#opnfv-sec log

14:00:53 <LukeHinds> #startmeeting Security Group - Inspector session
14:00:53 <collabot> Meeting started Wed May 13 14:00:53 2015 UTC.  The chair is LukeHinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:53 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:00:53 <collabot> The meeting name has been set to 'security_group___inspector_session'
14:01:13 <LukeHinds> #info Just waiting for HA to free up the bridge
14:01:23 <jaosorior> trying to call in
14:02:19 <LukeHinds> ok, bridge is open
14:05:17 <jaosorior> ok, I called in
14:06:42 <LukeHinds> ok, i am not audidle
14:09:05 <LukeHinds> #info Access Code: 903-656-045
14:09:35 <LukeHinds> #info +1 (224) 501-3217
14:10:12 <LukeHinds> #info https://global.gotomeeting.com/join/903656045
14:10:34 <jaosorior> #link https://etherpad.opnfv.org/p/inspector_preliminary
14:11:45 <LukeHinds> #topic inspector
14:11:56 <jaosorior> by the way, for the people joining only in IRC, we are at the moment discussing by phone, as said by LukeHinds
14:12:11 <jaosorior> mostly we will be using IRC in the future, but for this one, we decided to fall back into the phone conference
14:14:29 <LukeHinds> #info Juan is giving overview of main goal of the Inspector project. Its not a monitoring solution.
14:14:47 <LukeHinds> #info if CADF is not sufficient we can add
14:15:14 <LukeHinds> #info Mike B: LI requirements / retained data , very specific , should exclude those at this point
14:15:31 <LukeHinds> #info information should be configurable - you can filter or exclude
14:15:54 <LukeHinds> #info Juan there is a solution in openstack, but not ODL.
14:16:11 <LukeHinds> #info Juan: hoping to get ODL involved
14:16:24 <LukeHinds> #info Mike asked the difference between moon and inspector
14:17:03 <LukeHinds> #info Juan: moon is a monitoring solution, inspector aim is to enable the provisioning of the information (from source i.e. openstack)
14:18:06 <LukeHinds> #info Juan: collaborate with neutron to insure validation information is available.
14:18:22 <LukeHinds> #info ^^^ example ^^^
14:19:00 <LukeHinds> #info if the information is not sufficient, inspector will make a push upstream to try and get that information available.
14:19:30 <LukeHinds> # We want to bring information to where its not available!
14:19:38 <LukeHinds> #info We want to bring information to where its not available!
14:20:13 <LukeHinds> #link https://wiki.openstack.org/wiki/Ceilometer/blueprints/support-standard-audit-formats#CADF_Model_is_designed_to_answer_all_Audit_and_Compliance_Questions
14:21:14 <LukeHinds> #info Juan: Main usecase is audit
14:22:57 <LukeHinds> #info Duan: if possible to create project in ETSI working group
14:23:27 <LukeHinds> #info Juan: the point is to go towards the projects. and make the changes there
14:28:18 <LukeHinds> #link https://wiki.opnfv.org/security/upstream/etsi
14:30:12 <jaosorior> #link https://etherpad.opnfv.org/p/inspector_preliminary
14:32:14 <LukeHinds> #action Luke to email Mike about mapping to ETSI
14:39:07 <jaosorior> #link https://wiki.openstack.org/wiki/Monasca
14:40:31 <LukeHinds> #action consider if we need to take Monasca into opnfv
14:41:15 <LukeHinds> #topic Moon
14:43:00 <LukeHinds> #info Duan gave overview of moon
14:43:14 <LukeHinds> #info Juan asked about authentication
14:43:32 <LukeHinds> #info Duan: we will have a mgmt interface, dedicated for adminstrators
14:44:03 <LukeHinds> #info Duan: define sec policies to include in security management system
14:44:15 <LukeHinds> #info Auth towards mgmt of the services
14:44:50 <LukeHinds> #info real time auth is not in keystone, there is no dynamic auth in keystone
14:45:48 <LukeHinds> #info need to include in sdn controllers
14:45:54 <LukeHinds> #info will be done in future
14:46:35 <LukeHinds> #info policie engines are there like copper, and moon will support mgmt of them
14:46:44 <LukeHinds> #info Juan: how to enforce policy?
14:48:03 <LukeHinds> #info #link https://wiki.opnfv.org/moon
14:48:12 <LukeHinds> #info Mike, which policies?
14:48:24 <LukeHinds> #info start with access control policy
14:50:31 <LukeHinds> #info Mike mentioned Nokia Cloud Security Director and Duan knew of this solution
14:50:46 <LukeHinds> #info will be presented at ETSI
14:51:42 <LukeHinds> #info first release last year
14:51:59 <LukeHinds> #info finish second release in july
14:52:10 <MikeCamel> #info I didn't specifically mention Nokia Cloud Security Director - just that Nokia will be presenting a contribution which may be relevant
14:52:11 <LukeHinds> #info code maturity will be the same as keystone
14:55:09 <LukeHinds> #link http://www.supercloud-project.eu/
14:56:04 <LukeHinds> #endmeeting