06-05-2023 TSC Meeting Minutes

Meeting Recording: 

Meeting Chat File: 

Attendees & Representation. Please add your name to the attendance table below.



Attendees

Name

Company
SHANKAR MALIK University of Delhi
Jay Sheth Walmart
Mehul Gulati Netaji Subhas University of Technology
Daniel Havey Microsoft
Santhosh Fernandes Walmart
Jason Niesz Walmart
Dhivya R Walmart
Arunkanth Abbigari Walmart
Ajay Walmart
Charles Liu Walmart
Karan Dalal Walmart
Dave Thaler Microsoft
Bo Hong Microsoft










LF Staff: LJ Illuzzi 


Agenda

  • Optimising Traffic Mirroring
  • AOB
  • General Topics (cover as needed)

    • Use Cases

    • Roadmap

    • Project structure

      • Governance

      • Technical Steering Committee

Minutes/Updates

  • Issue discussion/Dev updates
    • L3AF R2
      • RBAC https://github.com/l3af-project/l3af-arch/discussions/57
        • Option 1: RBAC framework using x.509 PKI Certificate Attributes
          • Not every CA will issue those types of certs (w/usernames)
        • Option 2 OATH
          • No work required. Just consume already existing resources.
          • Many enterprises already using it.
            • ex: Windows Active Directory
        • Option 3. Digital Signature based Authorization with mTLS
          • Minimal overhead.
          • Partly extensible. Partly standards compliant.
          • Protocols mature, framework not so mature.
        • Option 4. SHA256 Hash based Authorization with mTLS
          • Don't want l3af to be the actual auth service.
          • Custom implementation
      • We don't want to take ownership by building our own RBAC
        • Building an e2e RBAC does not align with L3AF goals
          • Also managing the RBAC lifecycle
        • Enterprises should use their own control plane to manage L3AFd
        • Supporting only 2 roles at first is okay, but we have to be extensible
        • Most enterprises will have central control.
          • Leave it up to them.
        • Option 2. mTLS with OAuth 2.0 Client Authentication, but:
          • If nobody is going to use anything other than read/write then we do not need to build RBAC now.
            • We will document how to integrate RBAC option 2.
              • Document how L3AFd could integrate with the above
      • feat: introduce interface-based data types #229 - https://github.com/l3af-project/l3afd/pull/229
        • Standardize to open source.
        • Finish most of R2 PR then merge this.
        • Approach agreed upon.
      • Update configs from command line argument #242 https://github.com/l3af-project/l3afd/pull/242
        • Please review
      • Update native loading of root programs #245
      • Loading XDP and TC program blockers
    • L3AFD v2.1
    • L3AF on Windows
    • DT&F
      • 5 am PST L3AF project update
      • Shankar 5G uF


  • Release Management



  • Optimising Traffic Mirroring (Arunkanth) Link


  • Any Other Business


Action Items

  • Dhivya R Release Management Plan- add milestones for testing, documentation, package. What else is needed from a delivery standpoint?
  • LJ Illuzzi  Open SSF Scorecard. Is it visible on LFX Security
  • LJ Illuzzi Draft LFN Board response to eBPF standards


Future Agenda Items

Start with