Meeting minutes 2024-12-18

meeting-minutes/2024-12-18.md

@@ -0,0 +1,196 @@
+# 1. Opening Activities
+
+## 1.1 Opening comments (Co-Chair)
+
+## 1.2 Introduction of participants/roll call (Co-Chair)
+
+Quorum requires participation of 8 or more of the 15 voting members (including the officers).
+
+| First Name | Last Name  | Company                                                     | Role(s)                   | Present |
+|:-----------|:-----------|:------------------------------------------------------------|:--------------------------|:--------|
+| Adrian     | Diglio     | Microsoft                                                   | Member                    | NO      |
+| David      | Kemp       | National Security Agency                                    | Member                    | NO      |
+| Denny      | Page       | Individual                                                  | Voting Member             | YES     |
+| Duncan     | Sparrell   | sFractal Consulting LLC                                     | Member                    | NO      |
+| Feng       | Cao        | Oracle                                                      | Voting Member             | YES     |
+| Harin      | Sarda      | Cisco Systems                                               | Voting Member             | NO      |
+| Jautau     | White      | Microsoft                                                   | Voting Member             | YES     |
+| Jeremy     | Rickard    | Microsoft                                                   | Member                    | NO      |
+| Justin     | Murphy     | DHS Cybersecurity and Infrastructure Security Agency (CISA) | Co-Chair                  | YES     |
+| Kris       | Vandecruys | Cisco Systems                                               | Voting Member             | NO      |
+| Kunal      | Modasiya   | Qualys, Inc.                                                | Member                    | NO      |
+| Langley    | Rock       | Dell                                                        | Voting Member             | YES     |
+| Martin     | Prpic      | Red Hat                                                     | Member                    | NO      |
+| Omar       | Santos     | Cisco Systems                                               | Co-Chair                  | YES     |
+| Pablo      | Quiroga    | Qualys, Inc.                                                | Voting Member             | NO      |
+| Peter      | Gephardt   | IBM                                                         | Member                    | NO      |
+| Przemyslaw | Roguski    | Red Hat                                                     | Voting Member             | YES     |
+| Shridhar   | Chari      | Cisco Systems                                               | Member                    | NO      |
+| Sonny      | van Lingen | Huawei Technologies Co., Ltd.                               | Voting Member             | YES     |
+| Stefan     | Arntzen    | Huawei Technologies Co., Ltd.                               | Voting Member             | YES     |
+| Stefan     | Hagen      | Individual                                                  | Secretary, taking notes   | YES     |
+| Thomas     | Proell     | Siemens                                                     | Member                    | NO      |
+| Thomas     | Schaffer   | Cisco Systems                                               | Voting Member             | YES     |
+| Thomas     | Schmidt    | Federal Office for Information Security (BSI) Germany       | Voting Member             | YES     |
+| Tobias     | Limmer     | Siemens                                                     | Member                    | NO      |
+
+Quorum was reached (12 voting members present).
+
+## 1.3 Procedures for this meeting (Moderator)
+
+## 1.4 Approval of agenda
+
+* Roll Call  
+* Updates:  
+  * Thomas Schmidt reports from the CSAF workshops in the week of the CSAF Community Days 2024 in Munich, Germany
+* Approval of previous meeting minutes (motions carried out per e-mail motions)  
+* Review of actions
+* Presentation of use cases and scenarios
+* Review of outstanding issues and pull requests marked for TC discussion: https://github.com/oasis-tcs/openeox  
+* Next steps  
+
+Agenda was approved.
+
+## 1.5 Approval of previous minutes (Moderator)
+
+None (motions carried out already per e-mail motions).
+
+## 1.6 Review of action items and resolutions (Secretary Stefan)
+
+* ACTION on all to prepare and propose 15 minute presentations of use cases and scenarios for December and January (2025) meetings
+  * Justin: Przemyslaw and Thomas Schmidt have prepared presentations
+  * Przemyslaw: Prepared one usecase for today
+  * Omar: Has prepared a 2 minute presentation of Cisco Use Cases
+  * Thomas Schmidt: Is also prepared for today
+  * Feng: Will present in January 2025
+  * Przemyslaw: Suggests to not only present use cases during the meeting but also trty to close a few of the growing list of open issues
+
+## 1.7 Identification of TC voting members (Secretary)
+
+- the roster is still out of sync so no statements on member status changes possible during meeting
+
+### 1.7.1 Prospective voting members attending their first meeting
+
+### 1.7.2 Members attaining voting rights at the end of this meeting
+
+### 1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
+
+### 1.7.4 Members who previously lost voting rights who are attending this meeting
+
+### 1.7.5 Members who have declared a leave of absence
+
+# 2. Future Meetings
+
+## 2.1 Future meeting schedule (Secretary)
+
+- Next Scheduled Teleconferences (Wednesday at 09:00 PT / 12:00 ET / 18:00 CET / **17:00** UTC for 1 hour) - all in 2025
+
+    ```
+    January 15
+    February 19
+    March 19
+    April 16
+    May 21
+    June 18
+    July 16
+    August 20
+    September 17
+    October 15
+    November 19
+    December 17
+    ```
+
+# 3. Discussion
+
+## 3.1 Red Hat use case presentation
+
+> Will result in pull request on TC repository.
+
+- Przemyslaw: Walks everyone through the two use cases (present in his fork of the TC repository
+              at https://github.com/p-rog/openeox/tree/main/value-scenarios/contributor-scenarios/RedHat ) 
+  1. Use Case 1: Red Hat Enterprise Linux
+  2. Use Case 2: Red Hat OpenShift Container Platform
+- All provide feedback
+
+## 3.2 BSI use case presentation
+
+- Thomas Schmidt presents seven scenarios on behalf of the BSI at (
+  https://github.com/oasis-tcs/openeox/tree/main/value-scenarios/contributor-scenarios/BSI )
+  1. Scenario 1: Know all End-of-Life products for a specific vendor
+    - As a consumer, I want to know all End-of-Life products for a specific vendor
+  2. Scenario 2: Check product lifecycle state
+    - As a consumer, I want to check in which lifecycle state a specific product is.
+  3. Scenario 3: Compare products of different vendors
+    - As a consumer, I want to compare products of different vendors to inform my 
+      purchase decision from the aspect of the lifecycle state the product is in. 
+      For example, there is not point in introducing a new product that is already 
+      outdated or does not have support anymore. 
+      Therefore, it is crucial to have a common language across all vendors.
+  4. Scenario 4: Check producer compliance
+    - As a consumer, I want to check whether a product that I got a list of part for
+      contains any parts that have no security support as this would violate the rules
+      of the contract with my producer
+  5. Scenario 5: Audit compliance
+    - As an regulator/auditor, I want to check whether any product used in the
+      critical infrastructure has no security support or is End-of-Life
+  6. Scenario 6: Track lifecycle state
+    - As a consumer, I want to track the lifecycle states and end dates for
+      security support and End-of-Life for all my products so that I'm able to
+      plan for replacement accordingly
+  7. Scenario 7: Trigger replacement notifications
+    - As a consumer, I want to automatically trigger replacement notifications based
+      on lifecycle states and end dates for security support and End-of-Life for all my products
+- All provide feedback
+
+## 3.3 Cisco use cases and scenarios presented
+
+- Omar presents scenarios per pull request https://github.com/oasis-tcs/openeox/pull/54
+  1. Standardized Communication of EOL/EOS Information (as a vendor)
+  2. Streamlined Internal Processes (as a vendor)
+  3. Enhanced Customer Satisfaction and Retention (as a vendor)
+  5. Efficient Supply Chain Management (use case 1 as consumer of technology)
+  6. Cost Management (use case 2 as consumer of technology)
+- All to kindly provide feedback per comments in the PR
+
+## 3.4 Dell use cases and scenarios
+
+- Langley: presented already in February/March but is happy to shortly present again
+           during the January TC meeting
+
+## 3.5 Issues / Pull Requests
+
+- Przemyslaw: Suggests to close issue [lifecycle schema proposal #15](https://github.com/oasis-tcs/openeox/issues/15)
+  - Omar suggests to link the issue to the upcomning PR for that topic
+
+## 3.6 Next steps
+
+* Keep on discussing on GitHub and mailing list
+
+# 4. Other Business
+
+None.
+
+# 5. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)
+
+## 5.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair)
+
+## 5.2 Review of Decisions Reached (Secretary)
+
+None.
+
+## 5.3 Review of Action Items (Secretary)
+
+* Carried over from previoius meetings:
+  * ACTION on all that did not present already to prepare and propose 15 minute presentations
+    of use cases and scenarios for January (2025) meeting
+* ACTION on all to provide feedback on use cases presented via issues and pull request comments
+
+# 7. Next Meeting
+
+  ```
+  January 15, 2025
+  ```
+
+# 8. Adjournment
+
+Meeting was adjourned.