#opnfv-sec: Security Group - Inspector session

Meeting started by LukeHinds at 14:00:53 UTC (full logs).

Meeting summary

1. Just waiting for HA to free up the bridge (LukeHinds, 14:01:13)
2. Access Code: 903-656-045 (LukeHinds, 14:09:05)
3. +1 (224) 501-3217 (LukeHinds, 14:09:35)
4. https://global.gotomeeting.com/join/903656045 (LukeHinds, 14:10:12)
5. https://etherpad.opnfv.org/p/inspector_preliminary (jaosorior, 14:10:34)
inspector (LukeHinds, 14:11:45)
1. Juan is giving overview of main goal of the Inspector project. Its not a monitoring solution. (LukeHinds, 14:14:29)
2. if CADF is not sufficient we can add (LukeHinds, 14:14:47)
3. Mike B: LI requirements / retained data , very specific , should exclude those at this point (LukeHinds, 14:15:14)
4. information should be configurable - you can filter or exclude (LukeHinds, 14:15:31)
5. Juan there is a solution in openstack, but not ODL. (LukeHinds, 14:15:54)
6. Juan: hoping to get ODL involved (LukeHinds, 14:16:11)
7. Mike asked the difference between moon and inspector (LukeHinds, 14:16:24)
8. Juan: moon is a monitoring solution, inspector aim is to enable the provisioning of the information (from source i.e. openstack) (LukeHinds, 14:17:03)
9. Juan: collaborate with neutron to insure validation information is available. (LukeHinds, 14:18:06)
10. ^^^ example ^^^ (LukeHinds, 14:18:22)
11. if the information is not sufficient, inspector will make a push upstream to try and get that information available. (LukeHinds, 14:19:00)
12. We want to bring information to where its not available! (LukeHinds, 14:19:38)
13. https://wiki.openstack.org/wiki/Ceilometer/blueprints/support-standard-audit-formats#CADF_Model_is_designed_to_answer_all_Audit_and_Compliance_Questions (LukeHinds, 14:20:13)
14. Juan: Main usecase is audit (LukeHinds, 14:21:14)
15. Duan: if possible to create project in ETSI working group (LukeHinds, 14:22:57)
16. Juan: the point is to go towards the projects. and make the changes there (LukeHinds, 14:23:27)
17. https://wiki.opnfv.org/security/upstream/etsi (LukeHinds, 14:28:18)
18. https://etherpad.opnfv.org/p/inspector_preliminary (jaosorior, 14:30:12)
19. ACTION: Luke to email Mike about mapping to ETSI (LukeHinds, 14:32:14)
20. https://wiki.openstack.org/wiki/Monasca (jaosorior, 14:39:07)
21. ACTION: consider if we need to take Monasca into opnfv (LukeHinds, 14:40:31)
Moon (LukeHinds, 14:41:15)
1. Duan gave overview of moon (LukeHinds, 14:43:00)
2. Juan asked about authentication (LukeHinds, 14:43:14)
3. Duan: we will have a mgmt interface, dedicated for adminstrators (LukeHinds, 14:43:32)
4. Duan: define sec policies to include in security management system (LukeHinds, 14:44:03)
5. Auth towards mgmt of the services (LukeHinds, 14:44:15)
6. real time auth is not in keystone, there is no dynamic auth in keystone (LukeHinds, 14:44:50)
7. need to include in sdn controllers (LukeHinds, 14:45:48)
8. will be done in future (LukeHinds, 14:45:54)
9. policie engines are there like copper, and moon will support mgmt of them (LukeHinds, 14:46:35)
10. Juan: how to enforce policy? (LukeHinds, 14:46:44)
11. #link https://wiki.opnfv.org/moon (LukeHinds, 14:48:03)
12. Mike, which policies? (LukeHinds, 14:48:12)
13. start with access control policy (LukeHinds, 14:48:24)
14. Mike mentioned Nokia Cloud Security Director and Duan knew of this solution (LukeHinds, 14:50:31)
15. will be presented at ETSI (LukeHinds, 14:50:46)
16. first release last year (LukeHinds, 14:51:42)
17. finish second release in july (LukeHinds, 14:51:59)
18. I didn't specifically mention Nokia Cloud Security Director - just that Nokia will be presenting a contribution which may be relevant (MikeCamel, 14:52:10)
19. code maturity will be the same as keystone (LukeHinds, 14:52:11)
20. http://www.supercloud-project.eu/ (LukeHinds, 14:55:09)

Meeting ended at 14:56:04 UTC (full logs).

Action items

Luke to email Mike about mapping to ETSI
consider if we need to take Monasca into opnfv

People present (lines said)

LukeHinds (49)
jaosorior (7)
collabot (3)
MikeCamel (1)

Generated by MeetBot 0.1.4.