Updates: Anyone can create a suggestion for updates to the Anuket charter (change requests would be reviewed and voted on by the TSC (2/3 vote), and will also go through a legal check). See also section 8 in the current charter.
Potential need for updates: Charter is (due to OPNFV heritage) more focused on code contributions. It might be desirable to reword the charter to reflect "code" on par with "specifications".
Heather notes that the charter is mostly a legal document. She encourages to update the TSC procedures and operational procedure to better reflect the different work procedures and work products of Anuket.
Openstack was designed for those building a cloud infra, while telco cloud requires security configuration for the security administrator, thus the need of Moon, a security policy engine that allows fine grained control under the supervision of security administrator,
Orange based its first version of telco cloud based an OpenStack release where security policy are managed by policy files that are depending on each Openstack module aka .json policy ( = complex configurations)
The rationale for Moon : have a global security policy management plane, that could unify the security of the various Openstack modules ( fully tested on Nova, and partially on Neutron , Cinder, Swift ) , and historically Opendaylight
Moon helps addressing requirements from security authorities in virtualized environments
What are the contributions to other communities ?
Orange with Openstack community added the concept of Identity/Keystone hook that allows from a .json policy file to interrogate through an API call an external policy decision point (aka Moon) that authorizes the requests based on a given security policy ( E.g allow or not the start of VM )
Why we republish Moon in 2020 ?
The initial contribution was initially linked with OPNFV . We redesign it internally to make as more an independent component and contributed the work in 2020 , this resulted in a major commit last year.
We also completey redesign the web interface to allow a security administrator within a telco to authorize certains commands through a simple user interface ( instead of CLI ) , and repackage the service as two libraries that could be easily integrated in any virtualized platform (in the micro-services spirit).
Moon was used in an experiment by one Orange Affiliate to distinguish administrator roles depending of the status of the platform : design/maintenance status versus run status . As a consequence, this has been added to our recommendations.
What are next plans ?
Cover next generation telco cloud requirements : Extend Moon to manage dual environments like K8S and Openstack, and extend GUI to simplify policy generations.