 I'm not the only one who's here early. How are you? How's it going? Good. How are you? I bet. So just from logistics, there's typically five minutes spent on housekeeping. See if there is updates on action items from prior meetings. Or anything like anyone wants to share or announce. I don't think there'll be anything major for today. So it shouldn't take more than that before getting started. I'll drop off from the other zoom I was on. Apparently I'm still logged in. We've been doing what's called the books print. Are you familiar with that? So think. Yeah. Think about how. Yeah. Screen writers and like people who write movies and TV shows, get together in a room and like crank out all the ideas. So producing from like zero to published and three to five days. And those used to be done in person. Now that it's gone virtual. It's two weeks. It's 10 days and we're like in the middle of week two. We're just writing about production identity. But it's like pair programming times 10. It's pretty intense. You're writing a book or a white paper. We're writing a book. We're right about 45,000 words. That's a good number of words. Yeah. Depending on, on how you edit the book. Looking at like 200 pages at this point. Emily's been on it. It's been fun. Hey, thanks for jumping in last night and. Getting that chapter four. Going. It was interesting to have last week sandwiched in between the two things. Like I thought it'd be like. So productive, but like everything I didn't get to like this two weeks, I had to cram in there. And I'm actually glad, glad to be back at just the single task. Just go, go, go. So you're, you're officiating. This is your first meeting is. Or was it a, was it a co-chair or that was the, the wand last week. And person co chair last one. I was still technically co chair, but I was out. So. And then to the agenda and share it. The regulars know the drill, but whoever's new here, please add your name to the attendee list. security certification alpha testing. It was fine. I had more feedback that I expected that I would have. But it's turning out to be a good test, I think. Awesome. Yeah, I seem to have missed the call out. But well, I'm glad to have been able to participate in the authoring early on. That was fun. Yeah. Well, welcome everyone to today's six security call. If you're new here, please add yourself to the meeting notes and agenda. You will find under today's date. The attendee and like. List and action items. If you have an update to share, if you don't have an update to share, say no update, otherwise we can, we can do roll call. And I'll pass it to either Emily or Brandon. If you want to just like kick off and do like. First, before we get into talking with Eva, who's our guest joining us today to talk about confidential computing. So quick update on security day, we had over 30 talks submissions and a lot of them are actually really, really good. So it'll be very hard to select just a couple of them for a security day. So that team is working is when we have our meeting to go through and discuss everything. So we're, we're on schedule and we're doing really well. As far as the white paper goes. So we've started our narrative voice review where we're going to go through and talk about adding some consistency in the language that's used and make sure that the content of the document is easily readable that some of the thoughts. The thoughts are more cohesive throughout the doc. So if you had an outstanding comment in the document, we're going through and we're trying to resolve as many of them as we can. All right, I guess my update next. So we, we kicked off the security assessment improvement. And so we're trying out something new. I know some, some folks on this call may have experience with it. We are attempting to use mural to kind of brainstorm and kind of get ideas together for what we want for the security assessment improvements. If you're not already part of the site channel and want to participate, I'm going to paste in the link to the issue. You can comment on it. There's a list of things that we are currently working on. So if you're interested, just feel free to jump in. That's it for me. And in addition to the issue, there's also a Slack channel and there's going to be an ongoing call, right? Yeah, yeah, that's absolutely right. And all of it should be, should be in that issue comment right there. Also paste it in the agenda. Fantastic. I don't see any other updates coming from the attendance list. Okay. So Santiago, you want to tell us about the end total proposal? I saw that open up. You want to do a call out for folks to chime in. Sure. So in total is gearing for incubation and. Part of the diligence process is to have approval by the state. And. Yeah. So we discussed earlier on, it's been like an ongoing process. But we're finally starting to ask the state to input their. Self assessment conclusion, which the self assessment is probably. I would say number zero. It was the first one that happened. So there's a couple of things we need to revisit, but from discussions with the Sarah. And then on the other hand, it seems that since originally it was a recommendation for incubation, then it kind of, it makes sense to move forward with the original recommendation. Then again, I think. Being transparent and letting people chime in with anything new that. That may raise concerns. It's valuable. So we posted the. Google doc. In the, in the Slack channel and also Brandon send it in the GitHub PR. So if you want to take a look in the. And discuss or input some feedback and assume that eventually the state will come to a decision on what's the recommendation for incubation. I don't know if Emily or. Brandon or. I forgot what I was running it. I don't know if that's an input and how the process is. To both to go. If I recall correctly, at least what we did with over half. Really it was kind of copying over the outline recommendations. And I think with like over what, what then did at the time, let's just say, okay. We did a secure assessment. Here's how we recommended to date. The project has taken steps to fix. These issues and stuff like that. And I think it's just a short paragraph. I think the last one was filled up with. By. Justin and Dan and. I'm guessing we can do something similar. Okay. The last one was a grad was graduation. The last one we did, I think, which is not necessarily the same. Because the incubation one is supposed to be the most detailed review. Which was a lot. Did we do another? It was harbor and open. I think. I think both were for graduation. So. Yeah, so. Yeah, so we might need a bit more. Detail for incubation. Do you know anything specific that. That we should add in is that kind of. A template that we have to fill up. Is there a template. I don't have to check because I can't remember a friend of us. I remember the opal and harbor one being really loose which is like. Sick recommendations and then it's just kind of free form text. And that's why we paste it in. The security assessment results. Yeah. I should be able to dig up the original slide. That's a recommendation. From the top of my head it was mostly it seems that the project has done. I think it's a good idea. I think that's really one of the best steps to like. Have a reasonable security. Design principles and development practices and vulnerability. Disclosure and management. And I even remember there was another blurb saying. We recommend the CNCF to develop some budget for. UX UI designers to help with the. Front end or like the user interaction with a total. like if that's something that we can start working with. Yeah I think that would be a good starting point. Great sounds like there's a course of action there. Awesome. Any any other updates before we get into our guest talk? Anyone who wants to raise their hand? Without further ado today with us we have Eva Black. Eva you understand you work at Microsoft and you're also part of the outreach community for the Confidential Computing Consortium. You're involved in Open NCLAF. You've been doing a lot of work around TEs and the motivation for being here today is really about increasing awareness, comparing notes between similar efforts within the CNCF, seeing what people are coming across, and hopefully finding how to best collaborate where there's an intersection of TE enabling projects. Is that fair? Pretty close yeah. Shall I start with a little intro to what Confidential Computing is? Is everyone already familiar with the the concept? I think you should probably try it. I think it's not everyone especially not everyone on the recording. Great so the idea Confidential Computing is to extend protections around privacy, data confidentiality, and data integrity from when data is in transit SSL TLS data at rest now to do those same functions for data in use. So encrypted memory while applications are in use. There's different approaches to this. Folks have been building over the past several years, homomorphic encryption, differential privacy, both of those are software based. This one is hardware based and so each of the CPU vendors Intel ARM AMD and potentially more as well I think the power series risk series also have some enable encryption of memory pages and keep the entire application encrypted the decryption key is either in hardware or not even on that machine that they could be delegated temporarily to enable this workload to be run and then attested to where exactly it's running I'm not going to jump into the the how and also the how varies from architecture to architecture and cloud platform to cloud platform. I put a link in the meeting agenda doc and I'll drop it in the zoom chat as well. The CCC outreach committee produced a white paper that's its high level designed just for general education for folks new to the concept it's a great starting point. Our technical advisory committee is working on a much more technical paper right now while still being neutral and high level because each of the member companies and projects do do this differently in my context as Andre pointed out for me joining the call today is I've had a couple conversations with folks in different cncf projects saying yeah we'd like to use this these chipsets this hard breakability to do things like mutually attested TLS or containers which are fully encrypted or container image format that is encrypted and can only be decrypted in specific locations using attestation with third-party verified ability and I'm kind of throwing word soup a little bit here because right now it does feel a little bit like word soup different projects are using or overloading terms and the even within the member companies in the CCC I'm seeing a little bit of overuse of terms and I don't know what's happening in the cncf landscape yet other than folks are like hey mutually attested TLS using SGX we should do that okay well hang on let's all get together and try to make sure first we're using common terminology and then if possible that we're not duplicating work too much in our open source projects because we do have two foundations both under the LF working in somewhat overlapping spaces we've got now I think nine open source projects in the CCC that all do stuff around using hardware enclaves are there common ways we can surface up those open source projects into cncf projects that want to use those capabilities and so my questioning began just with kubernetes steering committee and sick security like hey does it fit here they said well this looks like a cncf level discussion should happen and I ended up routed to all of you and so that is the context and I would love to just sort of have a free form discussion for a bit my my goal being figure out how best to address the these challenges common terminology and common use of open source projects across multiple foundations you mentioned I think you said seven or nine projects under ccc could you list what some of those are we make sure open enclave sdk nrx from red hat graphene and research projects um gosh you're challenging my memory not all of them have have gone through the full legal process yet some of them are still like a good sample the tack has approved but legal hasn't been done so the website isn't updated yet um yeah cool yeah there there are a few like related projects uh at least from from my vantage point and then let others chime in but certainly spiffy inspire get roped in with the desire to attest based off hardware would have crossed properties and how can we do tpm at the station and then t at the station so there is there's some nascent work there there are uh emerging projects well they're actually on a bit far down a good road like parsec i know justin cormac is involved in in that project which is a platform to provide a identity-based crypto operations at the edge providing segmentation well edge is one of the use cases but it has many different applications and it's an api for that abstracts hard words root of trusted that can abstract nature sam or a tpm and it provides you this wire protocol that has been an attested channel to do this descriptive operations but there's several certainly many others um you know i'll open it up to whoever has like comments or feedback on on what you've said thus far um on the double by head uh i can think of two projects one of them is definitely in total part of a feature work that we want to do is to use uh hardware roots of trust to authenticate functionaries within the chain uh that's been something we're we've been trying to make happen for a while but i don't think we have the building blocks uh software layer that's that's why when we're looking at the open enclave sdk and hopefully the ccc can come make like all the tpm stack a little bit more manageable uh i would really love that another one that i was thinking about for the same purpose and that's now sandbox in the ccf is key lime which i i wonder if you had a chance to talk with them uh key lime uses uh tpm and the the limits kernel ima capability to essentially authenticate states of hosts that are operating it uses mr boot and like a bunch of little building blocks and to make sure that everything is within a consistent state uh i wonder if there's like a possibility to collaborate and uh like between the ccg and the key lime project so i just pulled it up it looks like key lime is focused on measured boot or trusted boot rather than um what we would call confidential computing right so yeah i'd like to kind of ask a question also that that's kind of like a conflation of features with that right because i i think there is some common ground with confidential computing and um every other thing that builds on top of uh some kind of hardware with a trust of some hardware models um and kind of i think the main block usually relates to attestation um may i briefly share my screen i think it may help yep this is how we're modeling the conflation of terminology or overlapping domains and that what the consortium is focused on is the smallest circle in the bottom left which is programmable okay so this is like library or a technique like graphene yes that is a type of example of of the resultant software that fits in this domain we're trying not to address the whole space and there's a lot more above that in the privacy preserving computation that we're not addressing at all and there's a pretty strong overlap with tpms and trusted boot and measured boot through the use of hardware te is that is non overlapping with what the ccc is focused on in our work as a foundation so i have a question regarding that uh i assume that to make a this little circle in the bottom left you are also working a lot on having the building blocks that are necessary and i wonder if in that sense uh there's a way for the for security in cmcf to understand what things that are not like immediately interesting for you uh but may benefit both communities if we tackle it together i'm thinking for example the open enclave as k kind of feel like it falls on a broader circle or at least it can pour into other elements for example how so well uh the open enclave sdk allows you to build a arbitrary trusted execution environment which i feel was is was the bigger circle on the open enclave sdk allows you to utilize a hardware te to build an application right i could be wrong again i don't want to put words in your mouth but uh my understanding is what it was an abstraction layer that allows you to use multiple vendor specific technologies to build anklets it is a hard it is an abstraction layer that allows you to use multiple vendors hardware te is to build applications and that the terminology like i said is overloaded but the open enclave sdk does not let you build a trusted execution environment so it's you build an application that leverages a trusted execution environment to perform some work okay i i'm having a little bit of issue seeing the distinction but i i i that's probably um i could say uh graphene or alkaline or alkaline's an interesting example because it's rust based there's some parts in there that you build an application you run that application somewhere that application runs through a hardware te inside encrypted memory pages and then you do need functions like attestation key signing key release policy management that at this time the open source projects don't have a lot of the orchestration around that but some like fortanix edp or and junna both commercial products edgeless also has one that integrates with kubernetes to do key management and orchestration to do the key release policies so that when your application want it is being run by kubernetes in a hardware enclave to actually launch it you have to release decrypted and something has to coordinate where that decryption happens if it's allowed to be decrypted and run on this machine or not that yes there's certainly shareable libraries i think that could emerge from this of like how do we do the key release and the key management so i'm aware of several projects that are kind of dip the toes a little bit in this but not really go as far into it just because um there isn't really quite a established way to do things today um i know you know this is something that kata container so i think sick runtime would also be a good place to talk about this um i think the parts for example with enox especially um there's a lot of talk about web assembly going around in sick runtime that could be a interesting place i know container the um recently provided ways to manage a snapshot separately within a different environment not necessarily tied to the the the host operating system um so there's this discussion in kata containers where we're talking about um so recently we developed encrypted containers um you know how do we run the vm such that everything we did the vm would be um confidential so this is if it's using for example amd scv mgt me and stuff like that um and the the whole part of the discussion was okay now um if we wanted to be truly confidential we had to handle the distribution as well within um the enclave or the encrypted memory and so we had to kind of take parts of the ecosystem and also put that within the enclaves which i think was the difficult part of it um so i'm kind of trying to think about from a community standpoint what we can do the first thing that comes to mind is you know just getting in touch with the the groups of people that would be interested in it um i think that's uh that would be something um we could see where the sick runtime has also interesting uh any any channels that would be interested there um in terms of education i think there is a level of something that we can do about it and i think that you know it it may be a good um maybe project for security if there's interest that's built around it um and last thing i can think of is i haven't taken a look at the list of projects but um you know if cncf if these are projects which may benefit from being in cncf but then that's kind of question about you know what's the gain of being pilot cncf versus ccc yeah i don't want to get into a competing linux foundation projects with each other right but rather collaborating so i don't really want to um certainly not projects that have already applied to join the ccc and are accepted there i'd rather look at how do we communicate across these foundations and support projects in each of their homes um i would love to better understand which cncf projects want to use uh hardware-based tees whether it's for key signing or um you know running the container in an enclave what however they want to leverage this type of hardware i think if we can um sort of surface up what scenarios or paradigms emerge that'll help both help shape the projects that are still in their early phases coming out of research and entering into being productized and help shape the answer to your question brand and of which which foundation is the right home for which projects yep and i actually i think that i'm not sure that emily whether the white paper section landscape would be you know once that's i know it's like almost completed but once that's done we can kind of have this discussion around that as well sounds okay i think there's definitely room and the white paper in the landscape to touch on a little bit of that for sure uh and its current state probably a bit late for updates but once post-cube on the break though certainly add an update cool i also have the question on my mind of is uh cncf 6 security the best place for that work to happen where's this like as i read your charter it seems close to but not necessarily within the current sig charter and i'm new here so i don't know and i wanted to ask the question my take on the set we are we here to foster the collaboration um i don't think we are looking to do um technical projects that come up bit um more like we can help form the groups from the discussions i know um there are already several several people on this call i know they are already interested in this um so i don't think we would be doing the technical work but we can help you know get the right people to get there and kind of also communicate um some of these discussions as well it's i would say it's the starting point uh sorry i'm gonna go ahead but i'll just want to we're happy to avail ourselves to facilitate connections to the respective projects of interest and the right groups go ahead emily you were gonna say i was just going to say that for sure we can definitely help facilitate making sure that you get the right points of contact and maybe help like move that forward we also have the mailing list which has a ton of folks on it so you're more than welcome to write something often send it out to the mailing list to help facilitate some more attention on the on this particular topic thank you yeah i would also create an issue as well this is a good channel um kind of create a suggestion and then usually we have a couple people just chime in on it so you had talked about one set of example applications i wonder if and that might have turned the light bulb for some i wonder if you can talk about other use cases you're encountering or perhaps water some unsolved challenges for some of the nascent projects in ccc that may be areas of interest for folks to jump in and contribute what is stuff of mine what is like desirable but like not necessarily near term and you're like looking to well we could really foster rally people collaborate be it like just problems within the boundary with tea or like across te boundaries one of the areas and i'm looking at this not i'm interpreting your question not as what challenges are the ccc projects trying to solve but where are they running into things that relate to the cncf and orchestration at scale of key release is one of them another is image formats um just and this might be a little bit directed towards you i think around projects that launch containers in enclaves taking novel approaches to how they encrypt and sign those container images and i think oci just did a um specification on how to do took a position on how one should do encrypted container images and i'd love to help facilitate that collaboration so that people aren't reinventing the wheel yeah no definitely i think that um yeah i see i i see i as a good place and obviously both me and brandon are involved there yeah interest is working on that i think that um um there's i mean there's a lot of work kind of planned i'd say at the stage when the for oci format change i think there's a lot of use cases that are not encompassed by the current formats and there's a lot of um discussion as to what things we need going forward yeah and i i think we can also bring uh a couple other folks um from oci as well on this right just then maybe phil uh alexia someone oh vinson i'm curious on uh has there been any benchmark study done as far as the what's the computing cost for this uh confidential computing especially when the processing side of it when you're doing the encrypted data and trying to process that and decrypt it and and process it and then encrypt it back and so forth what are the typical penalties or what are the typical computing costs it yes some benchmarks have been done um the results vary wildly by a cpu vendor by um software architecture and by use case so an example of where the cost can vary hugely is um sgx does not support fork internally and so some projects implement fork by jumping out to the host and starting up a new sgx process and the page swapping for that entering and exiting the enclave can be very very costly depending on how you implement it or less costly depending on how you implement it and so the benchmarks end up being well on this chipset these two projects in this scenario have a 10 times different performance profile isn't that wild 10 times uh some of the some of the use cases we see there's a 10 percent overhead and some of the scenarios we see have a hundred uh uh thousand percent overhead there again i can do my math considering whatever you have seen in terms of the fastest hardware or most uh most intensive hardware implementation of this confidential computing would you put that into the category of the 10 percent overhead the low that's the low end right penalty i would also say that all of the cpu vendors are rapidly advancing this and coming out with new capabilities i would expect those to have far less overhead than the previous generation i'm kind of curious on that is there any uh work towards standardization of the interfaces there at the cpu layer yeah at least like what um how should you communicate to on-clays what is expected out of the interfaces i know sgx has uh all the implementations are different they do key management in different ways some of the do key management hardware some of them do it outside so then can do interrupts on that kind so yeah um what i see across the cpu or the chip vendor space is sgx is kind of a novelty everybody else has taken a different approach they're working mostly at the hypervisor interface layer when i look at amd sev or sev smp when i look at uh intel tdx not released yet but announced in the plans and when i look at um ibm's uh pef and they all take a similar those three take a very similar approach trust zone and opti is a bit different and then sgx is completely by itself in in its interface and so what i'm anticipating is uh over time we'll see the layer above all of these where the common abstraction forms right it's not going to happen in hard work because the real hardware is going to be different it might happen at the um at the the sdk level of like a c sdk interact with the hardware it will probably also happen at the orchestration layer how do you launch a process or a vm into an enclave and that's where i think the real work happens between the ccc and the cncf like people whether they're launching vm's or they're launching containers or they're launching function as a service like however they're launching it they're going to need to perform actions like attestation encryption signing and that should be consistent across projects and across cloud service providers in my opinion i think yeah so i think you mentioned an interesting point there on the sdk so i'm curious because uh different workloads require different types of securities right so you should be able to selectively choose where you really want the most rigorous uh confidential computing workload versus this so if you consider for example different microservices um and some of the microservices might be running in very high confidential computing um environment as opposed to the others which might not require that so this does this sdk provide that kind of flexibility to orchestrate your workloads to be clear i was not speaking of any specific existing project i was making general statements about what i think things will do in the future okay but this is well taken that yes but this is part of the consideration i suppose in those okay exactly i i do believe that um i completely agree with your point that different workloads will have different security requirements some will want a very small tcb and very fine-grain very careful nuanced control over the code running in it and how it is launched and some uh consumers may want to just take a whole vm take their existing you know um erp app and run it in a confidential vm i might not want to but somebody probably will okay i want to chime in with a couple of those i think that the idea of uh thinking or looking on all this communication uh problems through use cases would definitely be helpful so i can say that we are looking into this from an integration perspective and bringing hardware root of trust to and do basically building with sph inspire the identities that's good like unified identities that could be used to cross all the system and bringing hardware root of trust to it right so uh there are different layers for it and like you can look into sph inspire from one attestation perspective but we are looking into it from another attestation perspective how we do an attestation of a hardware and making sure that's uh agents where they run in can have another uh another key and and basically using another infrastructure that we can use for another layer of attestation so uh i i kind of feel that understanding of for their possible or main use case in it and identifying projects in the sector system would be definitely helpful because it's it's all unstructured knowledge at this point that that would definitely help to understand who is working on what and how we all collaborate more and better completely agree i've uh been thinking of this within the ccc as trying to define the on ramps how would a developer engage with this layer of securing their application and defining the use cases from that perspective there are other perspectives as well but that is i think the next step that we all need to do is define those use cases and how people are approaching it eva's part of that on ramp event well for for the folks on like behind projects in the call today as well as like end users like elie beyond the the white paper like starting that what would be like the next steps you would point folks towards i don't know if there is a yeah i don't have a specific next step part of my goal in asking and coming here today was to determine whether cncf uh sick security is the right place to continue these discussions um or or not and i that question just came from talking to folks who're like yep that's a great conversation i'm not sure where it should happen so my question is to all of you um should this become a working group or something within the SIG or a regular part of your meetings or should we create a separate thing to have these conversations and work on these use cases within the cncf scope because i'm also having the same kind of conversations more broadly in the ccc which also includes non-cloud native scenarios so i hear from what you're saying there's there's no defined space for people to get together within the realm of that's so there's no question you don't want to have like ad hoc hey come to me after if you want to jump in or contribute like brandon i'll pass it on to you yeah i i just um i think that creating an issue would be a good first step um at least you'll see that it seems like there are there is interest for individuals from chat that can see so um if there is enough of a group that wants to go around this and there is a defined um effort that can come out of this like for example you know so like in the use cases like like i mentioned then um we could have it as a project proposal and one of if a co-chair signs up offer that it could be something like um you know what Santiago did with the supply chain documentation kind of just like it's a it's a primer on what is confidential computing a couple projects and here to some of the use cases so we do have that um by the way i dropped a couple links i should have asked everyone to go read them the outreach committee created a white paper that does outline the use cases for confidential computing it's just not specific to the cnca right okay so i think definitely creating the issue first it should be the the very immediate thing that happens and then probably uh drafting a notification to be able to existing security mailing list with the link to the issue to help solicit some some interest in the area and then depending on what the activity on the issue is and then the next steps that come come out of it we can certainly look at doing a working group and adding something more concrete to the refill the very least to help provide some more documentation specifically about confidential computing for cognitive architectures and workloads we should probably cross-pace to seek runtime at ACI as well as they're the probably the strongest other groups that would be interested yeah that's a good idea i will will tag the the the various people in the issue once it's created Justin you said sick runtime and what other sick well i see i which is another alaf organization but got it a possible outcome of this would be that you know the conversations between oci and cncf could end up in a working group under the ccc as well yeah i feel there are like so many uh different pieces in different groups so there might be a need to like have six ccc or something like this like uh we definitely have some projects in here that's been mentioned like spiff is prior ran in total like a couple of them for sure and and maybe others but they're definitely bigger scope and landscapes for for integration with the hyper risers and functions and a bunch of other stuff for sure so yeah i guess feature creep happens at the cncf level i think and in total in a sense for example of course beyond cloud native but it's if i'm suffering at home here mostly because the community is very welcoming and there's a lot of interested innovation and the solving problem solving so i wouldn't be surprised that people are also willing to hear about the use cases that go beyond containers and orchestration i suppose regardless of where this happens i believe it might be useful to think of of utilizing some sort of an api type based optional capability from the cncf project to whatever being developed in the uh confidential computing so it can be optionally used for different workloads or different purposes so standard api is maybe a very useful thing for depending on the use case and depending on the application because it's a application i think goes beyond the just the cloud it definitely goes into the edge environment as well so yeah there's a lot of 5g conversations around around confidential and trusted computing exactly so for next steps how about i continue to come to this meeting since it seems like we're going to create an issue and we can track the work there for now um and i'm having a conversation you know very much related to this in the ccc tack which meets every two weeks mostly at the moment that is between myself and uh mike bercel is my my um here on the nrx project and i'm on the open on cliff project and so the two of us are trying to sort this out as the two most mature projects in the ccc right now um folks are welcome to join yeah i'm happy to help these use cases a few folks will plan to uh work on this at least on a high level and might be per project sort of things we have been uh touching uh with or playing ways to see how it fit into the whole infrastructure the whole idea okay seems this is a good step in the in the right direction just to break walls and create a communications channel and use a liaison between the two groups for people to know what's being developed and worked by the different projects and the different foundations and we can as you said not duplicate effort and work towards common goals and through that just enrich the ecosystem there's certainly like desire to for you find consumers of open on clave and clearly we've we've identified a few that we can like help like expand the footprint but also take advantage of the benefits it provides uh and i'm sure others will arise but yet near-term like certainly in toto spire for using while solving the distribution of keys there's certainly also a consumption aspect we can surface back throughout the station i wonder if projects like opa well initially that were intended to be able to enforce rules and regulations that a layer of the stack if it's something that that could be done there i see we have ash on the call um maybe an area to explore andre i think you've given me something else to think about could we create a sort of a list of cncf projects that are surfacing up this kind of functionality i think that having that list would be helpful to track and organize interest in conversations around it for sure i'm happy to take that action item and provide that list to start out at least the initial ones that have arised and i'll open it up to others to add in cool cool i don't know if anything else anyone wants to share jay jay sorry i joined uh i joined a little late nothing much from me i know aradhana was supposed to present i don't know if it happened otherwise i think depending on her time maybe we should see if we can have have her presentation scheduled for next week or week after yeah next week next week we'll be better that yeah let me talk to the next week we have a key line presentation let me ask him how long that he needs for it which is also relevant to what we talked about today yeah for that decision portion so let me have a chat with him see how long he needs aradhana how long do you need for your your thought i can adjust time um i mean whatever time you can give me um it's just for you know sharing and bi i um i can send a link to the paper and you guys can read the draft not a problem thank you okay random you've become a great fan of mirror boards i wonder if we should start a mirror board for this we should we should start a second just from your robots i didn't know nothing from me no update from me cool uh steven cameron anyone else no no hope for me um i think you guys i think it's i think this is really positive really like the the work together concept here from the ccc i think that's just absolutely awesome yeah 100 percent agreed well uh iva thank you very very much uh looking forward to seeing you and upcoming calls and working together i will yield my time back to the chairs emily i think that's everything for today anything else nope i think we're good thank you thanks everyone thank you okay thank you there's there's the zoom option to download the comment history right yeah you can you can save it i saved it the last one i can let's say i don't want to catch it when we get idea to dump that in the meeting notes yeah i we're we're working on something too so this is downloadable if you log into the cncf um account but we still don't have a way to to do that efficiently yet yeah hey santiago while i see you here there's been a lot of interest and demand to see a upstream integration between and toto inspire be it for protecting the toto machinery and at the same time well for the supply chain log to be used as at the station criteria for like binaries of known provenance to be issued identities i i wrote to justin about it that would have been meaning to reach out to you still on our list but probably be setting up the time so we can riff a little bit over that yeah it sounds very interesting i'd be interested in knowing because i know there's at least it makes me think of a supply chain transparency uh in a sense and i think that's something that's coming up soon in other communities as well so i wonder if we can make something happen uh the new feature the the request originated from the dod from their chief software officer directly said like hey like there's there's interest far and wide within the dod with what we're doing with cncf for both projects but this is like the most desirable integration what we'd really like to see come together i i think i've got your contact or i'll just get it from from slack did you end up moving to tucson no i i'm now in lafayette in indiana i ended up at british university oh congrats thank you that's yeah it was a tough decision between the diversity of our zone and british university but but i'm i'm happy with the decision i made let's see how it turns out either way you would have made the right call right can't go wrong yeah but both uh that's an issue you have to make a call if i could split myself and in both places i think that would have been out of all of it it is what it is curiole food has a little bit more flavor than southwestern which is also very tasty but well this is in indiana it's uh midwest oh not like i yet uh louisiana but indiana oh gotcha okay yeah so well yeah the food is not as great as southwestern but uh well um yeah i'll find charm in the in the indiana i think so far i've been liking it a lot it's uh not so different from new york in some respect so so that's that um but yeah awesome yeah santiago you got to send us a picture of your guitar i see the the case oh i can probably it is open it's a prsc 24 uh the the 2008 model uh the i think it's a dragon two pickups i forgot oh pretty cool i really like it awesome well uh nice to catch up and i'll see you guys next week yeah good to see you chat soon yes bye bye take care