crawfordchanel
commented
9 months ago Chanel Crawford - Citi
Closed crawfordchanel closed 8 months ago
crawfordchanel
commented
9 months ago Chanel Crawford - Citi
robmoffat
commented
9 months ago Rob Moffat / FINOS 🌵
eddie-knight
commented
9 months ago :wave: :shipit: Eddie Knight / Sonatype
smendis-scottlogic
commented
9 months ago Sonali Mendis / Scott Logic
eziogas-scottlogic
commented
9 months ago Euthyme Ziogas / Scott Logic
AdrianHammond
commented
9 months ago Adrian Hammond / Red Hat. - Hi :-)
robmoffat
commented
9 months ago EK: We have a file for the first taxonomy but it's not complete yet.
CC: Good rich discussion happening here, but no-one is taking ownership of the work.
EK: We're at the point where this could be incremental. If folks wanted to contribute like Sonali Mendes then they could do that. We have the structure that they could just make pull requests. If you are motivated to make a PR for a service, then we're ready for that.
SM: Previously, we've been asked to look at the white paper to decide what the taxonomy looks like. Are we going to refactor the taxonomy or work on other categories?
EK: It depends on what you want to build. You started the relational db, but if you want to start another one, we have the template. You could start from scratch and just add another one.
EK: We have consensus on this approach from the steering committee - there was a dependency to do the first service really well (which we did in October).
CC: We need two?
EK: Eventually, we need hundreds.
RM: Do we have a roadmap for future services?
AH: I think one of the expectations of the steering group should be that roadmap. It's pointless us doing RDS/S3 if the OSCAL group wants something else. The FI's need to figure this out. I don't work for a FI so I shouldn't be defining that. This needs to come from the FI's in the community and the steering group.
EK: I think it'll take time to get this level of steering. For the next month, I don't think we'll get that. I think in the meantime, we should just throw a dart at the dartboard.
AH: I think S3 should be the next one.
EK: I'll provide support, but I think someone else should lead.
AH: How do you organise structure around the individual services and what buckets they go into? Are we focusing on an individual service, or the generic thing?
EK: This is what we're doing in issue 15.
AH: Should we finish issue 15, and come back to figure out the next service?
EK: Can you drive that, AH?
AH: I believe a spreadsheet exists covering the different services
SM: We need someone to take the task of summarising, and if everyone can agree on the summary then the ticket is done.
AH: (Shares Markdown Taxonomy file)
VH: Cloud providers / FINOPS have agreed to a taxonomy and are on-board, but I'm not sure the spreadsheet reflects this.
AH: Is the next step then to review the markdown as a group?
VH: Yes, we just need the final validation.
SM: The category that FINOPS provided we can't use as-is as it's optimised wrt cost, which is not what we're using it for. We'll need to modify it and remove the parts we don't need.
VH: Ok, so this is more work.
ACTION: SM to lead work on adapting the markdown and bringing it back to the WG. VH to help with this
EK: Do we know where this will live. AH: Yes, we have space in the structure for this -it'll replace the existing one.
OB: Best place to start is to look at existing CDMC controls and map to OSCAL. I have worked on some of this. We will bring examples back to the group that we're working on. The first one will be an OSCAL translation of the CDMC (garbled).
AH: Does this fit in the taxonomy working group or the OSCAL group?
OB: CDMC fits into all areas. CDMC is duplicative, but with a focus on data controls. I've had to un-pick what we've delivered for CDMC, working on re-working this for CCC. Hoping to do this in a front-to-back way with threats, controls, data standards etc. Starting with relational DB.
AH: These features look interesting to the taxonomy group.
EK: We're just waiting on OB for the POC/spike?
OB: Yes. We really want to figure out the overlap. CCC and CDMC are not the same, but they are solving the same business problem.
ACTION: Pending a POC from OB
AH: Pending the outcome of the POC, we might want to revisit the RDS taxonomy based on OB's work. OB: I wouldn't rush to do this. AH: It's early days - we should be revising stuff based on your work.
CC: 30,60,90 day plan - this is in all working groups. Anyone want to talk about this? (no)
AH: The alignment between taxonomy and mitre - is that a handshake on what our output is and what their input is? EK: Yes, that's right. Last week we were on the MITRE call and the discussion was that because we have the layout, the MITRE group (or whoever defines the hardening controls) should be able to follow the existing file structure. The POC is there, so they have the structure to work with. That's the extent of the alignment. I think that's all we need? AH: Is that documented anywhere, EH? Perhaps in a contributors guide? EK: Probably needs to be done after someone takes a stab at It in the MITRE group. AH: Do we need to raise an issue on the MITRE group to get them to do that? EH, can you write that?
ACTION: EH to write about this handshake ACTION: CC to tag the MITRE group on this issue
AH: Do we need to pick up on EK's next service definition?
EK: Depends on what people want to be working on? I didn't hear anyone itching to work on anything.
AH: I'd like to be involved, but be in partnership with someone from an FI. With the caveat I'm not here for the next couple of weeks.
CC: I believe Mark Rushing will be heading this up.
ACTION: CC to line someone up for this
Matt Barrett from Adaptive.
Date
01/25/2024 - 12:00 PM ET / 5:00 PM UK
Untracked attendees
Meeting notices
FINOS Project leads are responsible for observing the FINOS guidelines for running project meetings. Project maintainers can find additional resources in the FINOS Maintainers Cheatsheet.
All participants in FINOS project meetings are subject to the LF Antitrust Policy, the FINOS Community Code of Conduct and all other FINOS policies.
FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
Agenda
Zoom info
Join Zoom Meeting https://zoom.us/j/93861901920 Meeting ID: 938 6190 1920 Passcode: 284383
Dial by your location • +1 719 359 4580 US • +1 253 205 0468 US • +1 253 215 8782 US (Tacoma) • +1 301 715 8592 US (Washington DC) • +1 305 224 1968 US • +1 309 205 3325 US • +1 312 626 6799 US (Chicago) • +1 346 248 7799 US (Houston) • +1 360 209 5623 US • +1 386 347 5053 US • +1 507 473 4847 US • +1 564 217 2000 US • +1 646 558 8656 US (New York) • +1 646 931 3860 US • +1 669 444 9171 US • +1 669 900 6833 US (San Jose) • +1 689 278 1000 US • 855 880 1246 US Toll-free • 877 369 0926 US Toll-free • +1 438 809 7799 Canada • +1 587 328 1099 Canada • +1 647 374 4685 Canada • +1 647 558 0588 Canada • +1 778 907 2071 Canada • +1 780 666 0144 Canada • +1 204 272 7920 Canada • 855 703 8985 Canada Toll-free
Meeting ID: 982 5461 7376
Find your local number: https://zoom.us/u/acPjHdY2IO