Date   

Re: [VOTE] SAFE (Security) Working Group

徐翔轩 <eleven.xu@...>
 

+1 non-binding

Thanks & Best Regards,

徐翔轩

----------------------------------------------------



上海得帆信息技术有限公司
  SHANGHAI DEFINESYS INFORMATION TECHNOLOGY CO., LTD.

E-mail : eleven.xu@...
Mobile : +86-186-1626-0537
Website:http://www.definesys.com

----------------------------------------------------
 

在 2018年9月4日,22:49,Randy Abernethy <randy.abernethy@...> 写道:

+1 nb


On 2018-09-04 06:50, Chris Aniszczyk wrote:
A new CNCF Working Group has been proposed (sponsored by Ken Owens):

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719

-- 
Randy Abernethy
Managing Partner
RX-M, LLC
randy.abernethy@...
o 415-800-2922
c 415-624-6447


Re: [VOTE] SAFE (Security) Working Group

Randy Abernethy
 

+1 nb


On 2018-09-04 06:50, Chris Aniszczyk wrote:
A new CNCF Working Group has been proposed (sponsored by Ken Owens):

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719

-- 
Randy Abernethy
Managing Partner
RX-M, LLC
randy.abernethy@...
o 415-800-2922
c 415-624-6447


Re: [VOTE] SAFE (Security) Working Group

Barker, Daniel <drbarker@...>
 

+1 (non-binding)

I second Chase's statement.

-------- Original Message --------
Subject: Re: [cncf-toc] [VOTE] SAFE (Security) Working Group
From: Chase Pettet <cpettet@wikimedia.org>
Date: Sep 4, 2018, 8:55 AM
To: Chris Aniszczyk <caniszczyk@linuxfoundation.org>
+1 non-binding

How awesome would it be to have common nomenclature and practices across similar methodology for CNCF projects. This in and of itself would be a huge value add CNCF can bring to the table.

On Tue, Sep 4, 2018 at 8:50 AM, Chris Aniszczyk <caniszczyk@linuxfoundation.org<mailto:caniszczyk@linuxfoundation.org>> wrote:
A new CNCF Working Group has been proposed (sponsored by Ken Owens):
https://github.com/cn-security/safe

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719



--
Chase Pettet
chasemp on phabricator<https://phabricator.wikimedia.org/p/chasemp/> and IRC

----------------------------------------- CONFIDENTIALITY NOTICE
This message and any attachments are from the NAIC and are intended only for the addressee. Information contained herein is confidential, and may be privileged or exempt from disclosure pursuant to applicable federal or state law. This message is not intended as a waiver of the confidential, privileged or exempted status of the information transmitted. Unauthorized forwarding, printing, copying, distribution or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or by forwarding it to the NAIC Service Desk at help@naic.org.


Re: [VOTE] SAFE (Security) Working Group

Justin Cappos
 

+1 nonbinding

On Tue, Sep 4, 2018 at 10:01 AM Alban Crequy <alban@...> wrote:
+1 non-binding

On Tue, Sep 4, 2018 at 3:50 PM Chris Aniszczyk
<caniszczyk@...> wrote:
>
> A new CNCF Working Group has been proposed (sponsored by Ken Owens):
> https://github.com/cn-security/safe
>
> Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem
>
> Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146
>
> Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!
>
> --
> Chris Aniszczyk (@cra) | +1-512-961-6719
> _._,_._,_




TOC Agenda 9/4/2018

Chris Aniszczyk
 

Here's the agenda deck for today: https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g25ca91f87f_0_0

We will be hearing from the Dragonfly/OpenMessaging communities, along with discussing a backlog of project presentations to make a decision on.

Thanks!

--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: [VOTE] SAFE (Security) Working Group

Alban Crequy
 

+1 non-binding

On Tue, Sep 4, 2018 at 3:50 PM Chris Aniszczyk
<caniszczyk@linuxfoundation.org> wrote:

A new CNCF Working Group has been proposed (sponsored by Ken Owens):
https://github.com/cn-security/safe

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719
_._,_._,_


Re: [VOTE] SAFE (Security) Working Group

Doug Davis <dug@...>
 

+1 non-binding


thanks
-Doug
_______________________________________________________
STSM | IBM Open Source, Cloud Architecture & Technology
(919) 254-6905 | IBM 444-6905 | dug@...
The more I'm around some people, the more I like my dog

"Chris Aniszczyk" ---09/04/2018 09:52:40 AM---A new CNCF Working Group has been proposed (sponsored by Ken Owens): https://urldefense.proofpoint.c

From: "Chris Aniszczyk" <caniszczyk@...>
To: CNCF TOC <cncf-toc@...>
Date: 09/04/2018 09:52 AM
Subject: [cncf-toc] [VOTE] SAFE (Security) Working Group
Sent by: cncf-toc@...





A new CNCF Working Group has been proposed (sponsored by Ken Owens):
https://github.com/cn-security/safe

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719




Re: [VOTE] SAFE (Security) Working Group

Xu Wang
 

+1 (non-binding)


On Tue, Sep 4, 2018, 21:50 Chris Aniszczyk <caniszczyk@...> wrote:
A new CNCF Working Group has been proposed (sponsored by Ken Owens):

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: [VOTE] SAFE (Security) Working Group

Chase Pettet
 

+1 non-binding

How awesome would it be to have common nomenclature and practices across similar methodology for CNCF projects.  This in and of itself would be a huge value add CNCF can bring to the table.

On Tue, Sep 4, 2018 at 8:50 AM, Chris Aniszczyk <caniszczyk@...> wrote:
A new CNCF Working Group has been proposed (sponsored by Ken Owens):

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719




--
Chase Pettet
chasemp on phabricator and IRC


Re: [VOTE] SAFE (Security) Working Group

Justin Cormack
 

+1 (non binding)


On Tue, Sep 4, 2018 at 2:50 PM, Chris Aniszczyk <caniszczyk@...> wrote:
A new CNCF Working Group has been proposed (sponsored by Ken Owens):

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719



Re: [VOTE] SAFE (Security) Working Group

ytijani@...
 

+1 non-binding

Le mar. 4 sept. 2018 à 15:52, Tom Phelan <tap@...> a écrit :
+1 (non-binding)

On Tue, Sep 4, 2018 at 6:51 AM, Geri Jennings <geri.jennings@...> wrote:

+1 (non-binding)

 

From: <cncf-toc@...> on behalf of Chris Aniszczyk <caniszczyk@...>
Date: Tuesday, September 4, 2018 at 9:50 AM
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] [VOTE] SAFE (Security) Working Group

 

A new CNCF Working Group has been proposed (sponsored by Ken Owens):

 

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

 

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


_______________________________________________
This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure.
If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error.




--

view

Thomas Phelan

Chief Architect

650 533 6462

Try BlueData on AWS: www.bluedata.com/AWS


Re: [VOTE] SAFE (Security) Working Group

Tom Phelan
 

+1 (non-binding)

On Tue, Sep 4, 2018 at 6:51 AM, Geri Jennings <geri.jennings@...> wrote:

+1 (non-binding)

 

From: <cncf-toc@...> on behalf of Chris Aniszczyk <caniszczyk@linuxfoundation.org>
Date: Tuesday, September 4, 2018 at 9:50 AM
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] [VOTE] SAFE (Security) Working Group

 

A new CNCF Working Group has been proposed (sponsored by Ken Owens):

 

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

 

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


_______________________________________________
This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure.
If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error.




--

view

Thomas Phelan

Chief Architect

650 533 6462

Try BlueData on AWS: www.bluedata.com/AWS


Re: [VOTE] SAFE (Security) Working Group

Ken Owens
 

+1 binding

On Tue, Sep 4, 2018 at 8:50 AM Chris Aniszczyk <caniszczyk@...> wrote:
A new CNCF Working Group has been proposed (sponsored by Ken Owens):

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: [VOTE] SAFE (Security) Working Group

Geri Jennings
 

+1 (non-binding)

 

From: <cncf-toc@...> on behalf of Chris Aniszczyk <caniszczyk@...>
Date: Tuesday, September 4, 2018 at 9:50 AM
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] [VOTE] SAFE (Security) Working Group

 

A new CNCF Working Group has been proposed (sponsored by Ken Owens):

 

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

 

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


_______________________________________________
This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure.
If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error.


[VOTE] SAFE (Security) Working Group

Chris Aniszczyk
 

A new CNCF Working Group has been proposed (sponsored by Ken Owens):

Secure Access for Everyone (SAFE) Working Group will explore secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem

Please vote (+1/0/-1) by replying to this thread; the full proposal located here: https://github.com/cncf/toc/pull/146

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: RSocket Followup (post TOC meeting)

Ben Christensen
 

> why did you feel it necessary to add an additional layer of application flow control on top of what TCP already provides?
 
This is discussed in the FAQ of the project:  https://github.com/rsocket/rsocket/blob/master/FAQ.md#why-reactive-streams-requestn-flow-control
 
The key difference is that RSocket offers end-to-end instead of hop-to-hop flow control and expects to have message-level flow control exposed through APIs into the application layer. This allows non-blocking bounded message queues in user code and prevents buffer bloating of intermediaries. 
 
A key example is an experience I had with a load balancer (TCP, not HTTP in that case) where the hop-to-hop behavior did what it does best - filled the entire buffer of the proxy (load balancer) - which resulted in increasing latency of the end consumer (fast producer, slow consumer problem) until eventually the proxy would OOM and reboot. This required bad hacks to address since the protocol in use did not support end-to-end flow control. Neither HTTP or TCP expose end-to-end flow control mechanisms into the application layer, RSocket allows this. 
 
The responses from Ben Hale earlier also did a good job of explaining this and provided further examples I won't repeat here. 


Re: RSocket Followup (post TOC meeting)

Ben Christensen
 

> Other than to support non-TCP transports (like UDP), which I would assume are fairly uncommon,
 
This is actually something we leverage in production:
 
- TCP for server-to-server
- WebSocket for browser-to-server
- single HTTP/2 stream treated like TCP on shared HTTP/2 connection
 
The need to target both WebSockets and TCP was actually a very concrete initial reason for creating RSocket, since HTTP/2 framing is not exposed in browsers or most client/server APIs. More on this is found in the Motivations doc: https://github.com/rsocket/rsocket/blob/master/FAQ.md#why-not-http2


Re: RSocket Followup (post TOC meeting)

Ben Christensen
 

> How much interoperability testing have you done?
 
We use rsocket-cpp, rsocket-js, and rsocket-java together. C++ as both client and server. JS as a client against C++ and Java, and recently starting to be a server (but that's less tested). Java as client against C++, and as server for JS. 
 
We use TCP, WebSocket, and a single HTTP/2 stream on a shared connection in different places as the transport.
 
- For server-to-server we primarily use TCP. 
- For browser-to-server we use WebSocket. 
- For mobile-to-server we use a single H2 stream for RSocket on a potentially hared H2 connection. 
- For mobile-to-server we are evaluating mapping RSocket streams onto HTTP/2 streams, while being multitenant with other protocols on the same HTTP/2 connection. 
- Both approaches with HTTP/2 do not work with standard HTTP/2 APIs and only work because we expose internals of the protocol in our implementation. The mapping to H2 streams and being multi-tenant also requires custom extensions to H2 so isn't viable broadly (unless we evolve H2). And the H2 mapping does not work in browsers, so we use WebSockets there. 
 


Re: TOC + Community Input: Cloud Native Buildpacks

Chris Aniszczyk
 

Thanks Alexis, I let the folks know to put together an official proposal for the sandbox:

On Tue, Aug 28, 2018 at 10:02 AM, Alexis Richardson <alexis@...> wrote:
I am happy to co-sponsor.

alexis


On Tue, Aug 21, 2018 at 4:45 PM, Chris Aniszczyk
<caniszczyk@linuxfoundation.org> wrote:
> The buildpacks.io community presented at the TOC meeting today:
> https://github.com/cncf/toc/issues/122
>
> Brian Grant is willing to sponsor this for the sandbox so we are looking for
> one more (Camille is potentially interested but needs more time to review).
> We are also seeking input from the TOC and wider community.
>
> Thank you!
>
> --
> Chris Aniszczyk (@cra) | +1-512-961-6719



--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: TOC + Community Input: Cloud Native Buildpacks

alexis richardson
 

I am happy to co-sponsor.

alexis


On Tue, Aug 21, 2018 at 4:45 PM, Chris Aniszczyk
<caniszczyk@linuxfoundation.org> wrote:
The buildpacks.io community presented at the TOC meeting today:
https://github.com/cncf/toc/issues/122

Brian Grant is willing to sponsor this for the sandbox so we are looking for
one more (Camille is potentially interested but needs more time to review).
We are also seeking input from the TOC and wider community.

Thank you!

--
Chris Aniszczyk (@cra) | +1-512-961-6719

4661 - 4680 of 6990