====== Security Group 18/03/2015 ======


**Attendees:** 

  * Luke Hinds (Nokia) - Chaired
  * Juan Antonio Osorio Robles (Ericsson) 
  * Ari Pietikäinen (Ericsson)
  * Mike Bursell (Intel)
  * Duan (Orange)

  * please note, to be marked as attended, add your name to the meeting etherpad https://etherpad.opnfv.org/p/opnfv-sec-meetings


**Agenda**

  * Inspector Discussion
  * Moon Discussion


**Project Discussions**

Inspector 

    Juan is giving overview of main goal of the Inspector project. Its not a monitoring solution. (
    if CADF is not sufficient we can add (LukeHinds, 14:14:47)
    Mike B: LI requirements / retained data , very specific , should exclude those at this point 
    information should be configurable - you can filter or exclude 
    Juan there is a solution in openstack, but not ODL. 
    Juan: hoping to get ODL involved 
    Mike asked the difference between moon and inspector 
    Juan: moon is a monitoring solution, inspector aim is to enable the provisioning of the information (from source i.e. openstack) 
    Juan: collaborate with neutron to insure validation information is available. (LukeHinds, 14:18:06)
    ^^^ example ^^^ (
    if the information is not sufficient, inspector will make a push upstream to try and get that information available. 
    We want to bring information to where its not available! 
    https://wiki.openstack.org/wiki/Ceilometer/blueprints/support-standard-audit-formats#CADF_Model_is_designed_to_answer_all_Audit_and_Compliance_Questions
    Juan: Main usecase is audit 
    Duan: if possible to create project in ETSI working group 
    Juan: the point is to go towards the projects. and make the changes there 
    https://wiki.opnfv.org/security/upstream/etsi 
    https://etherpad.opnfv.org/p/inspector_preliminary 
    ACTION: Luke to email Mike about mapping to ETSI 
    https://wiki.openstack.org/wiki/Monasca 
    ACTION: consider if we need to take Monasca into opnfv 


Moon 

    Duan gave overview of moon 
    Juan asked about authentication 
    Duan: we will have a mgmt interface, dedicated for adminstrators 
    Duan: define sec policies to include in security management system 
    Auth towards mgmt of the services 
    real time auth is not in keystone, there is no dynamic auth in keystone 
    need to include in sdn controllers 
    will be done in future 
    policie engines are there like copper, and moon will support mgmt of them 
    Juan: how to enforce policy? 
    #link https://wiki.opnfv.org/moon 
    Mike, which policies? 
    start with access control policy 
    first release last year 
    finish second release in july 
    code maturity will be the same as keystone 
    http://www.supercloud-project.eu/ 


Action items

    Kapil to attend next SEC group to discuss SEC008 and inspector
    Luke to contact Ashutosh to perform the same.
    Luke to contact ONF about inspector project
    juan/ari to start listing specific components / work items for commiters / contributers



People present (lines said)

    LukeHinds (75)
    jaosorior (45)
    aripie (18)
    MikeCamel (11)
    collabot (5)