============================================== #opnfv-sec: Security Group - Inspector session ============================================== Meeting started by LukeHinds at 14:00:53 UTC. The full logs are available at http://ircbot.wl.linuxfoundation.org/meetings/opnfv-sec/2015/opnfv-sec.2015-05-13-14.00.log.html . Meeting summary --------------- * Just waiting for HA to free up the bridge (LukeHinds, 14:01:13) * Access Code: 903-656-045 (LukeHinds, 14:09:05) * +1 (224) 501-3217 (LukeHinds, 14:09:35) * https://global.gotomeeting.com/join/903656045 (LukeHinds, 14:10:12) * LINK: https://etherpad.opnfv.org/p/inspector_preliminary (jaosorior, 14:10:34) * inspector (LukeHinds, 14:11:45) * Juan is giving overview of main goal of the Inspector project. Its not a monitoring solution. (LukeHinds, 14:14:29) * if CADF is not sufficient we can add (LukeHinds, 14:14:47) * Mike B: LI requirements / retained data , very specific , should exclude those at this point (LukeHinds, 14:15:14) * information should be configurable - you can filter or exclude (LukeHinds, 14:15:31) * Juan there is a solution in openstack, but not ODL. (LukeHinds, 14:15:54) * Juan: hoping to get ODL involved (LukeHinds, 14:16:11) * Mike asked the difference between moon and inspector (LukeHinds, 14:16:24) * Juan: moon is a monitoring solution, inspector aim is to enable the provisioning of the information (from source i.e. openstack) (LukeHinds, 14:17:03) * Juan: collaborate with neutron to insure validation information is available. (LukeHinds, 14:18:06) * ^^^ example ^^^ (LukeHinds, 14:18:22) * if the information is not sufficient, inspector will make a push upstream to try and get that information available. (LukeHinds, 14:19:00) * We want to bring information to where its not available! (LukeHinds, 14:19:38) * LINK: https://wiki.openstack.org/wiki/Ceilometer/blueprints/support-standard-audit-formats#CADF_Model_is_designed_to_answer_all_Audit_and_Compliance_Questions (LukeHinds, 14:20:13) * Juan: Main usecase is audit (LukeHinds, 14:21:14) * Duan: if possible to create project in ETSI working group (LukeHinds, 14:22:57) * Juan: the point is to go towards the projects. and make the changes there (LukeHinds, 14:23:27) * LINK: https://wiki.opnfv.org/security/upstream/etsi (LukeHinds, 14:28:18) * LINK: https://etherpad.opnfv.org/p/inspector_preliminary (jaosorior, 14:30:12) * ACTION: Luke to email Mike about mapping to ETSI (LukeHinds, 14:32:14) * LINK: https://wiki.openstack.org/wiki/Monasca (jaosorior, 14:39:07) * ACTION: consider if we need to take Monasca into opnfv (LukeHinds, 14:40:31) * Moon (LukeHinds, 14:41:15) * Duan gave overview of moon (LukeHinds, 14:43:00) * Juan asked about authentication (LukeHinds, 14:43:14) * Duan: we will have a mgmt interface, dedicated for adminstrators (LukeHinds, 14:43:32) * Duan: define sec policies to include in security management system (LukeHinds, 14:44:03) * Auth towards mgmt of the services (LukeHinds, 14:44:15) * real time auth is not in keystone, there is no dynamic auth in keystone (LukeHinds, 14:44:50) * need to include in sdn controllers (LukeHinds, 14:45:48) * will be done in future (LukeHinds, 14:45:54) * policie engines are there like copper, and moon will support mgmt of them (LukeHinds, 14:46:35) * Juan: how to enforce policy? (LukeHinds, 14:46:44) * #link https://wiki.opnfv.org/moon (LukeHinds, 14:48:03) * Mike, which policies? (LukeHinds, 14:48:12) * start with access control policy (LukeHinds, 14:48:24) * Mike mentioned Nokia Cloud Security Director and Duan knew of this solution (LukeHinds, 14:50:31) * will be presented at ETSI (LukeHinds, 14:50:46) * first release last year (LukeHinds, 14:51:42) * finish second release in july (LukeHinds, 14:51:59) * I didn't specifically mention Nokia Cloud Security Director - just that Nokia will be presenting a contribution which may be relevant (MikeCamel, 14:52:10) * code maturity will be the same as keystone (LukeHinds, 14:52:11) * LINK: http://www.supercloud-project.eu/ (LukeHinds, 14:55:09) Meeting ended at 14:56:04 UTC. People present (lines said) --------------------------- * LukeHinds (49) * jaosorior (7) * collabot (3) * MikeCamel (1) Generated by `MeetBot`_ 0.1.4