecm in version 1.0, transformed into the matching results of the security use case rules for explanation and display, and explained the APIs required for testing in the requirements for evaluation
  • MECM, ATP and Development portal secuity design is reviewed.
  • Monitoring Appication Repo would be newly added which has few security violations. As we are planning to release this repo also as part of Version 1.0 these issues cannot be open.
  • Chuanyu/Gaurav Raise topic to TSC to get approval for Monitoring Appication Repo's open security issues.
  • Zhang Beiyuan introduced the requirements added by the app store in version 1.0, and explained and displayed the matching results of the security use case rules, and explained the APIs that need to be tested in the requirements for testing and evaluation
  • Liu Huiling introduced the functional requirements involved in APT version 1.0, and explained and displayed the matching results of conversion and safety use case rules for evaluation.
  • Cheng Rundong introduced the completion of the compliance test steps. The compilation of the compliance test steps has been completed. The 3 penetration test cases counted before the completion on Friday, and the follow-up development plan of the penetration test cases, 5 per week.

 

 


 

Join main@edgegallery.groups.io to automatically receive all group messages.