User Tools

Site Tools


meetings:security:13052015

Security Group 18/03/2015

Attendees:

  • Luke Hinds (Nokia) - Chaired
  • Juan Antonio Osorio Robles (Ericsson)
  • Ari Pietikäinen (Ericsson)
  • Mike Bursell (Intel)
  • Duan (Orange)

Agenda

  • Inspector Discussion
  • Moon Discussion

Project Discussions

Inspector

  Juan is giving overview of main goal of the Inspector project. Its not a monitoring solution. (
  if CADF is not sufficient we can add (LukeHinds, 14:14:47)
  Mike B: LI requirements / retained data , very specific , should exclude those at this point 
  information should be configurable - you can filter or exclude 
  Juan there is a solution in openstack, but not ODL. 
  Juan: hoping to get ODL involved 
  Mike asked the difference between moon and inspector 
  Juan: moon is a monitoring solution, inspector aim is to enable the provisioning of the information (from source i.e. openstack) 
  Juan: collaborate with neutron to insure validation information is available. (LukeHinds, 14:18:06)
  ^^^ example ^^^ (
  if the information is not sufficient, inspector will make a push upstream to try and get that information available. 
  We want to bring information to where its not available! 
  https://wiki.openstack.org/wiki/Ceilometer/blueprints/support-standard-audit-formats#CADF_Model_is_designed_to_answer_all_Audit_and_Compliance_Questions
  Juan: Main usecase is audit 
  Duan: if possible to create project in ETSI working group 
  Juan: the point is to go towards the projects. and make the changes there 
  https://wiki.opnfv.org/security/upstream/etsi 
  https://etherpad.opnfv.org/p/inspector_preliminary 
  ACTION: Luke to email Mike about mapping to ETSI 
  https://wiki.openstack.org/wiki/Monasca 
  ACTION: consider if we need to take Monasca into opnfv 

Moon

  Duan gave overview of moon 
  Juan asked about authentication 
  Duan: we will have a mgmt interface, dedicated for adminstrators 
  Duan: define sec policies to include in security management system 
  Auth towards mgmt of the services 
  real time auth is not in keystone, there is no dynamic auth in keystone 
  need to include in sdn controllers 
  will be done in future 
  policie engines are there like copper, and moon will support mgmt of them 
  Juan: how to enforce policy? 
  #link https://wiki.opnfv.org/moon 
  Mike, which policies? 
  start with access control policy 
  first release last year 
  finish second release in july 
  code maturity will be the same as keystone 
  http://www.supercloud-project.eu/ 

Action items

  Kapil to attend next SEC group to discuss SEC008 and inspector
  Luke to contact Ashutosh to perform the same.
  Luke to contact ONF about inspector project
  juan/ari to start listing specific components / work items for commiters / contributers

People present (lines said)

  LukeHinds (75)
  jaosorior (45)
  aripie (18)
  MikeCamel (11)
  collabot (5)
meetings/security/13052015.txt · Last modified: 2015/05/29 15:14 by Luke Hinds