14:05:18 <LukeHinds> #startmeeting Security Group 04/11/2015 14:05:19 <collabot> Meeting started Wed Nov 4 14:05:18 2015 UTC. The chair is LukeHinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:05:19 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:05:19 <collabot> The meeting name has been set to 'security_group_04_11_2015' 14:05:30 <LukeHinds> #topic agenda 14:05:40 <LukeHinds> Anyone have any items for the agenda? 14:06:37 <aripie> hi, had some connectivity problems 14:06:43 <LukeHinds> np ari 14:06:52 <LukeHinds> anything you want to put on the agenda? 14:07:42 <LukeHinds> any takers? 14:07:53 <aripie> maybe moon collaboration 14:08:04 <LukeHinds> sure, ok 14:08:16 <LukeHinds> I have the security guide 14:08:36 <LukeHinds> ok, lets get mine going as i need to leave a little early 14:08:44 <LukeHinds> #topic Security Guide 14:09:05 <LukeHinds> So I have started to map out the security guide, and could do with some feedback or additions from the community. 14:10:13 <LukeHinds> the gist of it is, it will be a living document generated using structured text (sphinx) and will cover all security aspects of the OPNFV platform, so secure architect, hardening, best practises etc. 14:10:41 <Sona> something similar to http://docs.openstack.org/security-guide/? 14:11:05 <LukeHinds> by living document, I mean it will (I hope) be hosted on a web server and as we commit builds, it will have the latest revision available 14:11:15 <LukeHinds> yes Sona, just like osg 14:11:33 <LukeHinds> sphinx will then allow people to view in html or pull down a PDF / ePub 14:11:51 <Sona> sounds good 14:11:54 <LukeHinds> I have the following #link https://etherpad.opnfv.org/p/security-guide 14:11:56 <aripie> +1 14:12:01 <LukeHinds> as a TOC to get things going 14:12:09 <LukeHinds> feel free to make additions , comments 14:12:25 <LukeHinds> just make sure you add you name in the top right box, so we can see who said what 14:13:10 <LukeHinds> I also plan to go around each project and quiz them over what 'security' aspects they have, and get them to contribute or steer us towards the content for us to make the additions 14:13:26 <LukeHinds> currently its on my personal github 14:13:37 <LukeHinds> but I have asked linux foundation for git / gerrit 14:13:44 <Sona> It would be good if members from security team from opensource projects (such as ODL, Openstack ...) were involved too 14:13:52 <LukeHinds> #link https://github.com/lukehinds/opnfv-security-guide 14:14:30 <LukeHinds> Not so sure Sona, they will just want to focus on their own guides, rather then repeat efforts downstream. 14:14:57 <LukeHinds> but we can I am sure, ask them for advice, or even contrbute back upstream 14:15:11 <LukeHinds> so if we come up with something relevant for ODL etc, we can push that up 14:15:36 <Sona> I think it would be good if we collaborated 14:15:59 <Sona> I think some of our work overlap 14:16:08 <aripie> no harm if we get at least some review help 14:16:27 <Sona> yes 14:16:37 <LukeHinds> for where we overlap, we just reference them 14:16:53 <Sona> but this is good start 14:16:56 <LukeHinds> this is what we did in the openstack guide, for example, we point towards django security guide 14:17:29 <LukeHinds> but they have creative commons CC, so we are free to use what they have, as long as we credit 14:18:39 <LukeHinds> so if all could look at the TOC and see what you think, we can review that next week 14:19:08 <Sona> yes, 14:19:10 <LukeHinds> only tip I would have, is we need to think of how this centers on NFV/SDN/Telco 14:19:47 <LukeHinds> For example, SDN Controller, not Dropbox 14:19:59 <LukeHinds> Kind of obvious to most of you 14:20:18 <LukeHinds> but merits a mention, as 'cloud' is so ambiguous a term 14:20:29 <aripie> we can check towards ETSI security&trust guidance to make sure we cover that scope 14:20:48 <LukeHinds> Thats a good point 14:21:01 <LukeHinds> so topology validation and enforcement, the problem statements... 14:21:20 <mwinandy> hi, also ONF security principles, for the SDN part could be helpful 14:21:40 <Sona> Ari: do you mean http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf 14:22:01 <aripie> correct 14:23:22 <Sona> https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/Principles_and_Practices_for_Securing_Software-Defined_Networks_applied_to_OFv1.3.4_V1.0.pdf? 14:23:26 <LukeHinds> what we could do is have a chapter on ETSI, and show in each sub-chapter, how to achieve the security 14:23:39 <LukeHinds> for each problem statement 14:23:51 <Sona> that would be good 14:24:24 <LukeHinds> VNF Instantiation ............ 14:24:27 <LukeHinds> >>> Secured Boot .... 14:24:49 <LukeHinds> >>>>>> How we do secure boot in OPNFV (TXT etc) 14:24:58 <mwinandy> Sona: correct 14:25:53 <LukeHinds> #agree mwinandy> hi, also ONF security principles, for the SDN part could be helpful 14:26:19 <LukeHinds> #agree aripie: we can check towards ETSI security&trust guidance to make sure we cover that scope 14:26:49 <LukeHinds> anyone want to take some actions to contribute? understand you might need a little time to get set up? 14:27:45 <aripie> I can work along with the ToC 14:27:52 <Sona> I can help, but I might need some help, 14:28:38 <LukeHinds> that's fine, plenty of help will be on hand. 14:29:19 <LukeHinds> I would say if a really good upsteam source exists, we can put a summary and communicate essentially the principle of X - and then hyperlink reference upstream 14:29:36 <LukeHinds> that way we have not got to keep syncing with any changes they make 14:29:49 <LukeHinds> ok, lets do this 14:30:05 <mwinandy> yes, summary + reference 14:30:14 <LukeHinds> #action all to review ToC and consider additions and what areas they would like to work on 14:31:01 <LukeHinds> #agree if good upsteam source exists, we can put a summary and communicate essentially the principle of X - and then hyperlink reference upstream 14:31:27 <LukeHinds> #action Luke to provide help getting git / gerrit set up for contributers 14:31:58 <LukeHinds> #info ^^ On the 18th November 14:32:03 <Sona> maybe we should split TOC between oss (those who want to review) 14:32:15 <LukeHinds> I put 18th as I am away next week 14:32:22 <LukeHinds> oss? 14:32:28 <Sona> us :) 14:32:32 <LukeHinds> ahh 14:32:55 <LukeHinds> sure, I think lets start by seeing what you want to work on. 14:33:06 <Sona> ok 14:33:19 <LukeHinds> we can then triage the more challenging topics after we hit the stuff we are strong in 14:33:33 <LukeHinds> or boring topics :) 14:34:14 <LukeHinds> what we can then do is, think about timelines, so we can be ready for whichever release of opnfv 14:34:31 <LukeHinds> that way we have not pressure, but a goal to help us get things done 14:34:59 <LukeHinds> ok 14:35:21 <Sona> Is there a new release of OPNFV scheduled? 14:35:25 <LukeHinds> #topic moon 14:37:06 <LukeHinds> I got to go guys! 14:37:11 <aripie> re moon, I am thinking sync with inspector 14:37:18 <LukeHinds> sorry, I will check on messages when I get back 14:37:22 <aripie> ok Luke 14:37:39 <LukeHinds> please go ahead though ari 14:37:46 <LukeHinds> I will read when I get back 14:37:48 <aripie> sure 14:38:12 <aripie> right, anyone here involved in moon? 14:39:05 <aripie> I take it as a no 14:39:40 <aripie> #action Ari to check with moon re inspector 14:40:15 <aripie> #topic any other business 14:40:47 <aripie> anything else in your minds? 14:42:22 <Sona> not from me 14:43:04 <aripie> I suppose we are done, let's work on the security guide 14:43:21 <aripie> #endmeeting 14:43:45 <mwinandy> ok, bye 14:43:49 <aripie> bye 14:45:23 <Sona> bye 14:01:01 <aripie> Hi Sona 14:01:27 <aripie> not sure if the meeting is on today 14:01:40 <aripie> ... and I have to leave in about 5 minutes 14:03:49 <sona> ok 14:03:57 <sona> no problem 14:04:16 <sona> I was not sure when it is? 14:05:15 <aripie> it would be this time, but the OPNFV Summit is this week so those who attend may be busy there 14:05:51 <sona> ok, see you next week then 14:05:55 <sona> bye 14:06:20 <aripie> sure, till next time! 14:06:22 <aripie> bye 14:06:39 <LukeHinds> Hello * 14:06:48 <aripie> Hi 14:06:58 <LukeHinds> As per email, I need to leave a little early, but lets get things kicked off and I can re-join 14:07:23 <collabot`> LukeHinds: Error: Can't start another meeting, one is in progress. Use #endmeeting first. 14:07:32 <LukeHinds> #endmeeting