#opnfv-sec: OPNFV Security Group

Meeting started by jaosorior at 14:05:20 UTC (full logs).

Meeting summary

  1. Agenda (jaosorior, 14:08:00)
    1. AGREED: Agenda (jaosorior, 14:09:52)

  2. Moon (jaosorior, 14:10:02)
    1. discussed with Ruan He (Orange) about how to contribute to Moon (mwinandy, 14:10:41)
    2. they are preparing to revise the proposal (mwinandy, 14:12:07)
    3. I had a look at a running demo of Moon. It supports RBAC and MLS access policies for users/tenants on OpenStack currently. (mwinandy, 14:13:05)
    4. Moon prototype code is currently standalone, but should be an extension for Keystone in next release. (mwinandy, 14:14:29)
    5. Moon will not replace policy engine, instead using existing one. But adds policy configuration and policy decision point. (mwinandy, 14:16:13)
    6. ACTION: Invite the contributors to the Moon project to the next Security Group meeting (jaosorior, 14:17:47)
    7. OpenStack has a lot of modules, each with their own (security) config. Moon wants to build a centralized policy management for all things in OpenStack, SDN controller, etc. Also place hooks in those components that they can directly enforce dynamic changes in the policy. (mwinandy, 14:19:23)
    8. http://www.mail-archive.com/openstack-dev@lists.openstack.org/msg52144.html (jaosorior, 14:21:00)
    9. that is worth a read, one of the keystone core-devs gives a really good insight about how policy works and some relevant aspects to take into account (jaosorior, 14:21:49)
    10. https://wiki.opnfv.org/moon (mwinandy, 14:23:12)
    11. https://wiki.opnfv.org/moon (jaosorior, 14:23:12)

  3. inspector (jaosorior, 14:26:40)
    1. The inspector project had a community review last Thursday, so it seemed that people agreed on the proposal (jaosorior, 14:27:57)
    2. https://wiki.opnfv.org/requirements_projects/inspector (jaosorior, 14:29:02)
    3. ACTION: invite the mailing list to discuss the inspector project (jaosorior, 14:34:33)
    4. ACTION: request the Linux Foundation for a repo for Inspector (jaosorior, 14:39:56)
    5. ACTION: jaosorior to write an overview of audit in OpenStack in the Inspector repo (jaosorior, 14:41:35)
    6. ACTION: set up a proper sphinx project structure in the repo (jaosorior, 14:41:56)
    7. http://www.etsi.org/technologies-clusters/technologies/nfv (aripie, 14:50:25)

  4. any other business (jaosorior, 14:52:11)


Meeting ended at 14:56:03 UTC (full logs).

Action items

  1. Invite the contributors to the Moon project to the next Security Group meeting
  2. invite the mailing list to discuss the inspector project
  3. request the Linux Foundation for a repo for Inspector
  4. jaosorior to write an overview of audit in OpenStack in the Inspector repo
  5. set up a proper sphinx project structure in the repo


Action items, by person

  1. jaosorior
    1. jaosorior to write an overview of audit in OpenStack in the Inspector repo
  2. UNASSIGNED
    1. Invite the contributors to the Moon project to the next Security Group meeting
    2. invite the mailing list to discuss the inspector project
    3. request the Linux Foundation for a repo for Inspector
    4. set up a proper sphinx project structure in the repo


People present (lines said)

  1. jaosorior (91)
  2. mwinandy (26)
  3. aripie (14)
  4. B_Smith (4)
  5. collabot (3)


Generated by MeetBot 0.1.4.