►
From YouTube: ROS 2 Security Working Group (2019-08-21)
Description
Meeting Notes: https://bit.ly/ros2-sec-wg-notes
A
So
we
have
already
two
topics
on
the
agenda,
so
we
can
get
started
so
we
have
the
right
to
access
control
policies.
I
was
to
notes
and
boxing
and
on
a
side
note
so
I
will
take
notes
in
the
in
this
Google
Doc
and
post
a
link
on
this
course
after
it
just
sent
dogs
and
for
the
previous
meeting,
so
I'm
still
continuing
to
take
notes
at
the
top
of
that.
So
maybe
you
can
start
with
you.
Do
you
want
to
present
us
to
access
control
policies?
Id
you?
You
are
thinking
about.
B
So
yeah
these
this
is
the
ER
for
the
access
control
policy.
Definition
includes
both
sort
of
a
markdown
of
a
summary
of
the
policy
format
itself
and
design
decisions
and
various
other
properties
we'll
want
to
take
into
consideration,
as
well
as
the
schema
itself
be.
A
living
document
define
the
structure.
B
B
We
would
want
to
provision
to
that
node
and,
though
that's
given
various
amounts
of
privileges,
so
you'll
have
different
rules
based
on
what
IPC
are
using
the
actions
services
topics
we'd
like
to
expand
that
to
parameter
by
our
parameters,
but
we
right
now
the
documents
are
reflecting
what
exists
right
now,
so
we'll
probably
send
them
future
PR
to
extend
that
to
parameters.
There's
no
print
question
on
maybe
how
we
do
that
too.
But
so
actions
have
different
types
of
have
roles
or
like
permissions
like
because
it's
like
duality
like
almost
every
IPC.
B
B
B
B
All
topics
under
a
certain
namespace:
well,
then
you've
just
given
access
to
subscribe
to
feedback.
You
know,
topics
in
actions
which
is
I
think
violates
the
principle
of
separation,
but
right
now
there's
nothing
or
something
we
can
do
that
involves
taking
deeper
into
how
the
RCL
rnw
layer
is
implementing,
are
using
tedious
topics.
B
So
I
think
it's
spoken.
Those
people
are
like.
We
could
probably
resolve
that.
You
can
name
spacing
the
easiest
topics
with
the
associated
IPC,
but
that
may
be.
That
makes
the
implementation
a
little
more
difficult
and
that
you
can't
just
reuse,
primitive
IPC
types
to
compose,
have
more
higher
level
services
to
directions.
B
Anyhow,
so
there's
a
topics,
services,
actions
and
you
specify
what
attribute
and
attributes
you
know
whether
you
want
to
allow
or
deny
certain
this
is
following
the
mandatory
access
control
profile
where
it's
denied
by
default.
So
you
have
to
explicitly
allow
anything
and
you
can
override
now
by
explicitly
denying
it
as
well
so
that
allows
you,
like
you
know,
maybe
have
like
a
horn,
or
you
know,
guard
a
certain
exceptions
so
like
for
a
node,
you
can
give
like
a
general
permission
like
star
foo,
and
then
you
can
revoke
like
foo
bar
star.
B
Policy
that
is
in
sort
of
Ross
centric
form
to
DDS,
and
that
might
change,
and
so
then
we
can
just
update
the
template
on
how
that's
going
to
be,
and
it's
nice
that
we're
using
templates,
because
then
we
can
generalize
across
like
outside
the
s-cross
to
CLI.
If
some
other
company
is
like,
you
know,
generating
IT
infrastructure
to
do
this
on
mast
and
they
don't
need
the
Python
interpreter
and
our
custom
to
interpret
you
know
this
profile
schema.
C
B
They
find
it
so
the
a
deist
permissions
in
the
permissions
file
in
like
a
particular
grant
the
allowing
the
nine
statements
I
mean
they
they're
they
could
be
in
Italy
and
so
they're
just
only
evaluated
and
the
order
they
are
here
in
that
document
and
so
to
afford
this.
This
level
of
explicit,
allow
or
explicitly
allow
and
then
override,
deny
dislike
their
to
layer.
Then
the
template,
whether
it
does
it
that
reorders
all
your
denies
statements
to
appear
in
the
policy
document
before
your
allow
and
then
attach
deny
by
default
variant.
Okay,.
B
B
And
we
talked
about
small
turn
notes
so
like
we
initially
started
with
the
Anna
and
that
was
sort
of
like
a
holdover
from
what
we
did
in
s
cross
one
so,
like
you
know,
the
ML
had
its
pros
and
that
was
relatively
human.
Readable
middle
I'm
noise
had
a
preemie
data
models
like
you
could
write,
dates
and
stuff
in
it,
but
that
typing
wasn't
very
well
defined.
It's
easy,
like
the
mix-up
types,
there
was
no
very
validation
schema.
B
B
B
Expressive,
syntax
yeah,
like
maybe
custom,
so
a
farmer
has
its
own
custom
profile
language
and
that
allows
you
to
be
like
very
succinct,
and
you
know
you
can
add
whatever
syntax
or
Grandma
ethical
features
that
you
want,
but
I
mean
that's
a
lot
to
maintain
for
a
configuration
language
and
there
would
be
sort
of
just
on
us.
Rather
that's
worth
it
and
there's
calm,
armor
sort
of
an
inspiration
of
what
current
the
current
generation,
the
schemer
we
have
now
I.
B
Then
I
was
thinking.
We
could
have
like
it
more
like
a
farmer
what
it
does
is
it
takes
like
all
your
profiles,
then
flattens
that
for
you
and
then
gives
that
to
the
policy
interpreters
policy
interpretation
about
not
whereas
I
think
with
the
the
current
s
Ross.
It
might
be
better
if
we
just
keep
it
simple
in
that
the
pro
since,
like
Ross
nodes,
have
to
be
unique
and
name.
We
just
assume
that
the
profile
element
is
unique
in
its
namespace
and
name
attribute.
B
You
know
no
duplicates
and
no
crazy
attempts
to
try
and
merge,
and
no
no
necessarily
nesting
of
profiles
and
profiles.
That's
one
thing
you
can
do
in
a
bomber.
Is
you
can
nest
Sekulow
profile
so
that
you
can
import
them,
but
then
it
gets
kind
of
hard
and
like
how
to
interpret
rules
and
because
of
the
way
that
we're
mapping?
You
know
these
Ross
rules
for
IPC's
to
DDS
topics,
it's
more
straightforward.
If
there's
like
this
one-to-one
mapping,
it
also
helps
team
angling.
B
B
How
you
know
people
might
misuse
F
and
match,
but
that's
sort
of
external,
just
just
some
things
to
be
aware
of.
If
you
decide
to
use
expressions
and
your
rules
separations
of
concerns,
so
we
were
thinking
of
maybe
extending
a
policy
document
to
also
define
the
detection
times
so
can't
go
again
with
DDS.
You
have
the
permissions
document
and
also
the
government's
document.
You
know
the
the
permissions
document
specifies
you
know,
with
limitations
to
an
end
available
participant,
whereas
the
governance,
sir,
defines
the
rules
of
the
game.
You
know
where
the
rule
is
engagement.
B
You
know
the
are
all
topics
encrypted
that
this
discovery
traffic,
all
that
stuff
is
it
just
signed,
and
so
one
thing
you
might
want
to
do
is
for
certain,
like
high
bandwidth,
low
sensitivity,
topics
like
weather
data-
you
know
that's
public,
so
you
just
want
to
make
sure
that
it
doesn't
get
modified
and
right.
So,
let's
just
sign
that
remember
then
encrypted.
B
So
it
would
be
nice
if
you
could
or
convenient
for
users
as
well
as
defining
permissions
for
nodes.
They
also
specify
what
protection
kind
in
the
same
spot.
This
topic
should
be
subject
to,
and
that
would
help
because
then,
when
this
gets
mangled
in
the
DDS,
everything
is
sort
of
retained
and
then
it
would
generate
a
matching
governance
file
that
would
respect
what
your
intentions
were.
You
generated
the
original
policy
so
yeah.
It
basically
had
the
pipeline.
B
B
When
we
so
so,
separation
concerns
when
we
add
that
probably
I
think
carefully
like
how
much
we
want
to
expose.
You
know
some.
Some
of
these
production
kinds
are
like
specific
to
DDS
like
we
there's
the
sign
and
sign
versus
encrypt.
That's
pretty
conventional,
but
then,
like
DDS
has
like
sign
with
origin
authentication,
where
you
basically
prevent
someone
from
spoofing
you
by
having
every
subscriber
having
a
different
Matt
key.
B
B
One
thing
I
think
I
described
somewhere
is
like
perhaps
we
could
still
have
sort
of
like
a
a
name
spacing
of
things
so
be
if,
for
downstream
data
for
sorry
drop
stream
packages
that
you
might
like
import,
you
know
their
profiles
were
looking
in
the
question
of
maybe
without
pl.
Maybe
we
just
generate
this
in
with,
but.
B
B
Another
thing
is,
you
could
also
probably
add
that
attribute
to
the
profile
as
well
as
maybe
the
profiles,
and
so
the
thing
is
like
maybe
the
stuff
you're
roping
in
doesn't
define
what
protection
kind
is,
and
then
it's
more
generic
and
then
for
my
use
case.
I
just
stick
on
the
attribute
that
whatever
level
of
the
namespace
I
wanted
to
apply
to.
B
C
B
Where
I
think
I'd
like
to
add
more
formal
tools,
especially
like
doing
the
mangling
so
like
one
thing,
is
that
if
you
start
adding
this
like
projection
kind,
it
might
be
possible
for
like
two
things
not
to
talk
to
each
other
anymore,
like
you
hit
they're
in
the
same
policy
document,
but
user-specified
this
to
sign
this
encrypt
for
a
given
action
that
they
were
supposed
to
talk
over
now.
They're.
Not
so
you'd
like
something
to
warn
you
about
that.
B
B
A
Have
an
unrelated
question:
do
you
think
of
leveraging
the
fact
that
now
Hoss
launch,
you
know
like
much
more
extendable,
because
a
lot
of
what
you're
describing
is
a
policy
you
know
so
Isis
are
two
things
like
one
being
AB
subsystems.
So
one
of
the
principal
is
that
when
you
publish
you,
don't
necessarily
know
who
you're
communicating
with
you
know
until
you
actually
compose
your
final
application.
So
that's
why
composability
is
an
issue.
It's
because!
A
A
And
you
know,
and
if
yes,
you
know,
how
do
you
make
sure
that
it
works
well
and
so
tuning
news
and
so
on
right
and
on
the
opposite
side?
Well,
if
you
think
about
it,
so
there
is
a
way,
a
layer
in-house
to
us
one
where
you
actually
take
all
of
the
nodes-
and
you
say
hey:
this
node
is
gonna
talk
to
this
node
and
not
to
this
ozo
node
and
it's
naturally
the
launch
file,
because
here
you
actually
make
those
connections.
A
When
you
do
the
remapping-
and
I
was
wondering
if
you
ever
sort
of
just
what
you
have
in
your
XML
file,
you
know
could
also
be
by
some
annotation.
You
know
like
we
could
be
implemented
in
whatever
way
you
you,
you
want
in
your
hosts
load,
and
so
you
just
say:
hey
I
have
this
graph
and
then
everything
which
is
in
service,
launch
I'm
gonna.
A
B
A
C
A
I,
like
basically
saying
that
you
know
if
so
it
goes
a
bit,
but
also
it's
related
to
what
you
are
suggesting
last
time,
Kyle
right,
you
know
your
lunch
file.
Basically,
and
let's
forget
about
you,
know
if
actually
the
syntax
has
to
do
that
easy
easily
or
not.
But
if
you
say
lunch,
not
a
and
launch
not
be
well.
A
You
could
also
set
that
time,
oh
and
by
the
way,
I
want
to
of
not
add
like
going
to
the
alley
to
publish
into
the
envelope
to
talk
with
the
subscriber
of
not
be,
and
that
would
give
you
a
way
to
generate
those
policies.
You
know
those
DDS
policies
at
runtime.
Basically,
while
you
evaluate
your
was
launched,
which
kind
of
we
meet
the
amount
of.
A
Well
if
let's
say
that
I
have
a
motion,
planner
and
I
want
to
bundle
a
default
policy
with
my
node
and
good
is
really
that
I
make
stone
that
package
like
I,
don't
know
what
robot
is
gonna
run
on
I,
not
sure
how
I
would
do
that
if
it's
placed
at
the
package
level
versus
if
you
do
that
at
launch
level,
you
cannot
infer
that
it's
really
done
where
you
design
your
application.
Your
final
application,
where
you
actually
know
that
well
for
this
particular
node
because
of
this
particular
robotic
application.
C
That
is
ignoring
the
the
you
know:
security
type,
the
origin,
encryption
or
signing
or
whatever.
That
is
the
direction
that
that
I'm
thinking
that
this
would
go
with
the
note
ideal
stuff
ready
where,
where
I
mean,
because
security
only
applies
after
everything's
remapped
right
having
it
at
the
generic
level
is
only
useful.
C
If
you
can
map
it
into
what's
actually
happening
in
the
launch
file,
and
so
that
can
either
happen
as
the
launch
file
out
with
an
input
and
it's
just
generated
statically,
and
then
you
maintain
it
or
it
can
happen
at
runtime
when
the
launch
file
is
fired
up
right
and
I
love
that
yeah.
That's
one
of
the
reasons
I
was
asking.
If,
if,
if
policy
files
were
actually
necessary
as
an
intermediate
format,
because
we
can
just
generate
the
whole
thing
at
launch
time
and
falls.
A
C
B
B
C
A
And
also
the
other
thing
is
that
you
know
it's
integrated
directly
at
that
level.
So
my
major
concern
without
extras
is
that
it's
not
on
by
default.
It
requires
extra
work
and,
and
I
would
not
do
a
mushroom.
Secure
to
just
be
us
launch
may
be
a
concern
insecurities
of
by
default
for
performance
reason,
but
you
don't
need
to
pull
something
else.
B
The
the
but
I
think
you
could
still
use
this
policy
schema
as
the
Internet
and
representation
before
the
DDS,
like
whatever
Ross,
launch
or
generate,
would
be
like.
We
could
generate
policy
format
and
then
that
get
templated
based
on
what
transport
you're
using
it
can
remain
agnostic
to
whatever
specific
your
transfer
using.
B
And
then
the
last
thing
I'd
like
to
do
is
be
able
to
color
profiles,
so
I
think
it
gets
cooked
where
you're
saying
and
the
you
might
have
certain
subsets
and
your
sections
in
your
complication
graph,
that
you
don't
want
to
talk
to
each
other,
I'm
still
being
able
to
color
them
and
then
have
the
design
tool
that
there's
no
possible
way.
That.
A
B
So
yeah
we
I
mean
you
could
use
or
Titian
to
again,
but
I
don't
think
rmw
layer
is
currently
they
I
mean
used
for
tissues
for
namespaces
that
we
did.
We
walk
that
back
after
we
had
a
whole
bunch
of
names
facing
issue,
but
no
the
you
could
use
partitions
security
layers,
but
I
think
when
you
create
the
topic.
We'd
have
to
modify
the
QoS
to
use
that
partition
for
you,
II.
B
I,
but
getting
to
this
is
on
slightly
tangent
for
like
multi
robot
and
that's
best
I
think
Ross
to
is
still
going
right.
Now,
it's
still
suffering
from
like
topic,
clobbering
we're
like
if
you
have
multiple
Rasta
robots
under
vein,
BDS
domain
on
the
same
network,
they're
just
going
to
interfere
with
each
other
like
their
TS
are
gonna
mangle
or
their
East.
B
Op
topics
are
gonna
mangle,
so
having
like
a
method
of
managing
swarms
of
robots
were
maybe
every
robot
with
own
partition,
and
then
you
can
tell
Ross
you
like
at
what
scope
we
want
to
publish
topic.
Is
this
topic?
That's,
like
my
Pope
broadcast
to
my
partition
or
both
my
partition
and
the
empty
partition
space.
That's
like
publishing
them
all
the
swarm,
yeah
I!
Think
and
then
you
have
a
concept
of
not
only
like
a
topic
but
like
a
robot
in
the
scene
of
roast.
You
like
robot
having
being
a
first
class
definition
and
that's.
A
My
rant
yeah,
it's
a
robot
definition
of
the
notion
of
bridge,
or
you
know
whatever
you
could
eat,
because
I
think
that
you
know
like
what
you
want
to
see
from
the
graph
from
inside
the
robot
and
from
outsides
or
about
is
very
different,
and
you
know
Mandar,
if
I
under
maybe
robots.
Abstraction
is
the
right
thing
to
do,
but
I'm
wondering
if
we
just
want
something
which
is
akin
to
a
firewall
or
you
know
whatever
you
want
to
call
it.
B
So
what
you
just
described
already
exists
and
tedious.
It's
called
DDS
routing
RTI
has
their
own
product
for
performing
DDS
routing.
So
you
could
have
a
separate
process
that
has
been
configured
and
like
what
kind
of
bridge
been
like
how
you
want
to
remap
your
sort
of
local
computation
or
you
know,
of
local
data
bus
into
a
the
data
bus
above
you
so
that
you
can
maybe
interoperate
so
like
the
idea
is
like
maybe
for
a
hospital.
You
might
have
a
data
domain
for
like
every
floor.
B
A
So,
and
just
to
go
back
to
your
hospital
example,
which
was
really
great,
do
you
know
something
which
always
bothers
me
with
the
GDS
domain?
Id,
do
you
know
how
somehow
lat
oxy
is
recommending
people
to
do
the
domain
idea
location?
Do
you
still
need
that
you
know
to
avoid
like
conflicts
of
the
main
idea?
If
you
just
do
something
a
bit
stupid
and
let's
say
you,
you
randomize
the
ggs
domain,
when
you
are
host
to
node
I
mean
you're
forced
to
robot
starts.
B
Don't
know
what
the
the
recommended
allocation
yeah
currently
reminds
me
of
like
the
hobbyist
RC
community,
where,
like
everyone
had
like
the
FM,
transmitters
and
then
you'd
have
to
put
your
crystal
on
the
board
and
like
if
you
wanted
to
use
this
domain
or
crystal
you
just
take
it
off
the
board.
That
was
new
way
of
like
that's
what
Lea
Oh
sir
F
has
a
spreadsheet,
where
they,
just
like,
add
certain
people,
your
name
to
a
certain
domain.
That's
really
how
they!
B
Like
say,
I
talked
to
Gerard
or
last
last
year
or
last
Roscommon
and
I
think
there's
going
to
be
a
thing
called
domain
tags
and
that
you'll
be
able
to
so
I
think
I
think
I
think
they
all
the
discovery.
Traffic
will
still
collide
because
they're
gonna
be
on
the
same
domain,
but
at
least
they
won't
like
try
and
connect
in
the
sense
they'll
have
different
domain
tags
and
then
the
domain
peg
is
just
a
string.
So
it's
not
really.
B
You
have
any
suggestions,
I
think
I.
Think
a
lot
of
this
relates
to
the
note.
I
do
I
still
think
it's
gonna
help
if
we
have
an
intermittent
representation
and
in
a
minute
reputation
is
sucessfully,
says
succinctly
expressive
for
anything
that
we
want
to
get
the
other
generate
and
that's
be
fine.
Is
it's
already
very
easily
machinable.
A
A
D
A
D
So
what
I've
been
working
on
is
notes,
and
boxing
so
Ross
to
launch,
has
the
ability
to
add
extensions.
So
what
I
was
what
I'm
considering
doing
is
adding
a
new
container
for
Ross
to
launch.
So
you
can
define
notes
in
side
that
container
and
attach
a
security
policy
to
it
for
sandboxing,
initially
I'm,
looking
into
lon
being
able
to
launch
all
the
notes
in
a
one
group
inside
like
a
docker
container
and
another
option
is
to
launch
what.
D
Well,
one
of
the
things
that
docker
offers
out
of
the
box
is
restricting
of
CPU
and
memory.
So
by
launching
your
No
inside
a
docker,
it
would
a
docker
container.
It
would
allow
you
to
prevent
a
group
of
nodes
from
exceeding
its
CPU,
well
that
the
percentage
of
CPU
that
you
allocate
to
it
and
by
specifying
the
memory
constraint,
you
can
limit
the
maximum
amount
of
memory
available
to
that
group
of
nodes.
B
A
Something
which
is
also
interesting
we
started
thinking
about
after
you
know,
like
brainstorming,
for
this
idea
is
that
something
which
is
a
bit
annoying
right
now
with
you
know
all
those
robot
like
you,
take
the
total
butchery.
For
instance,
all
of
those
like
high-level
packages
containing
load
files
basically
pull
dependencies
to
everything,
because
you
need
to
make
sure
the
nodes
exist.
You
know
in
that
it
pulls
the
right
dependency.
A
A
You
just
have
a
single
like
independent
package,
which
is
just
you
know,
putting
a
dependency
on
like
locus,
launch
itself,
and
then
you
just
like,
have
implicit
dependencies
by
just
pinning
like
Duke
images
into
your
launch
file
and
knowing
that
stuff
is
gonna,
get
downloaded
as
needed
when,
when
you
want
it,
so
it
happens
and
interesting
things,
because
you
could
imagine
actually
running
across
two
applications
with
a
costume
like
you
launch
on
deep,
you
instantly
launch
only
and
you
run
it
and
it
works.
So.
B
A
And
so
basically,
there
is
no
c++
going
on
an
email.
You
just
need
basically
to
have
this
Python
code
released
on
you,
yeah
on
P,
IP
or
whatever
you
want,
and
it
goes
a
bunch
of
nice
features
when
you
think
of
Windows
and
OS
X
support,
because
actually,
where
there
is
a
high
high
likelihood,
your
stuff
is
gonna.
You
know
that
we
can
make
sure
that
was
launched,
works
well
on
Windows
in
this
situation.
B
Do
you
I
wonder
how
you
might
handle
stuff
there
were
like
the
Ross
launch
is
interpretive
and
that
it
needs,
like
you
said
you
might
have
to
have
the
package
installed
to
do
the
inference
to
figure
out
how
to
configure
it.
So,
like
one
thing
is
like
I'm
gonna
run,
AMT
L
AM
Co
has
some
several
configs
I
need
to
do
the
Ament
index
to
figure
out
the
path
with
this
config
if
I'm
in
a
launch
file,
and
so
that's
a
query
to
an
index
and
then
I
put
that
in
my
parameter.
B
An
image
I
think
it's
kind
of
hard
if
you're
using
Python
ey
launch
files,
but
maybe
something
if
it
was
XML
that
maybe
the
parent
Ross
launch
would
just
spawn
Ross
launch
inside
the
container,
and
then
that
would
do
the
interpretation
so
ignore
that
we
just
need
to
logistical.
Ii
know
what
what
container
is
to
run
Ross
launch
two
weeks,
trapper,
so
yeah.
B
A
Exactly
why
it's
customizable
security
policy
doctor
is
one
implementation,
I
mean
huggably.
You
can
separate
your
nodes
in
your
app
into
two
categories
like
things
which
are
taking
hardware
information
and
putting
that
on
universal
dies,
which
is
Russ
2
and
things
which
are
actually
computational
nodes
which
are
like
host
to
in-house
to
out
and
with
annoying
exception
of
cpu
intensive
GPU
intensive
computation,
which
would
require
you
CUDA
and
no.
A
We
are
not
gonna
at
least
right
now,
you're
in
a
mode
where
containerization
is
not
a
big
problem
like
things
like
TF,
you
know
there
is
no
reason
that
you
would
not
leave
into
a
docker
container
after
if
you're
talking
about
a
lighter
driver,
then
the
question
is:
should
it
be
containerized?
You
know
maybe
I,
don't
know,
I,
think
it's
an
open
question
and
it's
definitely
not
something.
A
We
are
gonna
fast
on
to
everyone,
and
so
it's
it's
a
first
pass
here
is
the
first
kind
of
sing
you
can
use
to
send
bucks
note
and
it's
da
cow,
but
another
thing
we
took
thinking
about
would
be
something
as
simple
as
one
as
you
know,
which
would
be
another
security
policy
which
is
well
actually
for
this
sub
graph.
We
are
going
to
run
that
runs
at
as
another
user
and
that's
going
to
allow
you
to
to
to
just
at
least
you
know,
make
sure
that
you
user,
you
don't
run
your
friend.
A
A
Most
likely
we're
just
going
to
write
something
which
is
more
like
a
POC,
so
sake
is
already
working
on
that
and
you
know
it's
kind
of
building
it.
The
right
approach
is
a
good
thing
with
us
load.
Is
that
it's
it's
plugging
days
now
and
it's
by
song,
so
it's
not
as
enthusiast
and
the
current
design
as
it
was
before,
which
is
great
by
the
way.
That's
that's
really
amazing.
So
we
are
just
going
to
be
a
host
launch
plug-in
and
it's
gonna
be
what
its
gonna
be
right.
A
I
mean
it's
a
POC
and
then
we're
gonna
stop
playing
play
with
that
hope.
I.
The
goal
is
to
use
that
for
the
workshop
to
secure.
You
know,
whatever
application
we
were
gonna
run
there,
and
so
that
was
gone.
Everyone
should
have
a
look
at
how
we
can
like
make
those
two
applications
secure
using
these
this
POC.
Maybe
it
will
be
more
than
a
POC
by
then.