06-05-2023 TSC Meeting Minutes

TSC Meeting Zoom link

Meeting Recording:

Meeting Chat File:

Attendees & Representation. Please add your name to the attendance table below.

LF Staff: @LJ Illuzzi

Agenda

LF Antitrust Policy
Meeting note taker
Welcome new attendees
Issue discussion/Dev updates
- Lead off with RBAC https://github.com/l3af-project/l3af-arch/discussions/57
Release Management (Dhivya)
LFN Developer & Testing Forum June 2023 - Review calendar/L3AF Schedule

Optimising Traffic Mirroring
AOB
General Topics (cover as needed)
- Use Cases
- Roadmap
- Project structure
  - Governance
  - Technical Steering Committee

Minutes/Updates

Issue discussion/Dev updates
- L3AF R2
  - RBAC https://github.com/l3af-project/l3af-arch/discussions/57
    - Option 1: RBAC framework using x.509 PKI Certificate Attributes
      - Not every CA will issue those types of certs (w/usernames)
    - Option 2 OATH
      - No work required. Just consume already existing resources.
      - Many enterprises already using it.
        ex: Windows Active Directory
    - Option 3. Digital Signature based Authorization with mTLS
      - Minimal overhead.
      - Partly extensible. Partly standards compliant.
      - Protocols mature, framework not so mature.
    - Option 4. SHA256 Hash based Authorization with mTLS
      - Don't want l3af to be the actual auth service.
      - Custom implementation
  - We don't want to take ownership by building our own RBAC
    - Building an e2e RBAC does not align with L3AF goals
      - Also managing the RBAC lifecycle
    - Enterprises should use their own control plane to manage L3AFd
    - Supporting only 2 roles at first is okay, but we have to be extensible
    - Most enterprises will have central control.
      - Leave it up to them.
    - Option 2. mTLS with OAuth 2.0 Client Authentication, but:
      - If nobody is going to use anything other than read/write then we do not need to build RBAC now.
        We will document how to integrate RBAC option 2.
        Document how L3AFd could integrate with the above
  - feat: introduce interface-based data types #229 - https://github.com/l3af-project/l3afd/pull/229
    - Standardize to open source.
    - Finish most of R2 PR then merge this.
    - Approach agreed upon.
  - Update configs from command line argument #242 https://github.com/l3af-project/l3afd/pull/242
    - Please review
  - Update native loading of root programs #245
  - Loading XDP and TC program blockers
    - https://github.com/l3af-project/l3afd/issues/191
      - Waiting for Intern
      - Build fails(?) Missing package.
      - Workaround by making conditional dependencies where Linux specific calls are only used on Linux builds.
    - https://github.com/florianl/go-tc/issues/17 - Need to update our issue.
- L3AFD v2.1
- L3AF on Windows
  - LFN Mentorship Program for L3AF on Windows
  - Set of milestones next week
- DT&F
  - 5 am PST L3AF project update
  - Shankar 5G uF

Release Management

LFN Developer & Testing Forum June 2023 - June 6-8, 2023. Virtual event
- Review calendar/L3AF Schedule
- Link to L3AF topic submissions:
- Topics Submission Page
- Virtual D&TF session guidelines
- Reminder to Register
- Best place for marketing the project- this is how we grow the community within LF/LFN
- Question: should June 6 TSC meeting be canceled so the community can attend D&TF? (many LFN communities will cancel TSC meetings that week in lieu of D&TF).

Optimising Traffic Mirroring (Arunkanth) Link

Any Other Business

Action Items

Dhivya R Release Management Plan- add milestones for testing, documentation, package. What else is needed from a delivery standpoint?

@LJ Illuzzi Open SSF Scorecard. Is it visible on LFX Security

@LJ Illuzzi Draft LFN Board response to eBPF standards

Future Agenda Items

Start with

RBAC https://github.com/l3af-project/l3af-arch/discussions/57