15:06:48 <icbts> #startmeeting Security Analysis Team, Introductory meeting.
15:06:48 <odl_meetbot> Meeting started Fri May  2 15:06:48 2014 UTC.  The chair is icbts. Information about MeetBot at http://ci.openstack.org/meetbot.html.
15:06:48 <odl_meetbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:06:48 <odl_meetbot> The meeting name has been set to 'security_analysis_team__introductory_meeting_'
15:07:20 <icbts> #info attendees introducing theirselves, and back grounds
15:07:36 <icbts> tykeal: thank you
15:12:01 <icbts> #link https://wiki.opendaylight.org/view/CrossProject:OpenDaylight_Security_Analysis
15:13:39 <icbts> #info when to discuss meeting with TSC regarding team activities
15:15:24 <icbts> #info 1. Document current security status
15:18:23 <icbts> #info Platform Integrity. Develop recommendations for adding security to build process
15:18:53 <icbts> #info discussed adding signatures/digests to release artifacts
15:19:53 <icbts> #info Jamie - add documentation to wiki regarding how projects use pgp to sign releases - Can ODL adopt a similar procedure?
15:20:23 <icbts> #info Access between public and private build server for releases
15:22:16 <icbts> #info Is pgp worth it? Is signed releases going to help?
15:22:34 <icbts> #info log access to release system
15:22:48 <icbts> #info Whom built release and when
15:23:36 <icbts> #info OSGI Container Security: what kind of security exists with in the framework
15:27:49 <icbts> #info Use OSGi spec level security. Currently ODL uses Equinox and Virgo, we should explore what security mechanism/best practices these frameworks recomment
15:28:22 <icbts> #info Cluster Protocol: Ensure cluster protocol and communication is secure + recommendations
15:29:21 <icbts> #info infinband vs akka ?
15:30:23 <icbts> #info Need to develop expertise in this protocol area, and investigate security areas
15:30:51 <icbts> #info OSGi Container Security:  authorizing machine users
15:31:10 <icbts> #info How do we handle machine access?
15:31:37 <icbts> #info authorizing additions to container
15:33:13 <icbts> #info Investigate deployment security - whom may install into container
15:33:41 <icbts> #info authorized access to container, can they do deployment
15:33:54 <icbts> #info security concern regarding hot deployment folder
15:34:32 <icbts> #info  Jamie - investigate, what does each OSGi implementaion provide regarding security
15:34:43 <icbts> info ie: Equinox vs Felix
15:34:52 <icbts> #info ie.Equinox vs Felix
15:36:09 <icbts> #info Susanta - investigate more into Cluster Protocol
15:36:44 <icbts> #info Current status and recommendations
15:37:10 <icbts> #info Existing Security in North Bound and South Bound APIs
15:37:45 <icbts> #link https://docs.google.com/presentation/d/1df-GMYVe1zGEU6DgKzFQ3xeceicqcGNRRsT5l5QNd_E/edit?pli=1#slide=id.g26bf015a9_2_42
15:38:42 <icbts> #info Discussing what documentation exists for securing components of ODL
15:39:33 <icbts> #info Create central page for locating all documenation regarding securing ODL — possibly a table with component — pages
15:41:18 <icbts> #info Need to review projects for current security docs
15:41:59 <icbts> #info Mike — DFA
15:42:38 <icbts> #info Neutron — ?
15:42:59 <icbts> #info VTN Coordinator — ?
15:44:23 <Madhu> icbts: is there a meeting now ? :)
15:44:27 <Madhu> can u pass on the link
15:44:41 <icbts> Madhu: which link?
15:44:57 <Madhu> is there a webex ? or is it irc meeting only
15:44:59 <icbts> Madhu: https://www.google.com/url?q=https%3A%2F%2Fcisco.webex.com%2Fcisco%2Fj.php%3FMTID%3Dme0417dbc1b8e015866cc7c754ab1b456&usd=2&usg=AFQjCNEgnqAWd_hRN7l4gZLkiFXDrIO-pA
15:45:34 <icbts> #info attendees picking portions of ODL to review
15:46:00 <icbts> #info Recommendations — trusted key storage location
15:46:27 <icbts> Madhu: that link work for you?
15:47:16 <AnthonyG> I need to head to lecture, until next time!
15:47:59 <icbts> Madhu: we’re tracking minutes at least :)
15:48:14 <Madhu> icbts: thanks a ton sir
15:49:17 <icbts> #info Returning to discussion of authorization to install bundles
15:50:09 <icbts> Madhu: please feel free to add info :)
15:50:26 <Madhu> #info permissions in osgi : http://securesoftwaredev.com/2012/11/19/permissions-in-osgi/
15:52:04 <icbts> #info Certificate Authroties : discussion of what is available
15:55:16 <icbts> #info Application Authorization
15:56:28 <icbts> #info document RBAC on controller?
15:57:35 <icbts> #info IPv4 / IPv6
15:57:55 <icbts> #info Access Authorization
15:59:58 <icbts> #info Madhu, current situation vs what we could have in place
16:00:36 <Madhu> #info Application Authorization needs App Sandboxing
16:02:15 <Madhu> #info Java Core Permissions will help with App Sandboxing
16:03:37 <Madhu> #info Java sandboxing with Policy privileges in SecurityManager : http://securesoftwaredev.com/2012/11/12/sandboxing-java-code/
16:04:07 <icbts> #info http://log.illsley.org/2010/11/29/osgi-java-security-manager-and-keeping-things-simple/
16:05:07 <icbts> #info http://www.osgi.org/wiki/uploads/CommunityEvent2008/24_JahnGumbel.pdf
16:06:55 <icbts> #info What can we use from OSGi framework & Java security
16:09:54 <icbts> #info Securing the deploy folder (out side of scope, but should be reviewed)
16:10:29 <icbts> #info App Sand boxing, access to resource
16:10:51 <icbts> #info Arash, Madhu - sandbox
16:11:38 <icbts> #info Wojciech - concern over overlapping reviews
16:14:08 <icbts> #info Sandboxing: collect information on subject
16:16:17 <icbts> #info Controller Device Boot Strap, Authentication Authoriazation
16:16:41 <icbts> #info Arash, discussing his thoughts on wiki page
16:16:44 <icbts> #link https://wiki.opendaylight.org/view/CrossProject:OpenDaylight_Security_Analysis
16:17:08 <icbts> #link https://wiki.opendaylight.org/view/CrossProject:OpenDaylight_Security_Analysis#OpenDaylight_Controller_Security
16:23:20 <icbts> #info Arash requests comments on his notes
16:23:47 <icbts> Madhu: I need to drop off the call, can you continue the notes?
16:24:03 <Madhu> icbts: thanks and i will.
16:24:09 <icbts> Madhu: thank you :)
16:24:18 <Madhu> #chair
16:24:31 <Madhu> icbts: do u know how to take the chair ?
16:25:36 <icbts> #chair madhu
16:25:36 <odl_meetbot> Current chairs: icbts madhu
16:25:51 <Madhu> icbts: thanks
16:25:55 <icbts> Madhu: Thanks again
16:26:15 * icbts Great getting to meet you all, I’ll read the notes after wards :)
16:26:39 <Madhu> #question why is there a need for #6 mention of Firewall
16:32:01 <edwarnicke> Guys... not to in anyway discourage the discussion around AAA stuff, but rather to make sure that no two groups working on stuff are unware of each other... I wanted to point you to: https://wiki.opendaylight.org/view/Project_Proposals:AAA_Service
16:32:07 <Madhu> #info on Vulnerability analysis there are available tools which can be used
16:32:34 <Madhu> edwarnicke: yes thanks. we are discussing about that
16:32:41 <edwarnicke> Excellent :)
16:32:59 <Madhu> edwarnicke: but we need to make sure the AAA service scope is clearly understood
16:33:19 <Madhu> anyways. the scope portion of AAA project can improve.
16:37:26 <Madhu> #action controller to device security needs to be reviewed and worked on
16:39:51 <Meenakshi> #info thank you Jamie for taking awesome notes :)
16:40:12 <Madhu> #info plan is to make the security analysis meeting recurring 8.30am PT
16:40:55 <icbts> Meenakshi: no problem - at the end of the call be sure to issue the endmeeting command
16:41:07 <icbts> then grab the link and add to the team wiki page
16:42:24 <Madhu> #endmeeting