Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zero Trust Working Group #621

Open
j-helman opened this issue Mar 6, 2024 · 6 comments
Open

Zero Trust Working Group #621

j-helman opened this issue Mar 6, 2024 · 6 comments
Assignees
@jmertic @kdt3rd @yarille
Labels
1-new-project-wg New Project or Working Group application

Comments

@j-helman
Copy link

j-helman commented Mar 6, 2024

Describe the purpose of the group in no more than 4-5 sentences

The purpose of the Zero Trust Working Group is to support ASWF projects that need to function in a Zero Trust operating environment. As workflows and assets move to the cloud, perimeter security is no longer adequate in many situations. New models, such as Zero Trust, are being used that require many clients and services to become security aware. For example, they may need to integrate with authentication and authorization services or to interoperate with logging, monitoring, or threat detection systems.

The aim of this working group is to assist ASWF projects in determining their zero trust security needs and to share best practices on implementation approaches.

Goals of the working group

  1. Assist community members in becoming aware of the use of zero trust security models and how that relates to ASWF projects.
  2. Consolidate and share best practices for implementing those models including security by design.
  3. Explore the value of having an ASWF project for Zero Trust framework and supporting elements that could be shared between multiple ASWF projects.

Non-goals of the working group

  1. Maintain code for actual solutions beyond samples needed to support documentation.
  2. Duplicate security work already being done in other Working Groups, such as CI.

Deliverables

  1. Documentation of guidelines and best practices to help other ASWF projects incorporate the mechanisms and components necessary for operating in a ZT environment.
  2. Proposals for other projects, such as frameworks or code, that the group may determine are needed.
@j-helman j-helman added the 1-new-project-wg New Project or Working Group application label Mar 6, 2024
@jmertic
Copy link
Contributor

jmertic commented Mar 6, 2024

Hey @j-helman - thanks for this. I know you have the other issue ( #620 ) - just clarifying that the aim for the meeting today is awareness of the proposal and not a presentation - is that accurate?

@j-helman
Copy link
Author

j-helman commented Mar 6, 2024
edited

Correct. Today, we'll explain the need, where we're at, and clarify next steps towards approval.

@jmertic
Copy link
Contributor

jmertic commented Mar 6, 2024

Excellent! I've scheduled the formal presentation for April 3 ( next opening )

@j-helman
Copy link
Author

j-helman commented Mar 6, 2024

Perfect.

@j-helman
Copy link
Author

j-helman commented Apr 3, 2024

Deck on the topic...

ASWF Zero Trust Security WG 2024-04-03.pptx

@jmertic
Copy link
Contributor

jmertic commented Apr 10, 2024
edited

Group was approved during the 4/3 meeting. TAC requested a three-month follow-up review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmertic jmertic

@kdt3rd kdt3rd

@yarille yarille

Labels
1-new-project-wg New Project or Working Group application
Projects
Academy Software Foundation TAC Meeting Agenda
Status: Future Meeting Agenda Items
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jmertic @kdt3rd @j-helman @yarille