18:03:30 <bdpayne> #startmeeting OpenStack Security Group
18:03:30 <openstack> Meeting started Thu Aug 15 18:03:30 2013 UTC and is due to finish in 60 minutes.  The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:03:32 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:03:34 <openstack> The meeting name has been set to 'openstack_security_group'
18:03:39 <bdpayne> hi everyone, sorry for the slight start delay
18:03:48 <bdpayne> who do we have for the meeting today?
18:03:52 <malini1> Good morning!
18:04:15 <bdpayne> morning malini1
18:04:46 <bdpayne> ok, we'll let's get started
18:04:55 <bdpayne> #topic Previous Action Items
18:04:56 <bpb> Bruce and APL here, and Joel coming soon
18:05:23 <bdpayne> there have been several action items in recent weeks, let's review those
18:05:30 <malini1> bdpayne did you still need a tacker for creating the security slide set based on book
18:05:50 <bdpayne> yes, that would be great
18:05:55 <bdpayne> you interested?
18:06:04 <malini1> I will make time next week for it then
18:06:09 <bdpayne> great, thanks
18:06:19 <malini1> :)
18:06:22 <bdpayne> #action malini1 to make an initial OSSG slide deck
18:06:36 <bdpayne> basing it on the book is a good start, and I think there were some other ideas in that email thread
18:06:57 <malini1> will grab them from email thread
18:07:09 <bdpayne> looks like some of the other action items were on my plate, so I'll report back here
18:07:14 <bdpayne> Re OSSG logo
18:07:27 <bdpayne> malini1 got some initial ideas out from someone at Intel
18:07:46 <bdpayne> now we're looking for someone to do the final graphics work
18:07:50 <bdpayne> I'm checking with someone
18:07:57 <bdpayne> and Rob is checking with someone at HP as well
18:08:05 <bdpayne> so hopefully we'll get that wrapped up soon
18:08:35 <elo> Hi. Eric here...
18:08:49 <bdpayne> my other action item was to put together a wiki page for getting people started with ossg
18:08:54 <bdpayne> here's my work on that
18:08:55 <bdpayne> https://docs.google.com/document/d/1TmygsnqU2MeHMYf_mqIV_dZpDaeLEzR7mGSE9n9SWKk/edit?usp=sharing
18:09:19 <bdpayne> I wanted to get some other eyes on it before posting to the wiki
18:09:35 <bdpayne> feel free to comment / edit / etc to improve that writeup
18:10:20 <bdpayne> perhaps we could take a minute to look over and see if there's any high level comments at this time
18:10:34 * bdpayne will wait for a minute or two
18:10:58 <malini1> Looks good -- getting involved
18:12:21 <elo> checking now
18:12:55 <bpb> looks reasonable to me also, but I think I'll have a couple of sections to add
18:13:06 <bdpayne> ok, sounds good
18:13:19 <bdpayne> bpb what sections do you have in mind?
18:13:46 <bdpayne> I think the more ways we can find for people to help the better
18:13:55 <elo> looks good at the high level..
18:14:21 <joel-coffman> I think it looks good
18:14:32 <bpb> bdpayne: Maybe some references to the security guide, in terms of mapping security controls.
18:14:56 <bdpayne> ahh, so listing specific additions that people could make to the security guide?
18:16:11 <bdpayne> well, we can take this offline
18:17:18 <bpb> bdpayne:  Yes, but also to use the security guide outline as a reference to point to OpenStack services
18:17:29 <bdpayne> for everyone, please let me know if you have any more specific comments, you can email me or just start a thread in the openstack-security mailing list
18:17:29 <bdpayne> #topic OSSNs
18:17:50 <bdpayne> ok
18:17:50 <bdpayne> So we still have several OSSNs that are up for review
18:17:50 <bdpayne> https://bugs.launchpad.net/ossn
18:18:14 <bdpayne> eyes are certainly welcome there
18:18:27 <bdpayne> I'm not sure what Rob's timeline is for getting those out, but I'm guessing somewhat soon
18:19:10 <bdpayne> #topic Other Discussion
18:19:11 <malini1> i picked up one on https keystone
18:19:24 <bdpayne> What other items would people like to discuss today?
18:19:48 <malini1> if we have a few minutes, may i ask about "interest" in geo-tagging
18:20:12 <bdpayne> joel-coffman I was able to get Vish to review your vol encryption work, hopefully that was helpful
18:20:30 <malini1> are their customers out there who want to a particular geo to run their VMs and storage
18:20:58 <bdpayne> you mean availability zones?
18:21:02 <joel-coffman> yes, thanks so much!!!
18:21:09 <malini1> :)I knew it was you bdpayne! thanks for getting Vish involved and congratulations joel on that +1 !!
18:21:15 <bdpayne> or is this some kind of provable gps coords for a resource?
18:21:32 <bdpayne> joel-coffman excellent
18:21:35 <malini1> not really availability zones (that could be both in the same building but on a difgferent power strip)
18:21:45 <joel-coffman> malini1: do you have a link to a blueprint, etc.?
18:22:03 <malini1> this is more like India/China/USA/Canada type of stuff, for example in CA versusi new hampshire to avoid some sales tax even
18:22:14 <malini1> not yet written it
18:22:28 <joel-coffman> oh, okay
18:22:46 <malini1> still a bunch of jumbled ideas in my head, the crux being to say a host is in a geo need GPS, with any certificate
18:23:03 <bdpayne> so provable location?
18:23:05 <malini1> attached to machine, you can claim it is at X,Y, Z and then move to P,Q,R
18:23:28 <malini1> IP based location can happen, 90% accurate, country level granualrity pretty accurate
18:23:37 <bdpayne> sure
18:23:40 <bdpayne> but not perfect
18:23:42 <malini1> bdpayne, exactly provable location
18:23:53 <bdpayne> ok, yeah, makes sense
18:24:18 <malini1> have any of yourun into customers who want it?
18:24:19 <bdpayne> the details would be interesting, but it seems useful
18:24:31 <bdpayne> not specifically at my end
18:26:00 <bdpayne> malini1 any references describing how this would work?
18:26:06 <joel-coffman> seems like it could be useful for compliance in certain industries
18:26:41 <joel-coffman> but that's outside my expertise (at least at the moment)
18:26:51 <malini1> for complaince need provabale, but it we trust the cloud provider, "aggregates" in openstack are adequate to indicate geo
18:27:27 <bpb> malini1:  I've heard that some networking components include a GPS reciever, but I haven't verified this.
18:28:10 <malini1> bpb -- that is an nice  idea -- could be used for provable, would you please send me more info if you find
18:28:10 * bdpayne is now curious
18:28:14 <elo> Just catching up on thread. I've not heard this from any of our customers that we are involved with at this point.
18:28:42 <bdpayne> from my end, one big win of a gps receiver would be to have a reliable external time source
18:28:48 <bdpayne> :-)
18:29:51 <malini1> bdpayne -- how is that different from NTP? GPS also needs to contact other machines, but you get time and location, 2 for 1
18:30:28 <bpb> malini1: I'll see if I can find info on this
18:30:32 <bdpayne> ntp requires connectivity to an ntp server
18:30:34 <malini1> one of the arguments i have heard for GPS is that data centers hosting compute hosts may be in a bnunker somewhere, unable to grab a GPS dsignal
18:30:58 <bdpayne> seems like that's an argument against gps
18:31:10 <bdpayne> ok, looks like we're over on time
18:31:16 <bdpayne> we can continue this one on the mailing list
18:31:25 <bdpayne> thanks everyone, see you next week
18:31:30 <malini1> byeee
18:31:32 <joel-coffman> thanks
18:31:37 <bdpayne> #endmeeting