18:00:11 <bdpayne> #startmeeting OpenStack Security Group
18:00:12 <openstack> Meeting started Thu Feb 28 18:00:11 2013 UTC.  The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:15 <openstack> The meeting name has been set to 'openstack_security_group'
18:00:29 <bdpayne> good morning security group :-)
18:00:37 <noslzzp> morning..
18:00:42 <bdpayne> (or afternoon / evening)
18:01:22 <bdpayne> I wanted to start by discussing design summit sessions
18:01:35 <bdpayne> #topic Design Summit Sessions
18:01:48 <bdpayne> #link http://summit.openstack.org/
18:02:04 <bdpayne> Just curious what people are planning on proposing in the security space
18:02:33 <bdpayne> I know there's the key manager one
18:02:57 <rellerreller> We are looking at having a disk encryption one
18:03:08 <bdpayne> right, is that proposed yet?
18:03:22 <rellerreller> Not officially.  Still working on that
18:03:27 <bdpayne> kk
18:03:43 <bdpayne> I've been toying with the idea of putting something together on RBAC… would that be of interest?
18:04:20 <rellerreller> I'd be interested
18:04:24 <bdpayne> specifically, looking at what is needed to start providing meaningful RBAC across the stack
18:04:58 <noslzzp> Yes.
18:05:09 <bdpayne> ok, I'll see if I can formalize that a bit and put something together… input welcome
18:05:20 <noslzzp> I would suggest pinging ayoung@redhat.com
18:05:26 <bdpayne> #action Bryan to think about RBAC design session
18:05:36 <bdpayne> ah, good idea
18:05:48 <bdpayne> #action Bryan to ping ayoung re RBAC
18:06:29 <bdpayne> if there are other security related topics, please let us know
18:06:44 <bdpayne> for better or worse, I don't think that there will be a security track
18:07:03 <bdpayne> so we will be scattered… but that does keep us integrated into the individual projects
18:07:06 <bdpayne> which has its benefits
18:07:11 <lglenden> will there be a security track in the user sessions?
18:07:29 <bdpayne> I'm guessing that there will be… there was last time
18:07:37 <bdpayne> and there were lots of security talks presenting this time
18:07:43 <lglenden> okay, cool
18:07:46 <bdpayne> s/presenting/proposed/
18:08:03 <ayoung> consider me pung
18:08:11 <noslzzp> ;)
18:08:16 <bdpayne> hey ayoung :-)
18:08:30 <bdpayne> I'll contact you outside of this meeting to chat about RBAC a bit… sound good?
18:08:35 <ayoung> yep
18:08:39 <bdpayne> thanks
18:09:04 * bdpayne never knew "pung" was a word
18:09:18 <bdpayne> ok, any other discussion on the summit?
18:09:33 <noslzzp> ping + ayoung = pung..
18:09:42 <bdpayne> heh
18:09:53 <lglenden> there was some talk about an informal meetup of the OSSG, any update there?
18:10:12 <ayoung> probably should bring up trusts
18:10:31 <bdpayne> Re the meet up, would it be useful to plan it this far in advance?
18:10:38 <ayoung> But let me get them finished first.
18:11:09 <bdpayne> We can, but I just assumed people would rather set it up closer to the event
18:11:35 <rellerreller> It's useful if not meeting during regular conference days (i.e. meet early day of or day late)
18:11:36 <lglenden> that's okay with me, just wanted to make sure I haven't missed anything
18:12:08 <bdpayne> so, nothing planned yet… I'll certainly announce here
18:12:27 <bdpayne> once the summit schedule is out, let's pick a night for dinner
18:12:37 <lglenden> sounds good
18:12:43 <noslzzp> indeed.
18:12:56 <bdpayne> ok, pushing ahead
18:13:01 <bdpayne> #topic Hardening Guide
18:13:10 <bdpayne> I saw that there was some chatter on this last week
18:13:20 <bdpayne> both in the meeting, and outside of the meeting some feedback on the outline
18:13:41 <noslzzp> Yes.
18:13:50 <bdpayne> so, thanks!
18:13:57 <noslzzp> I submitted a pull request, but I am not entirely happy with content/flow..
18:13:57 <bdpayne> I wanted to discuss the format for the guide
18:14:09 <bdpayne> specifically, latex versus ??
18:14:25 <noslzzp> ok, let's discuss format, and I can bring up the content/flow issues..
18:14:27 <bdpayne> I think that latex was chosen by Rob and I b/c we know it best and were comfortable working with it
18:14:47 <bdpayne> but, we're open to change if that would get other's more involved
18:15:06 <ayoung> bdpayne, I am also proposing a summit talk that would fall under the aegis of Hardening
18:15:25 <bdpayne> so… can someone suggest a text based format that they would prefer to latex?
18:15:33 <ayoung> bdpayne, markdown
18:15:36 <noslzzp> i would suggest changing the format only because I have limited time to devote to getting up to proper speed with Tex..
18:15:40 <ayoung> that is what we are using for the API docs
18:15:46 <noslzzp> +1 for markdown.
18:15:59 <bdpayne> ok, that works with me
18:16:17 <ayoung> https://github.com/openstack/identity-api/tree/master/openstack-identity-api/src/markdown
18:16:26 <bdpayne> basically, I only want to take the time to convert and learn a new language if others will actually contribute more because of it
18:17:09 <bdpayne> so, if I switch to markdown… will others then start putting up PRs? :-)
18:17:20 <noslzzp> of course!
18:17:29 <bdpayne> ok, we have a deal
18:17:50 <bdpayne> #action Bryan to convert hardening guide from latex to markdown … after learning markdown
18:18:31 <bdpayne> real quick before we discuss hardening guide content… ayoung you had a summit talk idea?
18:19:25 <ayoung> bdpayne, yes, let me post link
18:19:53 <ayoung> http://summit.openstack.org/cfp/edit/22
18:20:07 <ayoung> you probably can't see that link, as it is an edit, but talk 22 off the summit
18:20:12 <ayoung> Securing Openstack Deployments with FreeIPA
18:20:30 <ayoung> http://summit.openstack.org/cfp/details/22
18:20:44 <bdpayne> FreeIPA
18:20:47 <bdpayne> got it
18:21:15 <bdpayne> worth exploring… and attending for sure
18:21:16 <bdpayne> thanks
18:21:53 <bdpayne> noslzzp you had thoughts on guide content?
18:22:04 <noslzzp> Yes.
18:22:20 <bdpayne> #link https://github.com/hyakuhei/OSSG_Hardening_Guide/blob/master/outline-expanded.txt
18:22:38 <noslzzp> in the enhanced outline, there are sections for individual OpenStack components and then sections on general security areas.
18:23:02 <noslzzp> I'm not sure how to efficiently present/cover the two.
18:24:05 <bdpayne> I actually think you did a reasonably good job with your outline in that regard
18:24:14 <bdpayne> starting with an overview
18:24:18 <noslzzp> I think maybe we cover each component and then have best practices for the more general areas.
18:24:26 <bdpayne> some details of how we think about security… setting the tone
18:24:40 <bdpayne> cover the components
18:24:53 <bdpayne> and then cover the cross component security areas
18:25:11 <bdpayne> and this is what you already have in that outline
18:25:27 <bdpayne> what do others think?
18:25:46 <noslzzp> Yes, it's there already, but I could see that in the "cross-component" areas we could get into specifics related only to one component.  Hypervisor security for example.
18:26:21 <noslzzp> sorry, let me clarify.. In the "System and Communication Security", there could be hype visor only issues.
18:26:49 <bdpayne> yeah, but that's ok
18:26:59 <noslzzp> ok.
18:27:00 <bdpayne> for example, hypervisor != nova
18:27:19 <bdpayne> and I think it muddies the waters a bit to try to blend it all
18:27:49 <bdpayne> so, in the nova section we can talk about nova stuff specifically… and then in then reference down to the hypervisor section to discuss stuff there
18:27:57 <noslzzp> Fair enough. :)
18:28:08 * bdpayne hopes markdown is expressive enough to provide cross section links :-)
18:28:25 <bdpayne> btw, this is the markdown you have in mind, right? http://daringfireball.net/projects/markdown/syntax
18:29:17 <noslzzp> That's what I was thinking at least.. and yes, it supports internal linking.
18:29:24 <bdpayne> ok cool
18:29:40 <bdpayne> I'm just giving you a hard time since I'm a latex snob ;-)
18:29:49 <noslzzp> no worries.
18:29:53 <bdpayne> ok, thanks all
18:30:38 <bdpayne> I'll work on the action items… and see you guys back here next week.  Please check in on the hardening guide and start thinking about where you could contribute content.
18:30:51 <bdpayne> #endmeeting