►
From YouTube: CNCF SIG Security 2020-03-18
Description
CNCF SIG Security 2020-03-18
A
A
A
A
B
C
B
B
Okay,
so
everyone
is
filling
in
the
attendance
I
will
double-check
this
throughout
the
meeting
to
see
what
check-ins
we've
got
here,
but
that
case
I'll
just
start
with
the
call
for
scribes.
Would
anyone
care
to
take
meeting
minutes
and
execute
the
role
of
a
scribe
today?
Ideally,
if
we
can
get
to
so
much
the
better
and
I.
B
Excellent,
thank
you.
Okay,
then
we'll
just
proceed
with
the
check-ins
s
per
usual.
So,
let's
see
I
myself
had
one
issue
that
I
believe
brandon
opted
in
with
and
then
I
do
not
see
any
updates
from
the
attendees
that
we
have
just
under
a
dozen
so
far
on
here
so
I'll
just
up
into
number
three
five
zero.
Then
that's
so
good.
Essentially
it's
just
adding
scribe
role,
documentation
to
the
main
page
and
just
formally
establishing
what
that
rule
is
and
making
sure
it's
part
of
our
primary
documentation.
B
I
guess
what
people
just
visit:
six
security
on
github,
so
I'm
just
going
to
go
ahead,
put
together
a
draft
of
that
get
a
pull
request
going
by
the
weekend
and
we'll
take
it
from
there.
I,
don't
believe,
there's
any
debate
or
any
concerns
on
it.
But
if
anyone
has
any
suggestions
that
feel
free
to
send
it
my
way
now
or
I
will
definitely
see
them
on
the
pull
request.
E
Have
a
quick
update
just
on
the
I,
don't
know
if
you
guys
have
noticed,
but
you
probably
have
been
spammed
by
the
stale
BOTS
are
mocking.
We
recently
introduced
this
table
which,
basically,
if
we've
configured
it
to
four
issues
that
have
not
haven't,
had
any
activity
for
the
past
60
days,
we
marked
it
as
inactive.
E
E
E
F
I
do
want
to
mention
one
thing:
real,
quick.
This
is
Jessica
opposed
so
for
groups
that
want
security
assessments
and
for
things
in
that
process.
I
know
with
all
everything
crazy,
that's
been
going
on.
A
lot
of
things
have
sort
of
not
fallen
on
a
normal
timeline.
So
if
you're,
a
group
that
is
part
of
an
assessment
and
you're
excited
to
go
ahead
and
you're
kind
of
like
hey,
you
know
you
guys
are
taking
a
while.
Then
let
us
know
and
we'll
try
to
see
what
we
can
do.
F
But
of
course
you
know
we
may
have
a
problem
because
some
of
the
people
performing
the
assessment
also
are
you
know,
a
full-time
caregivers
for
children
or
other
things
like
this.
So
but
you
know
I,
think
in
the
absence
of
people
speaking
up,
the
sort
of
assumption
has
been
that
you're
consuming
with
other
things.
So
please
let
us
know
if,
and
you
know
or
really
win,
that's
no
longer
true
and
we'll
we'll
start
moving
again.
D
D
D
D
A
So
what
the
this
peculiar
public
working
group
we
Xterra
should
about
six
years
ago
and
right
now
a
baby
has
700
members
of
the
refactor,
and
so
basically,
what
we
try
to
do
is
they
try
to
look
at
from
the
Gnostic
environment
of
perspective?
How
can
we
create
a
breakfast
architecture?
That's
an
athlete
from
a
technology
infrastructure
and
vendor
so
that
the
data
scientists
can
concentrate
on
the
on
the
big
data
analytics
line
regardless
the
underlying
the
infrastructure
or
technology
behind
them.
A
So,
right
now
as
a
dancer
and
I,
we
finish
our
the
architecture,
not
only
in
the
new
milestone.
We
try
to
extend
the
reference
architecture.
Interface
to
enabling
the
analytic
as
a
services
but
related
to
this
group
on
a
day,
one
from
II
started.
The
big
data
working
group
security
purposes
are
very
important
janna
and
through
the
gregor
effort
we
try
to
fill
interfaces.
How
can
we
enabling
the
underlying
computing
resources
at
the
same
time?
A
We
also
refer
mark-
and
you
know
not
a
co-chair
or
not
from
of
the
tissue,
then
you're
looking
to
this
ok,
privacy
and
I
think
through
the
RESTful
API
that
Gregor
put
together,
and
maybe
with
your
group,
help
that
we
can
maybe
kind
of
like
maybe
more
focus
on.
How
can
we
handle
the
security
privacy
to
the
you
know?
Let's
go
API
or
the
open,
API,
and
so
on
so
with
that,
maybe
I
could
get
a
time
to
Gregor
and
we
go.
Do
you
have
presentations
to
make?
Oh,
that's
a
bit
wobbly.
So
how.
A
G
We
have
started
thinking
about.
How
can
we
generalize
interfaces
for
Big
Data,
a
reference
architecture
needs,
and
one
of
the
things
that
came
up
was
this
when
we
had
when
we
wanted
to
communicate
this.
We
found
out
that
rest
interfaces
seem
to
be
these
days,
one
way
of
communicating
interfaces
between
different
groups.
Although
we
are
not
requiring
that
you
are
doing
a
rest
interface,
we
we
have
used
rest
of
the
phases
to
communicate
the
general
needs.
This
includes,
for
example,
the
computer
interfaces
that
the
war
has
pointed
out.
G
This
particular
piece
of
data
needs
to
be
secured
or
authenticated
against
a
particular
group.
The
pathways
of
sending
the
data
from
one
to
another
need
to
be
secured
and,
in
those
things
mark
is
typically
that
the
the
point
person
for
for
this,
unfortunately,
is
not
here.
You
would
be
probably
be
able
to
describe
more
on
this
on
that
issue,
so
this
is
the
very
short
summary
of
what
what
I
have
done
and
its
rest.
Our
est.
A
A
I
think
will
be
very
nice
to
to
kind
of
like
explore
to
see
how
how
our
the
interface
specification
can
get
into
the
more
wider
border,
security,
privacy
aspect
and
and
also
through
the
restful
api
and
I
thought
I.
Think.
Maybe
this
is
the
kind
of
a
common
interest
between
your
group
and
our
group,
and
how
can
we
leverage
you
know
each
other's
aspect
and
not
to
maybe
a
big
sum
hole
forward,
progress
question.
Maybe.
B
A
C
D
Right
right,
you
know
I
in
in
how
were
structured,
you
know,
liaison
it
out
reads
to
you
know:
various
affinity,
groups
and
partner
groups
is
largely.
You
know.
The
responsibility
of
you
know,
individuals
who
are
connected
and
participating
and
marks
been
that
individual.
You
know
what
one
thing
that
I
would
love
to
sort
of.
You
know
dive
a
little
bit
deeper
on
is
you
know
we
are
a
Federation
of
you
know,
open
source
collaborators
and
that's
the
model
that
we
are
accustomed
to.
You
show
up
you
Karen.
D
B
Okay,
if
there's
no
additional
discussion
on
that
I'm
just
going
to
check
if
there's
any
additional
updates
or
if
anyone's
posted
one,
if
not
I,
believe
we
can
just
see
if
there's
any
cures
that
require
discussion
or
a
chair
approval,
I
see
200
here,
9
1,
&,
2,
6/8
I
have
outstanding
change,
requests
I'll,
just
open
those.
Now.
E
E
E
F
That's
been
a
little
messy
and
slow
it's
in
in
the
kind
of
recent
things
that
have
happened.
It
also
got
kind
of
like
I,
didn't
follow
up
and
pressure
them
as
much
as
I,
probably
should
have
is
Amy
on.
This
call
doesn't
look
like
it
to
me,
but
maybe
she's
calling
user
one
I,
don't
know
so.
Yeah
I
think
we
yeah.
F
E
That
and
I
think
if
it's
a
feedback
from
that
seems
to
be
kind
of
Sheree
forward
and
good,
and
then
we
can
just
put
the
landscape
into
practice.
If
not,
if
it
looks
like
there's
a
lot
more
work,
that
needs
to
be
done
that
then,
maybe
we
can
continue
looking
at
merging
the
existing
periods
for
landscapes.
E
F
Yeah
I
don't
know
what
the
agenda
is
like,
but
if
you
know
we
could
do
this
at
a
future
meeting
either
something
like
two
weeks
from
now
somewhere
around
that
time
to
three
weeks
for
now.
I
think
that
would
I
mean
heck
even
next
week
may
work,
so
we're
not
far
from
having
something
we
can
show
and
then
have
people
pick
at
and
then,
if
the
group
likes
this
direction,
then
there's
going
to
be
a
lot
of
work
to
do,
and
hopefully
we'll
recruit
a
bunch
of
other
people
to
help.
E
B
Okay,
if
there's
no
additional
PRS
that
we
need
to
bring
up
we'll
just
move
on
to
the
open
floor
I'll,
let
you
open
with
one
it's
a
general
pure
ticket.
I
might
just
close
I,
don't
know
if
it
weren't
s'more
discussion
beyond
the
column
based
format
that
we
have
in
the
notes
right
now
is
it
same
as
before?
Does
it
provide
any
help
or
does
it
provide
any
difficulty
for
scribes.
B
D
Been
enjoying
it
great,
it
looks
really
organized
I
love.
The
addition
of
the
bullet
points
up
front
to
really
drive
home.
You
know
kind
of
the
norms,
the
steps
we
go
through
the
beginning
in
meetings
and
you
know,
establish
better,
better
clarity,
better
repeatability
of
those
processes.
Thank
you
shape.