OpenBao project proposal
- Joseph Pearson
- Kendall Perez
- Nathan Phelps
Presented to the TAC: February 21, 2024
Subgroup reviewed on: February 29, 2024
Subgroup readout to the TAC: March 6, 2024
Project Proposal - Project Introduction:
Required Information | Responses (Please list N/A if not applicable) |
Name of Project | OpenBao |
Project Description (what it does, why it is valuable, origin and history) | OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. The OpenBao community intends to provide this software under an OSI-approved open-source license, led by a community run under open governance principles. This project is a fork of Hashicorp's Vault. |
Statement on alignment with Foundation Mission Statement | We agree with the foundation's mission statement. |
High level assessment of project synergy with existing projects under LF Edge, including how the project compliments/overlaps with existing projects, and potential ways to harmonize over time. Responses may be included both here and/or in accompanying documentation. | Both Open Horizon and Edge X Foundry will incorporate/utilize OpenBao. |
Link to current Code of Conduct | We will adopt LF Edge's Code of Conduct. |
2 TAC Sponsors, if identified (Sponsors help mentor projects) - See full definition on Project Stages: Definitions and Expectations | James Butcher (EdgeX Foundry) |
Project license | |
Source control (GitHub by default) | |
Issue tracker (GitHub by default) | |
External dependencies (including licenses) | https://github.com/openbao/openbao/network/dependencies  |
Release methodology and mechanics | GitHub Releases |
Names of initial committers, if different from those submitting proposal | Matthew Burket (Independent) |
Current number of code contributors to proposed project | 13 (Independent of the contributors to the upstream Vault source or its plugins) |
Current number of organizations contributing to proposed project | Five companies, two LF Edge projects |
Briefly describe the project's leadership team and decision-making process | OpenBao has formed it's own technical steering committee (TSC) of five founding member organizations. While incubating under Open Horizon, it has been following their Technical Charter. |
List of project's official communication channels (slack, irc, mailing lists) | Mailing List |
Link to project's website | |
Links to social media accounts | N/A |
Existing financial sponsorship | IBM, Viaccess-Orca, and Wallix have pledged support in the form of FTE contributions. |
Infrastructure needs or requests (to include GitHub/Gerrit, CI/CD, Jenkins, Nexus, JIRA, other ...) | OpenBao needs a place to host its community supported plugins. Access to development/test hardware to support other architectures (RISC-V). |
Currently Supported Architecture | x86/64, ARM |
Planned Architecture Support | RISC-V |
Project logo in svg format (see https://github.com/lf-edge/lfedge-landscape#logos for guidelines) | https://github.com/openbao/openbao/blob/main/bao.svg  |
Trademark status | Trademark will need to be pursed by the Linux Foundation upon project proposal acceptance |
Does the project have a Core Infrastructure Initiative security best practices badge? (See: https://bestpractices.coreinfrastructure.org) | No |
Any additional information the TAC and Board should take into consideration when reviewing your proposal? | OpenBao is an incubation project under Open Horizon and is ready to become its own standalone member project under LF Edge. |
Project Proposal - Mapping Criteria and Data:
Stage 1: At Large Projects (formerly 'Sandbox')
Criteria | Data |
|---|---|
2 TAC Sponsors, if identified (Sponsors help mentor projects) - See full definition on Project Stages: Definitions and Expectations |
|
A presentation at an upcoming meeting of the TAC, in accordance with the project proposal requirements |
|
The typical IP Policy for Projects under the LF Edge Foundation is Apache 2.0 for Code Contributions, Developer Certificate of Origin (DCO) for new inbound contributions, and Creative Commons Attribution 4.0 International License for Documentation. Projects under outside licenses may still submit for consideration, subject to review/approval of the TAC and Board. |
|
Upon acceptance, At Large projects must list their status prominently on website/readme |
|
*** For existing Projects requesting Stage 2 or Stage 3 consideration, please update the above with the Stage 2 or Stage 3 Mapping criteria, available at Project Stages Mapping: Criteria and Data
Project Proposal - Taxonomy Data:
Functions (Provide, Consume, Facilitate, or N/A; Add context as needed)
Functions | (Provide, Consume, Facilitate, or N/A; Add context as needed) |
|---|---|
APIs | Provide, Consume |
Cloud Connectivity | Consume
|
Container Runtime & Orchestration | Consume |
Data Governance | Provide, Consume, Facilitate |
Data Models | Provide |
Device Connectivity | N/A |
Filters/Pre-processing | N/A |
Logging | Provide (Audit and Logging APIs) |
Management UI | Provide |
Messaging & Events | Provide |
Notifications & Alerts | N/A |
Security | Provide, Facilitate |
Storage | Provide, Consume |
Deployment & Industry Verticals (Support, Possible, N/A; Add context as needed)
Deployment Type | (Support, Possible, N/A; Add context as needed) |
|---|---|
Customer Devices (Edge Nodes) | Support |
Customer Premises (DC and Edge Gateways) | Support |
Telco Network Edge (MEC and Far-MEC) | Possible |
Telco CO & Regional | Possible |
Cloud Edge & CDNs | Possible |
Public Cloud | Support |
Private Cloud | Support |
Deployment & Industry Verticals (✔ or X; Add context as needed)
Directly applicable Industry/Verticals use cases | (✔ or X; Add context as needed) |
|---|---|
Automotive / Connected Car | ✔ |
Chemicals | ✔ |
Facilities / Building automation | ✔ |
Consumer | ✔ |
Manufacturing | ✔ |
Metal & Mining | ✔ |
Oil & Gas | ✔ |
Pharma | ✔ |
Health Care | ✔ |
Power & Utilities | ✔ |
Pulp & Paper | ✔ |
Telco Operators | ✔ |
Telco/Communications Service Provider (Network Equipment Provider) | ✔ |
Transportation (asset tracking) | ✔ |
Supply Chain | ✔ |
Preventative Maintenance | ✔ |
Water Utilities | ✔ |
Security / Surveillance | ✔ |
Retail / Commerce (physical point of sale with customers) | ✔ |
Other - Please add if not listed above (please notify TAC-subgroup@lists.lfedge.org when you add one) |
|
Deployments (static v dynamic, connectivity, physical placement) - (✔ or X; Add context as needed)
Use Cases | (✔ or X; Add context as needed) |
|---|---|
Gateways (to Cloud, to other placements) | ✔ |
NFV Infrastructure | N/A |
Stationary during their entire usable life / Fixed placement edge constellations / Assume you always have connectivity and you don't need to store & forward. | N/A |
Stationary during active periods, but nomadic between activations (e.g., fixed access) / Not always assumed to have connectivity. Don't expect to store & forward. | N/A |
Mobile within a constrained and well-defined space (e.g., in a factory) / Expect to have intermittent connectivity and store & forward. | N/A |
Fully mobile (To include: Wearables and Connected Vehicles) / Bursts of connectivity and always store & forward. | N/A |
Compute Stack Layers (architecture classification) - (Provide, Require, or N/A; Add context as needed)
Compute Stack Layers | (Provide, Require, or N/A; Add context as needed) |
|---|---|
APIs | Provide |
Applications | Provide |
Firmware | N/A |
Hardware | N/A |
Orchestration | N/A |
OS | Require |
VM/Containers | N/A (Optional) |
Cloud Stack Layers (architecture classification) - (Provide, Require, or N/A; Add context as needed)
Cloud Stack Layers | (Provide, Require, or N/A; Add context as needed) |
|---|---|
Applications | Provide |
Configuration (drive) | N/A |
Content (management system) | N/A |
IaaS | N/A |
PaaS | N/A |
Physical Infrastructure | Require |
SaaS | N/A |
Attachments (LF Edge PPT template is below, if proposing project would like to leverage):
