06-05-2023 TSC Meeting Minutes

Meeting Recording: 

Meeting Chat File: 

Attendees & Representation. Please add your name to the attendance table below.



Attendees

Name

Company
SHANKAR S University of Delhi
Jay Sheth Walmart
Mehul Gulati Netaji Subhas University of Technology
Daniel Havey Microsoft
Santhosh Fernandes Walmart
Jason Niesz Walmart
Dhivya R Walmart
Arunkanth Abbigari Walmart
Ajay Walmart
Charles Liu Walmart
Karan Dalal Walmart
Dave Thaler Microsoft
Bo Hong Microsoft










LF Staff: LJ Illuzzi 


Agenda

  • Optimising Traffic Mirroring
  • AOB
  • General Topics (cover as needed)

    • Use Cases

    • Roadmap

    • Project structure

      • Governance

      • Technical Steering Committee

Minutes/Updates

  • Issue discussion/Dev updates
    • L3AF R2
      • RBAC https://github.com/l3af-project/l3af-arch/discussions/57
        • Option 1: RBAC framework using x.509 PKI Certificate Attributes
          • Not every CA will issue those types of certs (w/usernames)
        • Option 2 OATH
          • No work required. Just consume already existing resources.
          • Many enterprises already using it.
            • ex: Windows Active Directory
        • Option 3. Digital Signature based Authorization with mTLS
          • Minimal overhead.
          • Partly extensible. Partly standards compliant.
          • Protocols mature, framework not so mature.
        • Option 4. SHA256 Hash based Authorization with mTLS
          • Don't want l3af to be the actual auth service.
          • Custom implementation
      • We don't want to take ownership by building our own RBAC
        • Building an e2e RBAC does not align with L3AF goals
          • Also managing the RBAC lifecycle
        • Enterprises should use their own control plane to manage L3AFd
        • Supporting only 2 roles at first is okay, but we have to be extensible
        • Most enterprises will have central control.
          • Leave it up to them.
        • Option 2. mTLS with OAuth 2.0 Client Authentication, but:
          • If nobody is going to use anything other than read/write then we do not need to build RBAC now.
            • We will document how to integrate RBAC option 2.
              • Document how L3AFd could integrate with the above
      • feat: introduce interface-based data types #229 - https://github.com/l3af-project/l3afd/pull/229
        • Standardize to open source.
        • Finish most of R2 PR then merge this.
        • Approach agreed upon.
      • Update configs from command line argument #242 https://github.com/l3af-project/l3afd/pull/242
        • Please review
      • Update native loading of root programs #245
      • Loading XDP and TC program blockers
    • L3AFD v2.1
    • L3AF on Windows
    • DT&F
      • 5 am PST L3AF project update
      • Shankar 5G uF


  • Release Management



  • Optimising Traffic Mirroring (Arunkanth) Link


  • Any Other Business


Action Items

  • Dhivya R Release Management Plan- add milestones for testing, documentation, package. What else is needed from a delivery standpoint?
  • LJ Illuzzi  Open SSF Scorecard. Is it visible on LFX Security
  • LJ Illuzzi Draft LFN Board response to eBPF standards


Future Agenda Items

Start with