#opnfv-sec log

14:05:18 <LukeHinds> #startmeeting Security Group 04/11/2015
14:05:19 <collabot> Meeting started Wed Nov  4 14:05:18 2015 UTC.  The chair is LukeHinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:05:19 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:05:19 <collabot> The meeting name has been set to 'security_group_04_11_2015'
14:05:30 <LukeHinds> #topic agenda
14:05:40 <LukeHinds> Anyone have any items for the agenda?
14:06:37 <aripie> hi, had some connectivity problems
14:06:43 <LukeHinds> np ari
14:06:52 <LukeHinds> anything you want to put on the agenda?
14:07:42 <LukeHinds> any takers?
14:07:53 <aripie> maybe moon collaboration
14:08:04 <LukeHinds> sure, ok
14:08:16 <LukeHinds> I have the security guide
14:08:36 <LukeHinds> ok, lets get mine going as i need to leave a little early
14:08:44 <LukeHinds> #topic Security Guide
14:09:05 <LukeHinds> So I have started to map out the security guide, and could do with some feedback or additions from the community.
14:10:13 <LukeHinds> the gist of it is, it will be a living document generated using structured text (sphinx) and will cover all security aspects of the OPNFV platform, so secure architect, hardening, best practises etc.
14:10:41 <Sona> something similar to http://docs.openstack.org/security-guide/?
14:11:05 <LukeHinds> by living document, I mean it will (I hope) be hosted on a web server and as we commit builds, it will have the latest revision available
14:11:15 <LukeHinds> yes Sona, just like osg
14:11:33 <LukeHinds> sphinx will then allow people to view in html or pull down a PDF / ePub
14:11:51 <Sona> sounds good
14:11:54 <LukeHinds> I have the following #link https://etherpad.opnfv.org/p/security-guide
14:11:56 <aripie> +1
14:12:01 <LukeHinds> as a TOC to get things going
14:12:09 <LukeHinds> feel free to make additions , comments
14:12:25 <LukeHinds> just make sure you add you name in the top right box, so we can see who said what
14:13:10 <LukeHinds> I also plan to go around each project and quiz them over what 'security' aspects they have, and get them to contribute or steer us towards the content for us to make the additions
14:13:26 <LukeHinds> currently its on my personal github
14:13:37 <LukeHinds> but I have asked linux foundation for git / gerrit
14:13:44 <Sona> It would be good if members from security team from opensource projects (such as ODL, Openstack ...) were involved too
14:13:52 <LukeHinds> #link https://github.com/lukehinds/opnfv-security-guide
14:14:30 <LukeHinds> Not so sure Sona, they will just want to focus on their own guides, rather then repeat efforts downstream.
14:14:57 <LukeHinds> but we can I am sure, ask them for advice, or even contrbute back upstream
14:15:11 <LukeHinds> so if we come up with something relevant for ODL etc, we can push that up
14:15:36 <Sona> I think it would be good if we collaborated
14:15:59 <Sona> I think some of our work overlap
14:16:08 <aripie> no harm if we get at least some review help
14:16:27 <Sona> yes
14:16:37 <LukeHinds> for where we overlap, we just reference them
14:16:53 <Sona> but this is good start
14:16:56 <LukeHinds> this is what we did in the openstack guide, for example, we point towards django security guide
14:17:29 <LukeHinds> but they have creative commons CC, so we are free to use what they have, as long as we credit
14:18:39 <LukeHinds> so if all could look at the TOC and see what you think, we can review that next week
14:19:08 <Sona> yes,
14:19:10 <LukeHinds> only tip I would have, is we need to think of how this centers on NFV/SDN/Telco
14:19:47 <LukeHinds> For example, SDN Controller, not Dropbox
14:19:59 <LukeHinds> Kind of obvious to most of you
14:20:18 <LukeHinds> but merits a mention, as 'cloud' is so ambiguous a term
14:20:29 <aripie> we can check towards ETSI security&trust guidance to make sure we cover that scope
14:20:48 <LukeHinds> Thats a good point
14:21:01 <LukeHinds> so topology validation and enforcement, the problem statements...
14:21:20 <mwinandy> hi, also ONF security principles, for the SDN part could be helpful
14:21:40 <Sona> Ari: do you mean http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf
14:22:01 <aripie> correct
14:23:22 <Sona> https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/Principles_and_Practices_for_Securing_Software-Defined_Networks_applied_to_OFv1.3.4_V1.0.pdf?
14:23:26 <LukeHinds> what we could do is have a chapter on ETSI, and show in each sub-chapter, how to achieve the security
14:23:39 <LukeHinds> for each problem statement
14:23:51 <Sona> that would be good
14:24:24 <LukeHinds> VNF Instantiation ............
14:24:27 <LukeHinds> >>>   Secured Boot ....
14:24:49 <LukeHinds> >>>>>> How we do secure boot in OPNFV (TXT etc)
14:24:58 <mwinandy> Sona: correct
14:25:53 <LukeHinds> #agree mwinandy> hi, also ONF security principles, for the SDN part could be helpful
14:26:19 <LukeHinds> #agree aripie: we can check towards ETSI security&trust guidance to make sure we cover that scope
14:26:49 <LukeHinds> anyone want to take some actions to contribute? understand you might need a little time to get set up?
14:27:45 <aripie> I can work along with the ToC
14:27:52 <Sona> I can help, but I might need some help,
14:28:38 <LukeHinds> that's fine, plenty of help will be on hand.
14:29:19 <LukeHinds> I would say if a really good upsteam source exists, we can put a summary and communicate essentially the principle of X - and then hyperlink reference upstream
14:29:36 <LukeHinds> that way we have not got to keep syncing with any changes they make
14:29:49 <LukeHinds> ok, lets do this
14:30:05 <mwinandy> yes, summary + reference
14:30:14 <LukeHinds> #action all to review ToC and consider additions and what areas they would like to work on
14:31:01 <LukeHinds> #agree if  good upsteam source exists, we can put a summary and communicate essentially the principle of X - and then hyperlink reference upstream
14:31:27 <LukeHinds> #action Luke to provide help getting git / gerrit set up for contributers
14:31:58 <LukeHinds> #info ^^ On the 18th November
14:32:03 <Sona> maybe we should split TOC between oss (those who want to review)
14:32:15 <LukeHinds> I put 18th as I am away next week
14:32:22 <LukeHinds> oss?
14:32:28 <Sona> us :)
14:32:32 <LukeHinds> ahh
14:32:55 <LukeHinds> sure, I think lets start by seeing what you want to work on.
14:33:06 <Sona> ok
14:33:19 <LukeHinds> we can then triage the more challenging topics after we hit the stuff we are strong in
14:33:33 <LukeHinds> or boring topics :)
14:34:14 <LukeHinds> what we can then do is, think about timelines, so we can be ready for whichever release of opnfv
14:34:31 <LukeHinds> that way we have not pressure, but a goal to help us get things done
14:34:59 <LukeHinds> ok
14:35:21 <Sona> Is there a new release of OPNFV scheduled?
14:35:25 <LukeHinds> #topic moon
14:37:06 <LukeHinds> I got to go guys!
14:37:11 <aripie> re moon, I am thinking sync with inspector
14:37:18 <LukeHinds> sorry, I will check on messages when I get back
14:37:22 <aripie> ok Luke
14:37:39 <LukeHinds> please go ahead though ari
14:37:46 <LukeHinds> I will read when I get back
14:37:48 <aripie> sure
14:38:12 <aripie> right, anyone here involved in moon?
14:39:05 <aripie> I take it as a no
14:39:40 <aripie> #action Ari to check with moon re inspector
14:40:15 <aripie> #topic any other business
14:40:47 <aripie> anything else in your minds?
14:42:22 <Sona> not from me
14:43:04 <aripie> I suppose we are done, let's work on the security guide
14:43:21 <aripie> #endmeeting
14:43:45 <mwinandy> ok, bye
14:43:49 <aripie> bye
14:45:23 <Sona> bye
14:01:01 <aripie> Hi Sona
14:01:27 <aripie> not sure if the meeting is on today
14:01:40 <aripie> ... and I have to leave in about 5 minutes
14:03:49 <sona> ok
14:03:57 <sona> no problem
14:04:16 <sona> I was not sure when it is?
14:05:15 <aripie> it would be this time, but the OPNFV Summit is this week so those who attend may be busy there
14:05:51 <sona> ok, see you next week then
14:05:55 <sona> bye
14:06:20 <aripie> sure, till next time!
14:06:22 <aripie> bye
14:06:39 <LukeHinds> Hello *
14:06:48 <aripie> Hi
14:06:58 <LukeHinds> As per email, I need to leave a little early, but lets get things kicked off and I can re-join
14:07:23 <collabot`> LukeHinds: Error: Can't start another meeting, one is in progress.  Use #endmeeting first.
14:07:32 <LukeHinds> #endmeeting