#acumos-meeting: Acumos Security Subcommittee Meeting

Meeting started by aimeeu at 14:04:03 UTC (full logs).

Meeting summary

  1. Roll Call (aimeeu, 14:04:19)
    1. Aimee (AT&T), Bryan (AT&T), Daniel (Amdocs) (aimeeu, 14:04:41)

  2. Welcome (aimeeu, 14:06:29)
  3. Security Focus (aimeeu, 14:06:42)
    1. #link https://wiki.acumos.org/display/SEC/Meetings (aimeeu, 14:07:12)
    2. Bryan summarizes the 4 areas in scope for the Security Subcommittee (aimeeu, 14:08:03)
    3. Jack (AT&T) has joined the meeting (aimeeu, 14:17:30)
    4. Daniel: are you also in charge of the overall Acumos platform security? such as code repo, etc (aimeeu, 14:21:24)
    5. Bryan: yes, all the platform code as well as uploaded models (aimeeu, 14:22:00)
    6. Daniel: background in cyber security (aimeeu, 14:25:32)
    7. Bryan asks Daniel to review the goals and let the Subcommittee know of shortcomings (aimeeu, 14:28:09)
    8. Daniel has a lot of experience in this area and believes we can come up with creative solutions (aimeeu, 14:28:53)
    9. Daniel: how to secure the deployed platform is an interesting question (aimeeu, 14:32:22)
    10. ACTION: Bryan will send contact info to Daniel (aimeeu, 14:32:36)
    11. Bryan: documentation is lacking on which services need to be exposed vs those that don't based on how the platform is deployed (k8s, single node Docker) (aimeeu, 14:38:38)
    12. Daniel: what security for the platform itself (aimeeu, 14:39:03)
    13. Bryan: we have an assessment of which APIs need to be exposed externally, which APIs need an authentication token (aimeeu, 14:41:33)
    14. Bryan: weakness is testing APIs; need plan for intrusion detection and remediation (aimeeu, 14:42:16)
    15. Bryan: need process for vetting how platforms have been deployed/secured for Federation (build community trust for company-installed platforms) (aimeeu, 14:43:52)
    16. Daniel: if we did come up with recommendations etc, do we have a team to implement the recommendations? what would be the process? (aimeeu, 14:45:09)
    17. Bryan: identifying weaknesses - create Jira items; if weakness is associated with a specific component, we would work with that team to secure the weakness (aimeeu, 14:45:59)
    18. Bryan: three areas to concentrate on: Portal, On-Boarding, Federation; work with them to make sure APIs use authentication (aimeeu, 14:46:38)
    19. Bryan: if we are talking about a new area such as live testing of vulnerabilities, then we have to identify tools and may have to find resources (aimeeu, 14:47:50)
    20. Bryan: need to expand company participation (aimeeu, 14:48:10)
    21. Daniel: Amdocs would like to be more involved and is looking for places to fit in (aimeeu, 14:49:20)
    22. Bryan reiterates that platform development is open source and open to everyone - if Amdocs has people who want to be involved, the Community will welcome them in whatever capacity they can participate (aimeeu, 14:51:35)
    23. Jack: what do we really want to accomplish in this first release? is there a clear list? (aimeeu, 14:53:38)
    24. Jack would like a list so he can push the agenda in his role as TSC Chair (aimeeu, 14:54:30)
    25. Bryan: there are some items in Jira (aimeeu, 14:55:10)
    26. ACTION: Bryan will update wiki to summarize main items for Athena release (aimeeu, 14:56:39)
    27. ACTION: Bryan will send out new meeting invite with updated info (aimeeu, 14:58:20)


Meeting ended at 15:01:15 UTC (full logs).

Action items

  1. Bryan will send contact info to Daniel
  2. Bryan will update wiki to summarize main items for Athena release
  3. Bryan will send out new meeting invite with updated info


People present (lines said)

  1. aimeeu (34)
  2. collabot (4)
  3. bryan_att (0)


Generated by MeetBot 0.1.4.