06-05-2023 TSC Meeting Minutes
- Santhosh Fernandes
- LJ Illuzzi
- Daniel Havey
Owned by Santhosh Fernandes
TSC Meeting Zoom link
Meeting Recording:
Meeting Chat File:
Attendees & Representation. Please add your name to the attendance table below.
|
LF Staff: LJ Illuzzi
Agenda
Meeting note taker
Welcome new attendees
- Issue discussion/Dev updates
- Lead off with RBAC https://github.com/l3af-project/l3af-arch/discussions/57
- Release Management (Dhivya)
- LFN Developer & Testing Forum June 2023 - Review calendar/L3AF Schedule
- Optimising Traffic Mirroring
- AOB
General Topics (cover as needed)
Use Cases
Roadmap
Project structure
Governance
Technical Steering Committee
Minutes/Updates
- Issue discussion/Dev updates
- L3AF R2
- RBAC https://github.com/l3af-project/l3af-arch/discussions/57
- Option 1: RBAC framework using x.509 PKI Certificate Attributes
- Not every CA will issue those types of certs (w/usernames)
- Option 2 OATH
- No work required. Just consume already existing resources.
- Many enterprises already using it.
- ex: Windows Active Directory
- Option 3. Digital Signature based Authorization with mTLS
- Minimal overhead.
- Partly extensible. Partly standards compliant.
- Protocols mature, framework not so mature.
- Option 4. SHA256 Hash based Authorization with mTLS
- Don't want l3af to be the actual auth service.
- Custom implementation
- Option 1: RBAC framework using x.509 PKI Certificate Attributes
- We don't want to take ownership by building our own RBAC
- Building an e2e RBAC does not align with L3AF goals
- Also managing the RBAC lifecycle
- Enterprises should use their own control plane to manage L3AFd
- Supporting only 2 roles at first is okay, but we have to be extensible
- Most enterprises will have central control.
- Leave it up to them.
- Option 2. mTLS with OAuth 2.0 Client Authentication, but:
- If nobody is going to use anything other than read/write then we do not need to build RBAC now.
- We will document how to integrate RBAC option 2.
- Document how L3AFd could integrate with the above
- We will document how to integrate RBAC option 2.
- If nobody is going to use anything other than read/write then we do not need to build RBAC now.
- Building an e2e RBAC does not align with L3AF goals
- feat: introduce interface-based data types #229 - https://github.com/l3af-project/l3afd/pull/229
- Standardize to open source.
- Finish most of R2 PR then merge this.
- Approach agreed upon.
- Update configs from command line argument #242 https://github.com/l3af-project/l3afd/pull/242
- Please review
- Update native loading of root programs #245
- Loading XDP and TC program blockers
- https://github.com/l3af-project/l3afd/issues/191
- Waiting for Intern
- Build fails(?) Missing package.
- Workaround by making conditional dependencies where Linux specific calls are only used on Linux builds.
- https://github.com/florianl/go-tc/issues/17 - Need to update our issue.
- https://github.com/l3af-project/l3afd/issues/191
- RBAC https://github.com/l3af-project/l3af-arch/discussions/57
- L3AFD v2.1
- L3AF on Windows
- LFN Mentorship Program for L3AF on Windows
- Set of milestones next week
- DT&F
- 5 am PST L3AF project update
- Shankar 5G uF
- L3AF R2
- Release Management
- LFN Developer & Testing Forum June 2023 - June 6-8, 2023. Virtual event
- Review calendar/L3AF Schedule
- Link to L3AF topic submissions:
- Topics Submission Page
- Virtual D&TF session guidelines
- Reminder to Register
- Best place for marketing the project- this is how we grow the community within LF/LFN
- Question: should June 6 TSC meeting be canceled so the community can attend D&TF? (many LFN communities will cancel TSC meetings that week in lieu of D&TF).
- Optimising Traffic Mirroring (Arunkanth) Link
- Any Other Business
Action Items
- Dhivya R Release Management Plan- add milestones for testing, documentation, package. What else is needed from a delivery standpoint?
- LJ Illuzzi Open SSF Scorecard. Is it visible on LFX Security
- LJ Illuzzi Draft LFN Board response to eBPF standards
Future Agenda Items
Start with