[Azure Confidential Computing Ledger - Azure Confidential Ledger] API Review

[azure-sdk]

New API Review meeting has been requested.

Service Name: Azure Confidential Computing Ledger - Azure Confidential Ledger
Review Created By: Andrea Piccione
Review Date: 01/16/2025 04:00 PM PT
Release Plan: 1526
PR:
Hero Scenarios Link: Not Provided
Core Concepts Doc Link: Not Provided

Description: New API for user defined functions in Azure Confidential Ledger

Detailed meeting information and documents provided can be accessed here
For more information that will help prepare you for this review, the requirements, and office hours, visit the documentation here

[azure-sdk]

Meeting updated by Andrea Piccione

Service Name: Azure Confidential Computing Ledger - Azure Confidential Ledger
Review Created By: Andrea Piccione
Review Date: 01/16/2025 04:00 PM PT
Release Plan: 1526
PR: #31903
Hero Scenarios Link: Not Provided
Core Concepts Doc Link: Not Provided

Description: New API for user defined functions in Azure Confidential Ledger

Detailed meeting information and documents provided can be accessed here
For more information that will help prepare you for this review, the requirements, and office hours, visit the documentation here

[azure-sdk]

Meeting updated by Andrea Piccione

Service Name: Azure Confidential Computing Ledger - Azure Confidential Ledger
Review Created By: Andrea Piccione
Review Date: 01/16/2025 04:00 PM PT
Release Plan: 1526
PR: #31903
Hero Scenarios Link: here
Core Concepts Doc Link: here

Description: New API for user defined functions in Azure Confidential Ledger.

Slides: https://microsofteur.sharepoint.com/:p:/t/AzureLedger/ET40hdMzoG1BqVpD6OTGrOoBQV1EpFu8aIh7s122ZaQ0sA?e=ZPqQHX

Design document: https://microsofteur.sharepoint.com/:w:/t/AzureLedger/Efq3bqzHrwNMrDn_V8JYa_gBlvD4iQe6vkIlG7b05C9kxA?e=jRegPs

Detailed meeting information and documents provided can be accessed here
For more information that will help prepare you for this review, the requirements, and office hours, visit the documentation here

[mikekistler]

Follow-up tasks from API Review 1/17/25 (AI generated)

• Security Review: Conduct a security review for the user-defined functions feature to ensure it meets all security standards. (Andrea)
• Alternative Proposals: Explore and present alternative proposals for executing user functions, such as using pipeline capabilities or callbacks. (Andrea)
• Customer Feedback: Engage with customers to gather feedback on practical use cases for the user-defined functions feature. (Andrea)
• API Naming: Consider renaming the pre and post triggers to avoid confusion with traditional triggers, possibly to pre-processing and post-processing functions. (Andrea)
• Swagger API Check: Post a question on the engineering systems teams channel to resolve the Swagger API View check issue. (Andrea)
• Security Review Confirmation: Confirm if the user-defined endpoints feature went through a security review and ensure the same process for the new feature. (Andrea)

[andpiccione]

A few updates and follow-up from the API review:

• After checking with my team on the security risks of executing custom code in the sandboxed environment of our ledger services, we confirmed that this was already addressed during the threat model review of Azure Managed CCF and the refresh threat model review of CCF this year. We have explained the mitigations in place (heap, stack, runtime caps, access control to different tables, etc.), and no additional steps were required after the review. UDFs build on the same functionality without adding extra risks compared to the existing user-defined endpoints, so this matter should be addressed.

• We have decided to rename triggers to hooks, as this term better represents the concept of tapping into specific points of an operation to execute custom logic before and after a write transaction. This change also allows for the future implementation of real triggers that automatically run upon certain conditions, which we plan to introduce in a later iteration of this feature (based on customer's feedback and demand).

• The Swagger API check failure has been resolved and all comments have been addressed. I have updated the PR to include the feedback received during the review meeting and all CI checks are successful: [Microsoft.ConfidentialLedger] [DataPlane] Add new API version preview/2024-12-09-preview by andpiccione · Pull Request #31903 · Azure/azure-rest-api-specs