From 79a26c1a9bbe245eaf9bff86377fe2c672494f10 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Tue, 19 Dec 2023 17:47:41 +0100 Subject: [PATCH 01/12] first proposal for security project --- projects/security.md | 58 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 projects/security.md diff --git a/projects/security.md b/projects/security.md new file mode 100644 index 000000000..73afa69e3 --- /dev/null +++ b/projects/security.md @@ -0,0 +1,58 @@ +# Security Semantic Conventions Working Group + +## Description + +The purpose of this working group is to bring in the security domain for the OpenTelemetry community. + +As outlined in the [ECS OTEP](https://github.com/open-telemetry/oteps/blob/main/text/0199-support-elastic-common-schema-in-opentelemetry.md), the Elastic Common Schema (ECS) is currently being contributed to the semantic conventions schema. Given the significance of security within ECS, establishing this working group is crucial as it will expedite the donation of ECS fields tailored to security use cases. Beyond expanding the schema, our aim is to craft a clear vision for the instrumentation required. + +## Deliverables + +* Our current focus is on defining essential semantic conventions for security use cases. +* As new use cases and namespaces are introduced to the semantic conventions, there may be a need for additional instrumentation to accommodate them. It is anticipated that this aspect will expand through an iterative process. + +## Staffing / Help Wanted + +We are seeking security experts to collaborate with us in expanding the security domain within the community. + +### Required staffing + +There is an open [PR](https://github.com/open-telemetry/semantic-conventions/issues/580) to create a `semconv-security-approver` group for all PRs related to security fields. + +* project lead: @trisch-me +* domain expert: @mjwolf + +* GC sponsor: @reyang +* GC sponsor: vacant + +Need more +- [ ] domain experts +- [ ] TC +- [ ] potentially, maintainers of language-specific instrumentation may be needed if the need arises. + + +## Meeting Times + +TBD + +Once a project is started, the working group should meet regularly for discussion. These meeting times should be posted on the OpenTelemetry public calendar. + +## Timeline + +TBD + +What is the expected timeline the project will aim to adhere to, and what resources and deliverables will be needed for each portion of the timeline? If the project has not been started, please describe this timeline in relative terms (one month in, two weeks later, etc). If a project has started, please include actual dates. + +## Labels + +* security + +## Linked Issues and PRs + +* [Donating ECS to OpenTelemetry](https://github.com/open-telemetry/oteps/blob/main/text/0199-support-elastic-common-schema-in-opentelemetry.md) +* [Creation of semconv-security-approver group](https://github.com/open-telemetry/semantic-conventions/issues/580) + + +## Project Board + +Once approved by TC, a project should be managed using a GitHub project board. This project board should be pre-populated with issues that cover all known deliverables, organized by timeline milestones. Once created, please link to the project board here. \ No newline at end of file From 884cf2a80bc83a763dbc3ee96547025b93620626 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Tue, 19 Dec 2023 17:58:47 +0100 Subject: [PATCH 02/12] fix spell --- .cspell.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.cspell.yaml b/.cspell.yaml index c69104348..cd5defd91 100644 --- a/.cspell.yaml +++ b/.cspell.yaml @@ -21,6 +21,7 @@ words: - passcodes - proto - runtimes + - semconv - signup - skyscanner - splk @@ -78,6 +79,7 @@ words: - mateuszrzeszutek - mayur - mayurkale + - mjwolf - mirabella - mtwo - mwear @@ -114,6 +116,7 @@ words: - tigran - tigrannajaryan - trask + - trisch-me - tsloughter - tylerbenson - xoscar From a1be073774a8b23af49684b3122c5b663004861f Mon Sep 17 00:00:00 2001 From: Alexandra Konrad <10500694+trisch-me@users.noreply.github.com> Date: Mon, 8 Jan 2024 17:39:00 +0100 Subject: [PATCH 03/12] Update projects/security.md Co-authored-by: Reiley Yang --- projects/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/security.md b/projects/security.md index 73afa69e3..aebb08137 100644 --- a/projects/security.md +++ b/projects/security.md @@ -22,8 +22,8 @@ There is an open [PR](https://github.com/open-telemetry/semantic-conventions/iss * project lead: @trisch-me * domain expert: @mjwolf -* GC sponsor: @reyang -* GC sponsor: vacant +* TC sponsor: @reyang +* TC sponsor: vacant Need more - [ ] domain experts From 83122b1b1c0b4e0b41ff9774af7681ed33632522 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Fri, 9 Feb 2024 21:13:51 +0100 Subject: [PATCH 04/12] add more experts --- .cspell.yaml | 1 + projects/security.md | 1 + 2 files changed, 2 insertions(+) diff --git a/.cspell.yaml b/.cspell.yaml index cd5defd91..3f9100857 100644 --- a/.cspell.yaml +++ b/.cspell.yaml @@ -93,6 +93,7 @@ words: - parsana - patrickhousley - poncelow + - raesene - reiley - reyang - ruech diff --git a/projects/security.md b/projects/security.md index 73afa69e3..7325a8179 100644 --- a/projects/security.md +++ b/projects/security.md @@ -21,6 +21,7 @@ There is an open [PR](https://github.com/open-telemetry/semantic-conventions/iss * project lead: @trisch-me * domain expert: @mjwolf +* domain expert: @raesene * GC sponsor: @reyang * GC sponsor: vacant From bfeea3a37399ec51d59d37128c9765e6e3f3e372 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Mon, 12 Feb 2024 12:26:34 +0100 Subject: [PATCH 05/12] add another expert --- .cspell.yaml | 1 + projects/security.md | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.cspell.yaml b/.cspell.yaml index 8487f3c53..b6f833cd3 100644 --- a/.cspell.yaml +++ b/.cspell.yaml @@ -110,6 +110,7 @@ words: - krzko - kuisathaverat - lalitb + - lambdanis - lmolkova - lucavallin - magnusbaeck diff --git a/projects/security.md b/projects/security.md index 3f1687d22..c0b5d5cf0 100644 --- a/projects/security.md +++ b/projects/security.md @@ -19,9 +19,10 @@ We are seeking security experts to collaborate with us in expanding the security There is an open [PR](https://github.com/open-telemetry/semantic-conventions/issues/580) to create a `semconv-security-approver` group for all PRs related to security fields. -* project lead: @trisch-me -* domain expert: @mjwolf -* domain expert: @raesene +* project lead: @trisch-me (Elastic) +* domain expert: @mjwolf (Elastic) +* domain expert: @raesene (Datadog) +* domain expert: @lambdanis (Isovalent) * TC sponsor: @reyang * TC sponsor: vacant From 7a8dc52bff8c197410eba135d8bd8680eca43f06 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Mon, 12 Feb 2024 12:32:34 +0100 Subject: [PATCH 06/12] add companies names to the spellcheck --- .cspell.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.cspell.yaml b/.cspell.yaml index b6f833cd3..93abe6fa0 100644 --- a/.cspell.yaml +++ b/.cspell.yaml @@ -9,13 +9,16 @@ words: - codecov - codeowners - DASD + - datadog - dynatrace - easycla - eiffel + - elastic - emea - faas - gitter - Hostmetrics + - isovalent - jemmic - keptn - kubecon From 5dc4f6c5278d5f361575cb041178667fd5c2d129 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Mon, 15 Apr 2024 19:00:24 +0200 Subject: [PATCH 07/12] refine project timeline and description --- projects/security.md | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/projects/security.md b/projects/security.md index c0b5d5cf0..149c2841f 100644 --- a/projects/security.md +++ b/projects/security.md @@ -8,7 +8,28 @@ As outlined in the [ECS OTEP](https://github.com/open-telemetry/oteps/blob/main/ ## Deliverables -* Our current focus is on defining essential semantic conventions for security use cases. +* Our current focus is on defining essential semantic conventions for security use cases. + * This includes but is not limited to the following namespaces: + * [`Code signature`](https://www.elastic.co/guide/en/ecs/current/ecs-code_signature.html) + * [`DLL`](https://www.elastic.co/guide/en/ecs/current/ecs-dll.html) + * [`DNS`](https://www.elastic.co/guide/en/ecs/current/ecs-dns.html) + * [`File`](https://www.elastic.co/guide/en/ecs/current/ecs-file.html) + * [`Group`](https://www.elastic.co/guide/en/ecs/current/ecs-group.html) + * [`Hash`](https://www.elastic.co/guide/en/ecs/current/ecs-hash.html) + * [`Host`](https://www.elastic.co/guide/en/ecs/current/ecs-host.html) + * [`Network`](https://www.elastic.co/guide/en/ecs/current/ecs-network.html) + * [`Operating System`](https://www.elastic.co/guide/en/ecs/current/ecs-os.html) + * [`Package`](https://www.elastic.co/guide/en/ecs/current/ecs-package.html) + * [`Process`](https://www.elastic.co/guide/en/ecs/current/ecs-process.html) + * [`Registry`](https://www.elastic.co/guide/en/ecs/current/ecs-registry.html) + * [`Risk information`](https://www.elastic.co/guide/en/ecs/current/ecs-risk.html) + * [`Rule`](https://www.elastic.co/guide/en/ecs/current/ecs-rule.html) + * [`Threat`](https://www.elastic.co/guide/en/ecs/current/ecs-threat.html) + * [`TLS`](https://www.elastic.co/guide/en/ecs/current/ecs-tls.html) + * [`User`](https://www.elastic.co/guide/en/ecs/current/ecs-user.html) + * [`Vulnerability`](https://www.elastic.co/guide/en/ecs/current/ecs-vulnerability.html) + * Please note that some of the above-mentioned namespaces are already a part of the Semantic Conventions schema. The goal is to expand these namespaces to include additional fields that are relevant to security use cases. + * As new use cases and namespaces are introduced to the semantic conventions, there may be a need for additional instrumentation to accommodate them. It is anticipated that this aspect will expand through an iterative process. ## Staffing / Help Wanted @@ -35,15 +56,18 @@ Need more ## Meeting Times -TBD - -Once a project is started, the working group should meet regularly for discussion. These meeting times should be posted on the OpenTelemetry public calendar. +There is an open slot in the Semantic Conventions WG for this project. +- Mondays at 8 AM PST ## Timeline -TBD +The goal is to have the security semantic conventions implemented by the end of 2024. + +The timeline for this project is as follows: +December 2023: Initial Draft +April 2024: Review and Refinement +Mai 2024-December 2024: Introducing the Security Semantic Conventions -What is the expected timeline the project will aim to adhere to, and what resources and deliverables will be needed for each portion of the timeline? If the project has not been started, please describe this timeline in relative terms (one month in, two weeks later, etc). If a project has started, please include actual dates. ## Labels @@ -53,8 +77,3 @@ What is the expected timeline the project will aim to adhere to, and what resour * [Donating ECS to OpenTelemetry](https://github.com/open-telemetry/oteps/blob/main/text/0199-support-elastic-common-schema-in-opentelemetry.md) * [Creation of semconv-security-approver group](https://github.com/open-telemetry/semantic-conventions/issues/580) - - -## Project Board - -Once approved by TC, a project should be managed using a GitHub project board. This project board should be pre-populated with issues that cover all known deliverables, organized by timeline milestones. Once created, please link to the project board here. \ No newline at end of file From 474a6e12bace9b17c2360cddbb3b338e18326b2a Mon Sep 17 00:00:00 2001 From: Alexandra Konrad <10500694+trisch-me@users.noreply.github.com> Date: Tue, 23 Apr 2024 17:35:53 +0200 Subject: [PATCH 08/12] Update projects/security.md Co-authored-by: Armin Ruech <7052238+arminru@users.noreply.github.com> --- projects/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/security.md b/projects/security.md index 149c2841f..8cce43e0b 100644 --- a/projects/security.md +++ b/projects/security.md @@ -66,7 +66,7 @@ The goal is to have the security semantic conventions implemented by the end of The timeline for this project is as follows: December 2023: Initial Draft April 2024: Review and Refinement -Mai 2024-December 2024: Introducing the Security Semantic Conventions +May 2024-December 2024: Introducing the Security Semantic Conventions ## Labels From f72d0189034c6e4a7a7161686f842e52f2f35798 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Mon, 29 Apr 2024 15:52:00 +0200 Subject: [PATCH 09/12] update sponsor and meeting time --- projects/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/security.md b/projects/security.md index 149c2841f..649ba3d61 100644 --- a/projects/security.md +++ b/projects/security.md @@ -46,7 +46,7 @@ There is an open [PR](https://github.com/open-telemetry/semantic-conventions/iss * domain expert: @lambdanis (Isovalent) * TC sponsor: @reyang -* TC sponsor: vacant +* TC sponsor: @jsuereth Need more - [ ] domain experts @@ -56,7 +56,7 @@ Need more ## Meeting Times -There is an open slot in the Semantic Conventions WG for this project. +There is an allocated time in the Semantic Conventions WG for this project. - Mondays at 8 AM PST ## Timeline From ebb55c20e077b522852b3737b6c99c7de0a13212 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Mon, 29 Apr 2024 18:43:33 +0200 Subject: [PATCH 10/12] added slack channel --- projects/security.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/projects/security.md b/projects/security.md index 4b451bef0..57d61d1e0 100644 --- a/projects/security.md +++ b/projects/security.md @@ -59,6 +59,8 @@ Need more There is an allocated time in the Semantic Conventions WG for this project. - Mondays at 8 AM PST +For async conversation please use #otel-security-wg slack channel from official CNCF slack workspace. + ## Timeline The goal is to have the security semantic conventions implemented by the end of 2024. From d22854c4ec4231ac7628f632d006fd622fbcd5e7 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Mon, 29 Apr 2024 19:41:27 +0200 Subject: [PATCH 11/12] add expert --- .cspell.yaml | 1 + projects/security.md | 1 + 2 files changed, 2 insertions(+) diff --git a/.cspell.yaml b/.cspell.yaml index 507966a3c..682281732 100644 --- a/.cspell.yaml +++ b/.cspell.yaml @@ -120,6 +120,7 @@ words: - mateuszrzeszutek - mayur - mayurkale + - mdelfabro - mhausenblas - mirabella - mjwolf diff --git a/projects/security.md b/projects/security.md index 57d61d1e0..6badc5fac 100644 --- a/projects/security.md +++ b/projects/security.md @@ -44,6 +44,7 @@ There is an open [PR](https://github.com/open-telemetry/semantic-conventions/iss * domain expert: @mjwolf (Elastic) * domain expert: @raesene (Datadog) * domain expert: @lambdanis (Isovalent) +* domain expert: @mdelfabro (Dynatrace) * TC sponsor: @reyang * TC sponsor: @jsuereth From 494d26e3aa45ef52feb30639f675045d2d747056 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad <10500694+trisch-me@users.noreply.github.com> Date: Tue, 30 Apr 2024 10:20:22 +0200 Subject: [PATCH 12/12] update slack name Co-authored-by: Trask Stalnaker --- projects/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/security.md b/projects/security.md index 6badc5fac..afd223c1f 100644 --- a/projects/security.md +++ b/projects/security.md @@ -60,7 +60,7 @@ Need more There is an allocated time in the Semantic Conventions WG for this project. - Mondays at 8 AM PST -For async conversation please use #otel-security-wg slack channel from official CNCF slack workspace. +For async conversation please use #otel-semconv-security slack channel from official CNCF slack workspace. ## Timeline