14:00:53 #startmeeting Security Group - Inspector session 14:00:53 Meeting started Wed May 13 14:00:53 2015 UTC. The chair is LukeHinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:53 Useful Commands: #action #agreed #help #info #idea #link #topic. 14:00:53 The meeting name has been set to 'security_group___inspector_session' 14:01:13 #info Just waiting for HA to free up the bridge 14:01:23 trying to call in 14:02:19 ok, bridge is open 14:05:17 ok, I called in 14:06:42 ok, i am not audidle 14:09:05 #info Access Code: 903-656-045 14:09:35 #info +1 (224) 501-3217 14:10:12 #info https://global.gotomeeting.com/join/903656045 14:10:34 #link https://etherpad.opnfv.org/p/inspector_preliminary 14:11:45 #topic inspector 14:11:56 by the way, for the people joining only in IRC, we are at the moment discussing by phone, as said by LukeHinds 14:12:11 mostly we will be using IRC in the future, but for this one, we decided to fall back into the phone conference 14:14:29 #info Juan is giving overview of main goal of the Inspector project. Its not a monitoring solution. 14:14:47 #info if CADF is not sufficient we can add 14:15:14 #info Mike B: LI requirements / retained data , very specific , should exclude those at this point 14:15:31 #info information should be configurable - you can filter or exclude 14:15:54 #info Juan there is a solution in openstack, but not ODL. 14:16:11 #info Juan: hoping to get ODL involved 14:16:24 #info Mike asked the difference between moon and inspector 14:17:03 #info Juan: moon is a monitoring solution, inspector aim is to enable the provisioning of the information (from source i.e. openstack) 14:18:06 #info Juan: collaborate with neutron to insure validation information is available. 14:18:22 #info ^^^ example ^^^ 14:19:00 #info if the information is not sufficient, inspector will make a push upstream to try and get that information available. 14:19:30 # We want to bring information to where its not available! 14:19:38 #info We want to bring information to where its not available! 14:20:13 #link https://wiki.openstack.org/wiki/Ceilometer/blueprints/support-standard-audit-formats#CADF_Model_is_designed_to_answer_all_Audit_and_Compliance_Questions 14:21:14 #info Juan: Main usecase is audit 14:22:57 #info Duan: if possible to create project in ETSI working group 14:23:27 #info Juan: the point is to go towards the projects. and make the changes there 14:28:18 #link https://wiki.opnfv.org/security/upstream/etsi 14:30:12 #link https://etherpad.opnfv.org/p/inspector_preliminary 14:32:14 #action Luke to email Mike about mapping to ETSI 14:39:07 #link https://wiki.openstack.org/wiki/Monasca 14:40:31 #action consider if we need to take Monasca into opnfv 14:41:15 #topic Moon 14:43:00 #info Duan gave overview of moon 14:43:14 #info Juan asked about authentication 14:43:32 #info Duan: we will have a mgmt interface, dedicated for adminstrators 14:44:03 #info Duan: define sec policies to include in security management system 14:44:15 #info Auth towards mgmt of the services 14:44:50 #info real time auth is not in keystone, there is no dynamic auth in keystone 14:45:48 #info need to include in sdn controllers 14:45:54 #info will be done in future 14:46:35 #info policie engines are there like copper, and moon will support mgmt of them 14:46:44 #info Juan: how to enforce policy? 14:48:03 #info #link https://wiki.opnfv.org/moon 14:48:12 #info Mike, which policies? 14:48:24 #info start with access control policy 14:50:31 #info Mike mentioned Nokia Cloud Security Director and Duan knew of this solution 14:50:46 #info will be presented at ETSI 14:51:42 #info first release last year 14:51:59 #info finish second release in july 14:52:10 #info I didn't specifically mention Nokia Cloud Security Director - just that Nokia will be presenting a contribution which may be relevant 14:52:11 #info code maturity will be the same as keystone 14:55:09 #link http://www.supercloud-project.eu/ 14:56:04 #endmeeting