Description: The TOC has requested a cloud native security lexicon that provides simple definitions, terms, and initial organizational use of those items. As the Cloud Native Ecosystem continues to grow we want to ensure all community members are have the same terms and definitions as well as an understanding about where they fit in their software development lifecycle as well as their operational environments.
Reference TOC meeting: https://www.youtube.com/watch?v=5q1EVccvR0U
Impact: There seems to be some confusion by the community on what some of these terms actually mean or imply. In some cases they are overloaded, used as a catch all, or misued. The Cloud Native Security Whitepaper has areas of each of these that would need rectified in a 2.0 update. Many of the cloud native projects perform multiple functions that span multiple terms and it is important that we clarify the items (terms) projects meet or achieve rather than generically lumping a project against an undefined or mis-defined concept (#565).
Scope: At a minimum, this lexicon will be maintained as a file in the repo and should include the following as a minimum:
user identity, service identity, secrets, keys, credentials. Each definition should be discussed and highlight the traits of that particular definition.
TO DO
definitions/Schedule:
Informal discussion : March 24
Kickoff : March 25
Identify the list of terms in scope : April 05
Initial definitions of the terms / link to authoritative definition sources : April 30
Review phase 1 : May 14
Review with wider audience : June 6
Finalization : June 13
TOC Review : June 27
Finalization and raise PR : Jul 4
Hi, I would like to help with this.
Should we use this issue to discuss the meaning behind each of the terms or slack channel?
@MVrachev I'd like to get a small group of folks to work on this. Once we have them confirmed we'll move the discussion into the Cloud Native Security Whitepaper Channel or another new Channel to tackle this. Thanks!
I鈥檇 like to rejoin the SIG and collaborate on this.
I'd like to collaborate on this
I would be happy to be involved with this 馃憤
I鈥檓 game.
I think this came up at TOC meeting this week? Can someone who was there verify that and, if so, would be great to link to notes/video so whoever works on this can review the context and we can refer back if questions come up about the direction this ends up taking.
@ultrasaurus yep this came up in the TOC meeting this week! Updating.
I'm up for this too @TheFoxAtWork
Happy to help also @matthewflannery
I am keen, too.
Awesome!! I'll need someone to volunteer Project Lead, note this group spans multiple timezones so please take that into consideration.
@ragashreeshekar is working as project lead on this. Expect updates and to hear from her on next steps, schedule, collab space, etc.
Hello folks, I request all the contributors to join the CNCF #sig-security-whitepaper Slack Channel - CNCF Sig-security-whitepaper channel. Here is the documentation Draft: CNCF Cloud Native Security Lexicon - this covers initial plan and tentative timelines. DM over slack with your mail address so I could add you as editors to the document. Feel free to connect with us for any queries.
Keen to help on this as well, will ping you @ragashreeshekar , cheers!
Hello folks, I request all the contributors to join the CNCF #sig-security-whitepaper Slack Channel - CNCF Sig-security-whitepaper channel. Here is the documentation Draft: CNCF Cloud Native Security Lexicon - this covers initial plan and tentative timelines. DM over slack with your mail address so I could add you as editors to the document. Feel free to connect with us for any queries.
Hello Folks, please join the slack channel and drop me a note so I could provide access to the document so you could join the initiative and start contributing
Most helpful comment
Hello folks, I request all the contributors to join the CNCF #sig-security-whitepaper Slack Channel - CNCF Sig-security-whitepaper channel. Here is the documentation Draft: CNCF Cloud Native Security Lexicon - this covers initial plan and tentative timelines. DM over slack with your mail address so I could add you as editors to the document. Feel free to connect with us for any queries.