Date   

Canceled event: CNCF: Public TOC Meeting @ Thu Dec 7, 2017 2pm - 2:45pm (CST) (cncf-toc@lists.cncf.io)

Chris Aniszczyk
 

This event has been canceled and removed from your calendar.

CNCF: Public TOC Meeting

When
Thu Dec 7, 2017 2pm – 2:45pm Central Time
Where
Meeting Room 14, Level 4 ACC, 500 E Cesar Chavez St, Austin, TX 78701, USA (map)
Calendar
cncf-toc@...
Who
afisher@... - creator
CNCF's Technical Oversight Committee will be holding a public, in-person meeting to discuss the state of CNCF projects. Please attend in person or by Zoom.

Topic: CNCF Public TOC Meeting
Time: Dec 5, 2017 7:00 PM Central Standard Time (US and Canada)
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/404503142

*6 to mute/un-mute your phone

Meeting ID: 404 503 142

Or iPhone one-tap :
US: +16465588656,,404503142# or +16699006833,,404503142#
Or Telephone:
Dial(for higher quality, dial a number based on your current location):
US: +1 646 558 8656 or +1 669 900 6833 or +1 855 880 1246 (Toll Free) or +1 877 369 0926 (Toll Free)

International numbers available: https://zoom.us/zoomconference?m=ELHKDRr4yXncfJBsq9xiZ6zY9BDa2x6C

Invitation from Google Calendar

You are receiving this courtesy email at the account cncf-toc@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to modify your RSVP response. Learn More.


Invitation: CNCF: Public TOC Meeting @ Thu Dec 7, 2017 12pm - 12:45pm (PST) (cncf-toc@lists.cncf.io)

afisher@...
 

CNCF: Public TOC Meeting

When
Thu Dec 7, 2017 12pm – 12:45pm Pacific Time
Where
Meeting Room 14, Level 4 ACC, 500 E Cesar Chavez St, Austin, TX 78701, USA (map)
Calendar
cncf-toc@...
Who
afisher@... - creator
Dan Kohn
cncf-toc@...
CNCF's Technical Oversight Committee will be holding a public, in-person meeting to discuss the state of CNCF projects. Please attend in person or by Zoom.

Topic: CNCF Public TOC Meeting
Time: Dec 5, 2017 7:00 PM Central Standard Time (US and Canada)
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/404503142

*6 to mute/un-mute your phone

Meeting ID: 404 503 142

Or iPhone one-tap :
US: +16465588656,,404503142# or +16699006833,,404503142#
Or Telephone:
Dial(for higher quality, dial a number based on your current location):
US: +1 646 558 8656 or +1 669 900 6833 or +1 855 880 1246 (Toll Free) or +1 877 369 0926 (Toll Free)

International numbers available: https://zoom.us/zoomconference?m=ELHKDRr4yXncfJBsq9xiZ6zY9BDa2x6C

Going?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account cncf-toc@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to modify your RSVP response. Learn More.


Re: [RESULT] TOC Principles v1.0 APPROVED

alexis richardson
 

Thank you!


On Mon, 27 Nov 2017, 06:54 Chris Aniszczyk via cncf-toc, <cncf-toc@...> wrote:
Hey all, just letting you know the TOC Principles have been approved:

https://github.com/cncf/toc/blob/master/PRINCIPLES.md

+1 binding TOC votes from:

Alexis: https://lists.cncf.io/pipermail/cncf-toc/2017-November/001382.html
BrianG: https://lists.cncf.io/pipermail/cncf-toc/2017-November/001314.html
Solomon: https://lists.cncf.io/pipermail/cncf-toc/2017-November/001324.html
Jon: https://lists.cncf.io/pipermail/cncf-toc/2017-November/001353.html
Ken: https://lists.cncf.io/pipermail/cncf-toc/2017-November/001354.html
Ben: https://lists.cncf.io/pipermail/cncf-toc/2017-November/001355.html
Camille: https://lists.cncf.io/pipermail/cncf-toc/2017-November/001379.html
Bryan: https://lists.cncf.io/pipermail/cncf-toc/2017-November/001380.html
SamL: https://github.com/cncf/toc/pull/47#issuecomment-344150385

+1 non-binding community votes:


Thanks all!

--
Chris Aniszczyk (@cra) | +1-512-961-6719
_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


[RESULT] TOC Principles v1.0 APPROVED

Chris Aniszczyk
 


Re: [VOTE] CNCF TOC Principles

alexis richardson
 

+1



On Tue, Nov 21, 2017 at 5:21 AM, Erin Boyd via cncf-toc <cncf-toc@...> wrote:
 +1 non-binding

On Mon, Nov 20, 2017 at 6:24 PM, Bryan Cantrill via cncf-toc <cncf-toc@...> wrote:

+1 (And sorry for the delay!)

         - Bryan


On Thu, Nov 2, 2017 at 9:00 AM, Chris Aniszczyk via cncf-toc <cncf-toc@...> wrote:
Hey all y'all, the CNCF TOC principles had enough time to bake and are ready for TOC vote:

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support.

Thanks!

--
Chris Aniszczyk (@cra) | +1-512-961-6719

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



Re: [VOTE] CNCF TOC Principles

Erin Boyd
 

 +1 non-binding

On Mon, Nov 20, 2017 at 6:24 PM, Bryan Cantrill via cncf-toc <cncf-toc@...> wrote:

+1 (And sorry for the delay!)

         - Bryan


On Thu, Nov 2, 2017 at 9:00 AM, Chris Aniszczyk via cncf-toc <cncf-toc@...> wrote:
Hey all y'all, the CNCF TOC principles had enough time to bake and are ready for TOC vote:

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support.

Thanks!

--
Chris Aniszczyk (@cra) | +1-512-961-6719

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



Re: [VOTE] CNCF TOC Principles

Bryan Cantrill <bryan@...>
 


+1 (And sorry for the delay!)

         - Bryan


On Thu, Nov 2, 2017 at 9:00 AM, Chris Aniszczyk via cncf-toc <cncf-toc@...> wrote:
Hey all y'all, the CNCF TOC principles had enough time to bake and are ready for TOC vote:

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support.

Thanks!

--
Chris Aniszczyk (@cra) | +1-512-961-6719

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



Re: [VOTE] CNCF TOC Principles

Camille Fournier
 

+1

On Mon, Nov 13, 2017 at 12:48 PM, Benjamin Hindman via cncf-toc <cncf-toc@...> wrote:
+1

On Mon, Nov 13, 2017 at 9:30 AM Ken Owens via cncf-toc <cncf-toc@...> wrote:
+1 

On Mon, Nov 13, 2017 at 7:47 AM, Jonathan Boulle via cncf-toc <cncf-toc@...> wrote:
+1 from me

On 2 November 2017 at 23:29, Chris Aniszczyk via cncf-toc <cncf-toc@...> wrote:
email is immutable so we stick with that for official voting

thanks Solomon!

On Thu, Nov 2, 2017 at 10:28 PM, Solomon Hykes <solomon.hykes@...> wrote:
+1

Do you want us to approve in github also? Or does email voting remain the source of truth?

On Thursday, November 2, 2017, Chris Aniszczyk via cncf-toc <cncf-toc@...> wrote:
Hey all y'all, the CNCF TOC principles had enough time to bake and are ready for TOC vote:

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support.

Thanks!

--
Chris Aniszczyk (@cra) | +1-512-961-6719



--
Chris Aniszczyk (@cra) | +1-512-961-6719

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc
--
Benjamin Hindman
Founder of Mesosphere and Co-Creator of Apache Mesos

Follow us on Twitter: @mesosphere

All New DC/OS 1.10 

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



Call to Action: Project Proposal Due Diligence

Chris Aniszczyk
 

Hey CNCF TOC and wider community, we currently have 4 project proposals in flight:


We are asking TOC Contributors (https://github.com/cncf/toc/blob/master/CONTRIBUTORS.md) and the wider CNCF community to do some due diligence on these project proposals. For an example of what we mean by due diligence, please see this PR: https://github.com/cncf/toc/pull/52

Thanks and I look forward to everyone helping out and voicing their opinions.

--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: landscape, spiffe, opa, vault

alexis richardson
 

anyone else want to chip in?

On Wed, Nov 15, 2017 at 8:11 PM, Sunil James <sunil@...> wrote:
I've been reading it this morning. I think SPIFFE/SPIRE, OPA, and Vault fit nicely within that framing. Frankly, I think proxies fit within the AAA category, too.

Maybe we're even talking about "AAA" being a new horizontal layer below "Orchestration & Management," within which include the following four (4) categories:

1) Authentication
2) Authorization
3) Key Management
4) Proxies

That said, I'm happy to defer to more thoughtful evaluations :)


---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 11:55 AM, Alexis Richardson <alexis@...> wrote:


On Wed, Nov 15, 2017 at 7:52 PM, Sunil James <sunil@...> wrote:
Tough one, but I'd say "yes."

I am ok with that.  Wonder what others think?


 

FWIW, we should probably read through RFC 2989 (specifically the agreed-upon terminology) for historical context.

Is that an offer? ;-)

a
 

---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 11:32 AM, Alexis Richardson <alexis@...> wrote:
would you suggest moving key management to AAA?

On Wed, Nov 15, 2017 at 6:09 PM, Sunil James via cncf-toc <cncf-toc@...> wrote:
+1 to this framing, particularly to its cross-cutting nature. While I agree 'security' is a natural starting bucket, the value propositions these (and other) projects address go beyond this (over time).

Visually, perhaps the TOC should consider a "AAA" box (or something more elegantly worded) to the right (or left) of 'Service Management'?


---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 8:13 AM, Tim Hinrichs via cncf-toc <cncf-toc@...> wrote:
+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).

Tim


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc







Re: landscape, spiffe, opa, vault

Sunil James <sunil@...>
 

I've been reading it this morning. I think SPIFFE/SPIRE, OPA, and Vault fit nicely within that framing. Frankly, I think proxies fit within the AAA category, too.

Maybe we're even talking about "AAA" being a new horizontal layer below "Orchestration & Management," within which include the following four (4) categories:

1) Authentication
2) Authorization
3) Key Management
4) Proxies

That said, I'm happy to defer to more thoughtful evaluations :)


---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 11:55 AM, Alexis Richardson <alexis@...> wrote:


On Wed, Nov 15, 2017 at 7:52 PM, Sunil James <sunil@...> wrote:
Tough one, but I'd say "yes."

I am ok with that.  Wonder what others think?


 

FWIW, we should probably read through RFC 2989 (specifically the agreed-upon terminology) for historical context.

Is that an offer? ;-)

a
 

---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 11:32 AM, Alexis Richardson <alexis@...> wrote:
would you suggest moving key management to AAA?

On Wed, Nov 15, 2017 at 6:09 PM, Sunil James via cncf-toc <cncf-toc@...> wrote:
+1 to this framing, particularly to its cross-cutting nature. While I agree 'security' is a natural starting bucket, the value propositions these (and other) projects address go beyond this (over time).

Visually, perhaps the TOC should consider a "AAA" box (or something more elegantly worded) to the right (or left) of 'Service Management'?


---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 8:13 AM, Tim Hinrichs via cncf-toc <cncf-toc@...> wrote:
+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).

Tim


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc






Re: landscape, spiffe, opa, vault

alexis richardson
 



On Wed, Nov 15, 2017 at 7:52 PM, Sunil James <sunil@...> wrote:
Tough one, but I'd say "yes."

I am ok with that.  Wonder what others think?


 

FWIW, we should probably read through RFC 2989 (specifically the agreed-upon terminology) for historical context.

Is that an offer? ;-)

a
 

---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 11:32 AM, Alexis Richardson <alexis@...> wrote:
would you suggest moving key management to AAA?

On Wed, Nov 15, 2017 at 6:09 PM, Sunil James via cncf-toc <cncf-toc@...> wrote:
+1 to this framing, particularly to its cross-cutting nature. While I agree 'security' is a natural starting bucket, the value propositions these (and other) projects address go beyond this (over time).

Visually, perhaps the TOC should consider a "AAA" box (or something more elegantly worded) to the right (or left) of 'Service Management'?


---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 8:13 AM, Tim Hinrichs via cncf-toc <cncf-toc@...> wrote:
+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).

Tim


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc





Re: landscape, spiffe, opa, vault

Sunil James <sunil@...>
 

Tough one, but I'd say "yes."

FWIW, we should probably read through RFC 2989 (specifically the agreed-upon terminology) for historical context.

---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 11:32 AM, Alexis Richardson <alexis@...> wrote:
would you suggest moving key management to AAA?

On Wed, Nov 15, 2017 at 6:09 PM, Sunil James via cncf-toc <cncf-toc@...> wrote:
+1 to this framing, particularly to its cross-cutting nature. While I agree 'security' is a natural starting bucket, the value propositions these (and other) projects address go beyond this (over time).

Visually, perhaps the TOC should consider a "AAA" box (or something more elegantly worded) to the right (or left) of 'Service Management'?


---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 8:13 AM, Tim Hinrichs via cncf-toc <cncf-toc@...> wrote:
+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).

Tim


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc




Re: landscape, spiffe, opa, vault

alexis richardson
 

would you suggest moving key management to AAA?

On Wed, Nov 15, 2017 at 6:09 PM, Sunil James via cncf-toc <cncf-toc@...> wrote:
+1 to this framing, particularly to its cross-cutting nature. While I agree 'security' is a natural starting bucket, the value propositions these (and other) projects address go beyond this (over time).

Visually, perhaps the TOC should consider a "AAA" box (or something more elegantly worded) to the right (or left) of 'Service Management'?


---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 8:13 AM, Tim Hinrichs via cncf-toc <cncf-toc@...> wrote:
+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).

Tim


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



Re: landscape, spiffe, opa, vault

Sunil James <sunil@...>
 

+1 to this framing, particularly to its cross-cutting nature. While I agree 'security' is a natural starting bucket, the value propositions these (and other) projects address go beyond this (over time).

Visually, perhaps the TOC should consider a "AAA" box (or something more elegantly worded) to the right (or left) of 'Service Management'?


---
SJ | sunil@... | Scytale & SPIFFE



On Wed, Nov 15, 2017 at 8:13 AM, Tim Hinrichs via cncf-toc <cncf-toc@...> wrote:
+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).

Tim


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



Re: landscape, spiffe, opa, vault

Tim Hinrichs
 

+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).

Tim


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


Re: landscape, spiffe, opa, vault

Guru Chahal <guru@...>
 

Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc



Re: landscape, spiffe, opa, vault

alexis richardson
 

That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




Re: landscape, spiffe, opa, vault

Nick Chase
 

I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a



landscape, spiffe, opa, vault

alexis richardson
 

All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a


6341 - 6360 of 7724