Re: [oca-tsc] [oca-pgb] ArkAngel Onboarding Template


duncan@sfractal
 

Is this enough to get started? Yes.

Do I think we could improve it? Yes.

 

I infer this will be an opensource repo. Am I correct? Template should probably have:

“Will opensource software be developed as part of this project?

If yes, is there existing software that will be provided, and how much?

Does submitter propose what license project will operate under or can OCA default be used?

How many repo’s?

What programming language(s)?”

 

I think the amount of staff hours is trying to get at ‘we have something’ but I think we should have more to help figure out how much already done vs how much to do.

I think stix shifter and OpenDxlOntology were two ends of a spectrum (one had lots, the other was a concept). Something along the lines of:

“How complete is the work to date and how much remains to be done?”

 

Picking on OpenDxlOntology, another question should get at whether this project depends on another project (e.g. OpenDxlOntology depends on OpenDxl). Eg

“Does this project depend on any other projects within or outside OCA?”

 

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info/

 

 

From: <oca-pgb@...> on behalf of "Adam Montville via lists.oasis-open-projects.org" <adam.montville.sdo=gmail.com@...>
Reply-To: "oca-pgb@..." <oca-pgb@...>
Date: Thursday, June 18, 2020 at 12:36 PM
To: "oca-pgb@..." <oca-pgb@...>
Cc: oca-tsc <oca-tsc@...>
Subject: Re: [oca-tsc] [oca-pgb] ArkAngel Onboarding Template

 

Jason,

 

Thanks for percolating this. What decision is this template intended to inform? Is this supporting the initial submission of a project idea and then the process takes it from there, or is the template intended to grow with additional information as the proposal walks through the (yet to be defined) intake process?

 

What’s missing for me in this template is the why. The ArkAngel template provides a good description of what it is, but doesn’t really indicate why providing an OpenDxl client client for development, integration, testing and demonstration is important or necessary. I don’t have a sense in reading this template why it’s important. Who is being served? What are the anticipated outcomes? What are the pains being relieved or the gains being achieved by having this client available?

 

Additionally, maybe it would make sense to see how the project proponents would see the work fitting within the reference architecture (once we have one established).

 

Thoughts?

 

Kind regards,

 

Adam



On Jun 18, 2020, at 7:52 AM, Jason Keirstead <Jason.Keirstead@...> wrote:

 

TSC & PGB members;

 

To date we have not received any comments at all on the below onboarding template.

 

I want to remind the group that we have *two potential new projects* waiting in the queue to move forward... one is blocked on receiving this template, the other blocked on knowing if the information is sufficient for an approval vote by the PGB to proceed.

 

Looking for this vital feedback so we can move forward.

 

Thank you;

 

-
Jason Keirstead
Chief Architect - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

 

 

----- Original message -----
From: Adam Montville <adam.montville.sdo@...>
Sent by: oca-tsc@...
To: oca-pgb@...
Cc: oca-tsc@...
Subject: [EXTERNAL] Re: [oca-tsc] [oca-pgb] ArkAngel Onboarding Template
Date: Thu, Jun 11, 2020 10:45 AM
 
Thanks for sharing, Jason. How public is this? I’d like to share it with the SCAP 2.0 folks at some point. Happy to sit on it for a while, if that makes the most sense.

 

Kind regards,

 

Adam

 

On Jun 10, 2020, at 9:10 AM, Jason Keirstead <Jason.Keirstead@...> wrote:

 

Below is the template onboardinng proposal document filled for ArkAngel. 

As a reminder the idea is to try to create a template document that captures the evaluation criterion that we want to capture for the TSC & PGB for new projects.

 

I do not view this in any way as close to complete, this is a first attempt, trying to move this process along. Please send along comments...

 

--

 

Base Information

 

Project Name

ArkAngel

 

Project Use Case (Value in one sentence)

OpenDxl client for development, integration, testing and demonstration

 

Project Description (Detailed)

Arkangel provides a self contained client for connecting to and interacting with OpenDxl fabrics. It allows a user to send and receive events on specific topic and services. It can interact with the OCA ontology to pull down the latest definitions whilst also allowing for the creation and testing of new definitions. A database layer allows for messages to be recorded and replayed for debugging, replay and persistence purposes. The dashboard also presents a visualisation to show the fabrics that are being interacted with this can be an aid for performance management and development processes.

 

Is this an existing project? If so, link to web page / repo

New

 

Does this project integrate with any existing OCA projects or deliverables?

The application performs a run-time pull from the OCA GitHub project https://opencybersecurityalliance.github.io/opendxl-ontology/

 

Project Management & Governance

 

Primary Project Sponsor(s)

IBM Security

 

How will this project be resourced on an ongoing basis?

  • This project is already developed to an alpha level. It will receive 2 major development cycles (Each lasting 10 man days) in 2020 to get to its beta and handle expected external feedback. It will also receive maintenance of 5 hours of development per week on an ongoing basis. 

 

List the current project maintainers, and their Github user IDs

Jason Flood (Jasoneflood)

Aidan Butler (aidbutlr)

 

Comments

 

List any comments you would like to add to the OCA PGB

 

-
Jason Keirstead
Chief Architect - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

 

 

 

Join oca-pgb@lists.oasis-open-projects.org to automatically receive all group messages.