ASWF TAC Meeting - 25 January, 2023

Video Conference Link

Voting member attendance

  • Kimball Thurston - Chairperson, Weta Digital Limited
  • Bill Roberts, Adobe
  • Gordon Bradley, Autodesk
  • Roy C Anthony, DNEG
  • Matthew Low, DreamWorks Animation
  • TBD, Epic Games, Inc.
  • Brian Cipriano, Google & OpenCue Representative
  • Sean C McDuffee, Intel Corporation
  • Larry Gritz, Sony Pictures Imageworks
  • Jean-Francois Panisset, VES Technology Committee
  • Cory Omand, The Walt Disney Studios
  • Eric Enderton, NVIDIA & Asset Repo Representative
  • Esteban Papp, Amazon Web Services
  • Michael Min, Netflix
  • Michael B. Johnson, Apple
  • Greg Denton, Microsoft
  • Sean O’Connell, Advanced Micro Devices
  • Mark Visser, Unity Technologies
  • Ken Museth, OpenVDB Representative
  • Carol Payne, OpenColorIO Representative
  • Cary Phillips, OpenEXR Representative
  • Joshua Minor, OpenTimelineIO Representative
  • Chris Kulla, Open Shading Language Representative
  • Jonathan Stone, MaterialX Representative

Observer member attendance

  • Alex Forsythe, AMPAS
  • Allan Johns, Method Studios
  • Gary Oberbrunner, OpenFX
  • Tom Cowland, OpenAssetIO
  • Erik Strauss, Review & Approval

Other Attendees

  • David Morin, ASWF
  • Andrew Grimberg, LF Release Engineering
  • Emily Olin, LF
  • John Mertic, LF
  • Yarille Kilborn, LF
  • JT Nelson, Pasadena Open Source consortium / SoCal Blender group
  • Scott Wilson, Rust WG
  • Stephen Mackenzie, NVIDIA
  • Doug Walker, Autodesk/OCIO
  • Sergio Rojas, Different Dimensions
  • Daniel Heckenberg, Netflix
  • Jim Helman, MovieLabs
  • Spencer Stephens, MovieLabs
  • Brett Russell
  • Deke Kincaid, Digital Domain
  • Eric Reinecke, Netflix
  • Jean-Christophe Morin
  • Sean Wallitsch, AWS
  • Tony Micilotta, DNeg

Apologies

*

Agenda

  • Everyone please review the project review schedule, aiming for one project review per TAC meeting.
  • Pushed budget review meeting to 2023-02-08
  • John: Apologize with Zoom issues at last TAC meeting. Raised issues within LF project management, actions were taken to resolve it. Other projects ran into these issues, believe issues should be resolved.
  • Larry: Google Summer of Code has been announced a couple of days ago. Deadline for organizations is in a couple of weeks. 3 years ago we did it and had a successful program. 2 years ago we declined due to half size projects. Last year they went to full projects, we applied but didn’t get any good applications so we declined. Not sure what we want to do this year? Carol: having gone through it last year from OCIO perspective, not sure we would be interested in doing this again, unless we’re all prepared to put decent resources into it. Find candidates who could apply to our projects. There may be lots of good engineers out there, but without the context to contribute effectively to our projects. We need to be willing to step in and put in the work. Would rather focus on efforts that can more broadly benefit ASWF, like Hackathon. OCIO discussed Season of Docs, could be interested, and would pick Season of Docs over GSOC. Larry: do you think someone not previously associated with project could write useful docs? Carol: have reached out to tech writers before, helping us document in words some previous SIGGRAPH presentations, we had some success, but didn’t end up proceeding. But for OCIO, I believe we could get something that’s specific enough that someone outside the space could be helpful. Would still be a lot of work.
  • Daniel: what made the difference between a successful year and not so successful? Larry: other projects ran into problems, have a theory that they had a rule change that it was restricted to students, but could be any students, some had contributed before, on ImageIO had students who came back year after year. They opened up to new students, and excluded experienced contributors. Also the stipend amount is no longer competitive with what a student could get in a real internship. Now a student may rather go work for a company in a summer job for instance.
  • MaterialX Project Review (Jonathan):
    • First project update for MaterialX, haven’t done one before. First update of 2023, hopefully we can set a good tone, was a big fan of the OpenEXR presentation.
    • Origins:
      • Launched at ILM in 2012
      • Goal is to express materials independently of application or renderer
      • First production use on Star Wars: The Force Awakens in 2015, used on almost every show since.
    • Industry Collaborations
      • First collaboration with Autodesk in 2016
      • Released as Open Source in 2017
      • Evolved through collaboration with Pixar, Adobe, SideFX, NVIDIA and others
      • Joined the ASWF in July 2021
    • Technical Steering Committee (2023)
      • 16 members representing 12 companies
        • Adobe, Apple, AMD, Autodesk, Epic, IKEA, ILM, Khronos, NVIDIA, Pixar, SideFX, SPI
      • 5 voting members, 11 stakeholders
      • 36 meetings since joining ASWF, usually 10-15 people, 2-3 people outside the TSC interested in a subject
      • All meeting are open to the community
    • MaterialX commits by year: 150 or so by year until 2021, 250 in 2022
    • MaterialX Contributors by year: 5-10 in 2017-2020, 15 in 2021, 22 in 2022. Steady progress since 2018. Now seeing contributions from individuals.
    • New MaterialX integrations by year:
      • 2018: Arnold
      • 2019: USD
      • 2020: Substance Designer
      • 2021: Clarisse, Houdini, Renderman
      • 2022: NVIDIA Omniverse, Maya, Unreal Engine, three.js
    • MaterialX Closures in OSL
      • Collaboration between the OSL and MaterialX teams
      • Adds OSL closures matching the MaterialX Physically Based Shading Nodes
      • Presented by Adrien Herubel and Chris Kulla at Open Source Days 2022
      • Released in OSL 1.12
      • A real “door opener”, testament to the power of ASWF, collaboration between projects
    • MaterialX Web Viewer
      • Adds support for MaterialX in 3D web applications
      • Presented by Orn Gunnarsson and Bernard Kowk at Open Source Days 2022
      • Contributed to the MaterialX project by Autodesk
      • Relates to platforms like three.js, an important area for future development
    • Open Chess Set
      • Reference asset based on MaterialX and Standard Surface
      • Presented by Mooen Sayer at OSD 2022
      • Contributed to the MaterialX project by SideFX
      • Represents production quality assets, leverage sophisticated rendering techniques
    • Roadmap for 2023: Industry Collaborations
      • Improved USD / MaterialX integration
      • Improved OSL closure integration
      • Contribution of new BSDF and noise nodes from vendors and community, SideFX has some ideas for noise nodes, Adobe has ideas for BSDF nodes, also expecting contributions from Renderman team
      • Open MaterialX Graph Editor: developed at ILM, about to be merge
      • Autodesk LookdevX: dedicated MaterialX graph editor, very high quality. Both packages will make a big difference in MaterialX ecosystem
    • Roadmap for 2023: OpenSSF best practices
      • Silver Badge: 93%
      • Gold Badge: 61%
      • Among needed improvements are:
        • Statement coverage metrics
        • Signed releases
        • Can learn from other ASWF projects
    • Thank You! Questions?
      • JF: GPU test suite? Jonathan: currently using software rendering, are aware that OCIO leverages AWS. Larry: there are late breaking changes, GitHub Actions starting to offer for pay larger machines, including with GPUs. Jonathan: that’s exciting.
      • Kimball: are there tests you want to run inside renderers? Or does that not matter, and rely on renderer vendors to do those tests? Jonathan: currently only do open source tests. Could integrate some types of MDL rendering. Would avoid integrating vendor in our test suite, but may want more open source renderers (Blender, AppleSeed).
      • Larry: is there anything you need from the TAC, the CI group, from other projects? Jonathan: GPU rendering and security, conversations on that would be valuable.
      • Daniel: can you get complete test coverage without GPU? Jonathan: GPU would make that much easier, very restricted on what we can run, can’t run entire suite in a single run. JF: larger CPU runners could help.
      • Daniel: you presented to Kronos group earlier this week, is there anything we should do to support you for broader reach out to adjacent fields like Metaverse? Jonathan: first time we’ve spoken to Kronos group on this topic, was very productive. Have been asked to speak at Metaverse forum, it’s important to keep up abreast of these opportunities. MaterialX as bridge between USD and glTF. Would like to know about future opportunities. David: MaterialX shows in these other contexts further away from Motion Picture VFX context, thank you.
  • Joint White Paper with MovieLabs around Software Security: Jim Helman
    • This came out of discussions with John, MovieLabs has been doing a number of initiatives, one involving security. Some of us haven’t interacted with MovieLabs.
    • Came out of work from MovieLabs 2030 Vision, looking at workflows as they move to the cloud, 3 white papers:
    • Studio Technology joint venture:
      • Paramount
      • Sony
      • Universal
      • Disney
      • Warner Brothers
    • Paper series advancing:
      • A software and cloud vision for the future of production
      • A new security architecture
      • Automation through software-defined workflows
      • Ontology, Visual Language
    • Daniel (Chat): CSAP - Common Security Architecture for Production
    • The Evolution of Media Creation
    • The Evolution of Production Security
    • The Evolution of Production Workflows
    • Trying to move studios and vendors to the cloud world that the studio production technology people think we are moving to
    • Separate documents detailing the security architecture
    • Put out a Visual Language for diagramming workflows, used at HPA, number of presentations
    • Also an Ontology to get commonality on terms, high level metadata, ability to tie assets back to concepts of movie production
    • Security work isn’t focussed on processes or control or all CVEs get addressed, focus is on the architecture and the technologies we think need to be used as we move to the cloud.
    • Moving from perimeter based security, locked down within infrastructure in an organization.
    • The cloud is a global production resource outside of facilities’ infrastructures
    • Workflows run in the cloud with applications coming to the assets
    • Need to move to a Zero Trust model
    • Are some of these things potentially useful to ASWF projects.
    • Relevance of MovieLabs security infrastructure to ASWF projects (CSAP)
    • Possibly engagement areas:
      • Best practices for implementing Zero Trust AuthN / AuthZ? Talks?
    • A lot of ASWF projects are libraries, don’t need to implement security infrastructure since they will be wrapped in an application. So not every project needs to be security aware. And some services can be put behind a security gateway.
    • Also have a language to help describe security policies.
    • Are there projects that operate as services, operating on the Internet? Could be a white paper, talks, …
    • Spencer Stephens (MovieLabs): needs to be a conscious decision, “secure by design”. Security perimeters are going to break down.
    • Kimball: there are layers in OpenEXR and OpenImageIO (and OpenAssetIO) where we have interfaces around file I/O, if we can make a shared library we all use that implements I/O practices so they go through authentication protocols so that every project doesn’t have to re-implement that. Also how do we better do telemetry and tracing of functions through these libraries. Again, would like a common infrastructure, logging and audit trails. Spencer (Chat): Telemetry is critical to zero-trust. Trust inference and continuous trust validation improve security but they require a good understanding of what is normal.
    • Daniel: although most of our libraries (except for OpenCue) are in-process, there is a pressing interest and need to move beyond that for the way software is developed in our industry. How do we start thinking about service oriented / distributed approaches, which is crucial. Provide necessary functionality with security best practices. Kimball’s example with file I/O is first use case. Kimball: we’ve also talked about centralizing file access and use across multiple projects. Jim: very interested in OpenAssetIO, 2030 paper talks about using URIs instead of URL or filenames.
    • Eric Reineke (Chat): I think OpenAssetIO is a bit more about identifiers and resolving those to storage assets, not so much about how bytes are brokered. JC (Chat): You are right I think. The focus of OpenAssetIO is to resolve assets, not read/write files..
    • Eric Reineke (Chat): The Problem around asset location is layered:
      • What thing is this (version is probably part of that)
      • What representation of the thing is right for my use case (proxy, medRes, DolbyVision, cameral original, etc.)
      • What storage location is best for my use case (S3, network mount, http, ShotGrid, etc)
      • give me the bytes for that thing
    • Deke Kincaid (Chat): Outside the scope of Movielab but very Rez related is recent issues around Pypi and npm hacks and securing artifacts. Malicious code making it into peoples internal repos.
    • Stephen Mackenzie (Chat): Most rez pipelines are wrapping other software management tools, like pip, so it’s more of a fun case of Spiderman finger pointing
    • Eric: OpenReview Initiative would be the “poster child”, we are in our infancy, 2 large projects have open sourced, RV and Xstudio, media players with expectation of shared collaboration on pre-release content. Both at the user level and cross studio/vendor/facility level, we’re not there yet from a project perspective, the two tools that were released aren’t in a position to do this right now, they are perimeter managed, but it is on our roadmap on how to bridge perimeters, do collaborative reviews. So a conversation of how to think about Zero Trust, Identity and Access Management, and encryption for storage and transport, OpenReview Initiative is definitely needing to address this.
    • Jim: OpenReview Initiative, OpenCue, and some kind of file access abstraction have relevant needs. Kimball: also we can use a general statement around best practices, writing safe code. JC: OpenSSF provides some of this. Scott (Chat): Isn’t there a project that is spinning off from OIIO’s file proxy type? Larry (Chat): Yes, here: https://github.com/foundrytom/proposals/pull/1
    • Larry (Chat): OpenCue would be the obvious one. Brian (Chat): For sure. Very interested in this! Scott (Chat): Yeah, I think OpenCue is the most obvious thing.Also, something that is interesting is capability based file read/writes. For example, https://crates.io/crates/cap-std. Not sure if this is something that should be integrated in the libraries, or not.
    • JT (Chat): Is JoshM here? OpenTimelineIO is the other project that has a user facing app and a lot of i/o.
    • John: number one concern from LF projects is where to find expertise to meet requirements, SFF badging. If there is an opportunity to leverage the exposure of MovieLabs to the industry, can we leverage some of their expertise. What should we be looking projects to make sure they take security seriously. There is a laundry list of things we could get into, but is this an opportunity to establish the “center of thought leadership” between our two organizations.
    • Josh: the MovieLabs white papers have been very helpful to me to see how the rest of the industry is thinking of the context of how our software is used. Understand workflows, where things are headed. Encourage others to read those, where things like ORI, OTIO should be moving towards.
    • Jim: it sounds like there is interest, would next step would be for a group to chat about what next steps and engagement would be? Kimball, how do these things usually proceed? Kimball: would propose forming a Working Group to look at this, there isn’t an existing WG that would apply. JC: isn’t’ there a new WG? Or a Slack channel? #wg-security Kimball: yes, but if we want to write white papers, a WG could be useful. But we can start with the Slack channel, when that becomes active, we can start the more formal process of starting a WG.
    • John: we can collaborate on a charter for a WG that can be presented to TAC. Existing Slack channel can be a place to start, if there’s enough of a group of interest, can start putting a doc together, can help facility and get this going, bring in relevant LF resources as it makes sense.
    • Jim: look forward to more engagement between MovieLabs and ASWF.
    • Scott (Chat): The supply chain issues reminds me of this project: https://github.com/crev-dev/crev Basically crowd sourced code review. Time to that wg up and running. I was going to come up with a proposal, but I lack the time/energy.
  • Emily: project updates for Open Source Forum
    • Open Source Forum on Feb 16 in LA, in person and virtual
    • Free for members, fee for non-members: $50 in person (includes lunch), $20 virtual
    • Members will get an email will get the free registration code, you can share it with active contributors if you want
    • Schedule
      • 11-12AM: ASWF Governing Board / Leadership Meeting
      • 12-1 Lunch (all in person attendees)
      • 1-5 Open Source Forum. If you wanted to submit a topic and missed the deadline, send it to me. Just need a title and a paragraph abstract, target is 20 minutes. Program committee meets tomorrow.
      • David will be doing a slide on each project, will be looking for 3-4 top highlights from each project, achievements from last year or looking forward to next year
      • Hopefully less work than the 5 minute presentations that were asked of last year