===================================================== #acumos-meeting: Validation and Security Team Meeting ===================================================== Meeting started by aimeeu at 13:02:27 UTC. The full logs are available at http://ircbot.wl.linuxfoundation.org/meetings/acumos-meeting/2018/acumos-meeting.2018-05-03-13.02.log.html . Meeting summary --------------- * attendees: Bryan Sullivan (AT&T), Chuxin Chen (AT&T), Jack Murray (AT&T), Karrie (AT&T), Devendra Sen (TechM), Dev (aimeeu, 13:08:19) * Jack: the validation process will be more complex than a web-based experience (aimeeu, 13:08:58) * Karrie: for end to end validation experience, need to access status, notification - design has to accommodate that part of the process (aimeeu, 13:11:41) * Bryan summarizes: need a behind the scenes workflow engine for validation that does not impact the Portal (aimeeu, 13:13:07) * LINK: https://etherpad.acumos.org/p/validation-meeting-180503 (bryan_att, 13:16:21) * Requirements (aimeeu, 13:18:25) * Bryan summarizes requirements on the etherpad (aimeeu, 13:23:05) * Jack: complex problem; define and follow a "best practice" (aimeeu, 13:26:12) * Jack: security of the platform is models as well as underlying platform; very broad scope (aimeeu, 13:26:50) * Bryan: goal for project should be a program of industry best practices (aimeeu, 13:27:51) * similar to #link https://wiki.opnfv.org/display/security/2016/08/24/OPNFV+gets+CII+Best+Practices+Badge+for+Security+and+Quality (aimeeu, 13:29:09) * Architecture (aimeeu, 13:29:50) * Chuxin sent Bryan some slides to be added to the wiki; capture Validation intent from a user perspective (aimeeu, 13:30:19) * Bryan: separate what's presented in the UI from the back end (aimeeu, 13:30:56) * the work of the Security subcommittee is broader than the subject of today's call (aimeeu, 13:33:32) * this meeting is about the validation component, which resides in the Common Services project (aimeeu, 13:34:13) * Jack: need to separate items for broader Security Subcommittee from the work of the validation component (aimeeu, 13:35:03) * broader goals for Security Subcommittee: #link https://wiki.acumos.org/display/AC/Security+Scanning (aimeeu, 13:36:27) * Security Subcommittee will drive the requirements for the validation component (aimeeu, 13:38:31) * Jack: these security and validation requirements should be discussed by the Security Subcommittee, so this meeting is really a working group within the Security Subcommittee (aimeeu, 13:42:34) * Jack: once the requirements have been finalized, then the work can be passed to the Common Services project for implementation (aimeeu, 13:43:08) * Bryan summarizes what the current validation component does and what it will need to do going forward (aimeeu, 13:44:42) * discussion on workflow, perhaps incorporating a workflow engine such as Camunda (aimeeu, 13:52:39) * Bryan discusses using a YAML file to define workflow (aimeeu, 13:54:58) Meeting ended at 14:01:54 UTC. People present (lines said) --------------------------- * aimeeu (33) * collabot` (4) * vishnu (4) * bryan_att (1) Generated by `MeetBot`_ 0.1.4