Draft categories for SAFE Landscape

[ultrasaurus]

We need to draft the categories that we'll use for grouping projects in the landscape.

This issue is to create an initial draft, and then we'll discuss at a WG meeting

[izgeri]

@ultrasaurus I'm doing some work on this right now with Michael Ducy (@mfdii). We are trying to recategorize the security-related products to make them easier to find. What is this story for?

We've been doing this work as part of the Reference Architecture group.

[lizrice]

@izgeri thanks for flagging that. For reference here are what I think are the relevant meeting notes from the Reference Architecture group

[izgeri]

Thanks @lizrice. There are also conversations that have been happening in that mailing list, and I expect @mfdii and I will have a proposal in the next two weeks (he's away this week).

[pragashj]

@evan2645, @sreetummidi please take a look at this

[izgeri]

@dshaw do I need to be assigned this issue? I'm not sure how to do that in this repository.

[izgeri]

@pragashj @lizrice @ultrasaurus @evan2645 @sreetummidi @dshaw

This is the Google document with notes on what @mfdii and I have worked up so far. It includes an explanation of the purpose of our work as well as a proposed structure of what we have been calling the "Security Landscape". I will be letting the Reference Architecture mailing list know about this draft as well, and that we will be discussing the draft in this group on Friday.

We are eager to get feedback, and the document is open for comments.

[izgeri]

Task breakdown with tasks merged from #69 (I am unable to edit the original issue):

Define Categories / Sub-categories

• propose initial draft of security-focused landscape
• discuss initial categorization proposal in SAFE WG
• solicit feedback from subject matter experts
• solicit feedback from CNCF projects
  • Security and Policy solutions
    • SPIFFE / SPIRE - Evan
    • Notary
    • TUF
    • OPA - Torin with updater
  • Projects with Security Concerns
    • gRPC
  • Platforms (consider sub-projects that can be used stand-alone, such as Envoy, Mixer):
    • Istio
    • Kubernetes
• solicit feedback from Reference Architecture group (next meeting October 10)
• finalize proposal for categorization
• SAFE WG vote on proposal

Map Security-Related Projects From CNCF Landscape Into These Categories

TBD

Potential additional tasks

• Update landscape to include security landscape
• What information is missing in this landscape view? What other ways can we communicate to the community information on cloud-native security best practices? Should we create a "reference security architecture" or "security trail map" that guides users on healthy security practices through the SLDC?

[ultrasaurus]

I think this is addressed with https://github.com/cn-security/safe/tree/master/landscape and open issue#124 for further work on categories