Stephen, Jason, et al… Are you planning to version control these S3P requirements? My concern is that we are changing the Level definitions and some projects that may have met a level in Beijing may no longer be compliant to that level anymore based on changing definitions.
For example, on the Usability category, you’ve added a major feature requirement for the project now to comply with “ONAP API Common Versioning Strategy”; although this is listed under an API documentation bullet, to comply to an ONAP API common versioning strategy will mean development work for some or possible all projects. Can you share your thoughts on this? Thanks, Randa From: [email protected] [mailto:[email protected]] On Behalf Of Jason Hunt Sent: Wednesday, June 20, 2018 7:55 PM To: Stephen Terrill <[email protected]> Cc: onap-tsc <[email protected]> Subject: Re: [onap-tsc] Platform Maturity/S3P Deck for tomorrow Stephen, I think that achieves a good compromise between making progress on security while respecting the constraints of the project team. Thanks! I've updated the deck accordingly: https://wiki.onap.org/download/attachments/29786434/Platform%20Maturity%20S3P%20Casablanca%20Proposal%2021June2018v2.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_download_attachments_29786434_Platform-2520Maturity-2520S3P-2520Casablanca-2520Proposal-252021June2018v2.pdf&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=kyPZ229JImvwwKH-78nlyg&m=UptAGs_1-5pHzy517YKFKg3x0F5tjtxeR2Eeml_0J0o&s=FagxYAhrjvwR2YMdIj9LvcGd5JpSuee8KHtTKJ_wrOs&e=> Regards, Jason Hunt Distinguished Engineer, IBM Phone: 314-749-7422 Email: [email protected]<mailto:[email protected]> Twitter: @DJHunt From: Stephen Terrill <[email protected]<mailto:[email protected]>> To: Jason Hunt <[email protected]<mailto:[email protected]>>, onap-tsc <[email protected]<mailto:[email protected]>> Date: 06/21/2018 07:36 AM Subject: RE: [onap-tsc] Platform Maturity/S3P Deck for tomorrow ________________________________ Hi Jason, Thanks for the update. I was reflecting on the feedback about security as we discussed and I have the impression that the gap to sliver maybe felt as too big a gap to achieve in one release. To address this I would like to propose to add on slide 3 the following text: “Absolute Minimum expectation: * CII badging passing level * Continuously retaining no critical or high known vulnerabilities > 60 days old * All communication shall be able to be encrypted and have common role-based access control and authorization. Desired expectation is full CII badging silver level, if not 75% towards that. “ Then I think the TSC should have a discussion about whether to have this amendment included. Best Regards, Steve. From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of Jason Hunt Sent: Wednesday, June 20, 2018 3:55 PM To: onap-tsc <[email protected]<mailto:[email protected]>> Subject: [onap-tsc] Platform Maturity/S3P Deck for tomorrow TSC, I incorporated the feedback from today's session into the Casablanca Platform Maturity (S3P) requirements in this presentation: https://wiki.onap.org/download/attachments/29786434/Platform%20Maturity%20S3P%20Casablanca%20Proposal%2021June2018.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_download_attachments_29786434_Platform-2520Maturity-2520S3P-2520Casablanca-2520Proposal-252021June2018.pdf&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=kyPZ229JImvwwKH-78nlyg&m=UptAGs_1-5pHzy517YKFKg3x0F5tjtxeR2Eeml_0J0o&s=s6qo3Ezvxy9SM2Wd9cLZzqbRoh9j-Yh6G3KQGSg-J14&e=> If I did not capture things appropriately or if there are other items for discussion, please reply to this thread. We would like to vote on these during tomorrow's meeting. Thank you! Regards, Jason Hunt Distinguished Engineer, IBM Phone: 314-749-7422 Email: [email protected]<mailto:[email protected]> Twitter: @DJHunt -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3199): https://lists.onap.org/g/ONAP-TSC/message/3199 Mute This Topic: https://lists.onap.org/mt/22463412/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/ONAP-TSC/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
