Monitoring Appication Repo would be newly added which has few security violations. As we are planning to release this repo also as part of Version 1.0 these issues cannot be open.
Hi Security Team, As example-apps repo is for a referring to application developers on how to use ONAP . First demo will
be a “hello world” for using EdgeGallery.
So we ask for that 1.2 REST Authorization Rule won’t be considered in this demo application repo . Reason as Below:
1.Demo app will not be a part of EdgeGallery system, when user install EdgeGallery he will not install demo-app. Example-apps is only for
reference to app developers.
2.The purpose of the example app is for telling developer on how to call APIs of MEP , how to develop based on EdgeGallery .
So we won’t make the example app’s feature and security to complex but only focus on the interaction with MEP, and used
to explain the developer platform , APPD etc.
Thank you all for participating in security's meeting:
Meeting Attendees :
Shashi
(华为)
Gaurav
(华为)
Satish
(华为)
Rama (华为)
张倍源 (华为)
刘慧玲(华为)
鹿鑫(华为)
张海龙(华为)
杨阳(华为)
扈冰(华为)
程润东(华为)
Agenda Items
Item
Owner
Compliance test case use case step evaluation,
security test group progressing
程润东
App Store Security review
张倍源
MECM Security review
Gaurav Shashi Rama
APT Security review
刘慧玲
Discussion Items
Shashi Gaurav Rama introduced the requirements added by mecm in version 1.0, transformed into the matching results of the security use case rules for explanation and display, and explained the
APIs required for testing in the requirements for evaluation
MECM, ATP and Development portal secuity design is reviewed.
Monitoring Appication Repo would be newly added which has few security violations. As we are planning to release this repo also as part of Version 1.0 these issues cannot be open.
Chuanyu/Gaurav Raise topic to TSC to get approval for Monitoring Appication Repo's open security issues.
Zhang Beiyuan introduced the requirements added by the app store in version 1.0, and explained and displayed the matching results of the security use case rules, and explained the APIs that
need to be tested in the requirements for testing and evaluation
Liu Huiling introduced the functional requirements involved in APT version 1.0, and explained and displayed the matching results of conversion and safety use case rules for evaluation.
Cheng Rundong introduced the completion of the compliance test steps. The compilation of the compliance test steps has been completed. The 3 penetration test cases counted before the completion
on Friday, and the follow-up development plan of the penetration test cases, 5 per week.
