18:00:02 #startmeeting OpenStack Security Group 18:00:03 Meeting started Thu Feb 20 18:00:02 2014 UTC and is due to finish in 60 minutes. The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:04 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:00:07 The meeting name has been set to 'openstack_security_group' 18:00:19 Hi OSSG 18:00:24 #topic Rollcall 18:00:25 bdpayne: hi 18:00:26 Paul Montgomery 18:01:00 o/ 18:01:22 ok, looks good 18:01:27 #topic Agenda 18:01:37 I have a few things on my mind today... open to others as well 18:01:44 OSSG Leadership 18:01:48 Summit Talk Voting 18:01:52 any other topics? 18:02:25 nothing major, just small updates we can discuss in open-discussion 18:02:26 sounds like you guys are more tired than me :-) 18:02:36 sure, sounds good nkinder 18:02:52 #topic Summit Talk Voting 18:03:00 So, I know that many people submitted talks 18:03:08 And now voting has started 18:03:20 So I just wanted to give people a brief opportunity to advertise their talk here 18:03:33 feel free to paste in a link to your talk so the group can be aware and vote on it 18:03:57 here's mine: 18:03:59 https://www.openstack.org/vote-atlanta/Presentation/openstack-security-group-ossg-an-update-on-our-progress-and-plans 18:04:00 and 18:04:06 https://www.openstack.org/vote-atlanta/Presentation/security-for-private-openstack-clouds 18:04:20 the first one is an OSSG talk with Nate, Rob, and myself 18:04:27 we should all vote for that one! 18:04:42 the other one is just me... but I'd be happy for votes if you like the idea :-) 18:04:43 I voted for both of those earlier this morning 18:04:48 cool, thanks 18:05:01 https://www.openstack.org/vote-atlanta/Presentation/dogtag-and-barbican-open-source-key-management 18:05:23 That's from one of my co-workers. It's related to barbican, which should be interesting from a security perspective 18:05:44 cool, sounds interesting 18:05:54 Here's one of mine: 18:05:55 https://www.openstack.org/vote-atlanta/Presentation/openstack-security-crunchy-on-the-outside-with-a-chewy-center 18:06:29 ah nice 18:06:35 like a yummy candy bar 18:06:46 :) 18:07:33 hyakuhei had a talk I voted for too 18:07:34 https://www.openstack.org/vote-atlanta/Presentation/state-of-openstack-security 18:08:01 great, so this is a nice selection here 18:08:12 #topic OSSG Leadership 18:08:23 So I'd like to take a moment to discuss this one 18:08:38 As many of you know, Rob and I started OSSG about 1.5 years ago 18:08:43 it has come a long way since then 18:08:56 but one theme has remained constant... Rob and I are both *very* busy 18:09:18 and neither of our jobs are making it easy for us to devote lots of time to this leadership role in OSSG 18:09:36 I spoke with Rob this week and we believe that this time is right for us to step down as leaders of this group 18:09:54 the goal here would be to hold an election to fill the role with a single person 18:10:26 I think that this is an important next step for the continued growth of the group and to ensure that we can have the kind of impact in the community that we desire 18:10:31 hopefully the two of you are still planning to be involved as your availability permits? 18:10:38 yes, we are 18:10:41 ok, great 18:10:46 in fact, this whole thing kind of makes us sad :-( 18:10:54 but I believe it is the right step 18:11:06 OSSG is important to us, and we certainly won't be just walking away 18:11:12 growth of the group is key right now 18:11:14 I haven't been here long but thanks for the effort and above and beyond to keep things moving! :) 18:11:22 we just want to make sure that someone at the top has the time to make this group solid 18:11:32 by growth though, it's getting people involved. There are alot of members, but there isn't a lot of involvement. 18:11:48 paulmo thanks 18:11:57 nkinder: I'm successfully convincing our Product Security team to join (probably one active member) if that helps. 18:11:59 nkinder yes, it is growth like that, but also growth in the sense of maturity 18:12:10 paulmo: that would be great 18:12:25 sad announcement 18:12:31 in my view, we need to concentrate on a few areas that provide value to the community and do them well 18:12:45 and work to really be recognized as a full part of the OpenStack community 18:13:11 bdpayne: +1. We need a clear charter so be can be a legitimate pare of OpenStack (as opposed to a side group that is thought of as unofficial) 18:13:16 s/pare/part/ 18:13:18 I actually view this as a time for us to show how healthy we are as a community 18:13:35 we should get some strong candidates to put their names forward and really push this group to the next level 18:14:00 so... I'm now stepping away immediately 18:14:10 and I intend to stay a part of this group well into the future 18:14:11 s/now/not/ ? 18:14:19 ha, not 18:14:21 yea 18:14:23 whew... :) 18:14:33 I'm *not* stepping aside immediately 18:14:35 ;-) 18:14:44 whew indeed!! 18:14:48 I will help ensure that the election happens smoothly 18:15:00 and I'm thinking that perhaps the handoff should happen at the summit in May 18:15:18 which should provide time for elections and some transition 18:15:29 with all of that, I'd like to hear your thoughts 18:16:00 Sorry, I'm here now! 18:16:12 I presume you've mentioned something about us being very busy bdpayne ;) 18:16:15 perfect timing! 18:16:15 I'm in basic agreement with all of that, though sad that you and hyakuhei have to step back. 18:16:37 Sorry I'm late, damned customers wanting to know about security etc. 18:16:46 hyaluhei yeah, just finished laying out a path forward for leadership elections 18:16:59 Having a clear lead role is a good idea. 18:17:29 My largest concerns are having enough team involvement to do the things we set out to do well. 18:17:30 I understand the sentiment too. But question one leader only .. is that to be in sync with PTLs on other projects, one voice kind of thing 18:17:35 so... to ensure that everyone sees this, I will be sending out an email to the mailing list 18:17:41 just reading through the log, thanks bdpayne I think you've covered it all. 18:18:00 Personally I'll look to be involved in a couple of key projects that I hope I can dedicate some more time to 18:18:02 malini1 yes, I'm trying to mirror the PTL model 18:18:16 as I think that an elected "PTL" will be most easily accepted by the openstack community 18:18:35 so that should help OSSH gain acceptance with the larger community 18:18:37 Having a single poc is sometimes a good thing 18:18:41 *OSSG 18:18:49 Although they're also a single point of failure 18:18:50 and yeah, a single POC is useful 18:18:58 moving away from our current, dual points of failure ;) 18:18:59 but, there's plenty of room for all of us to contribute 18:19:02 We can have a PTL set a clear charter of the things we want to accomplish as a group, but we really need to deliver on those goals to gain acceptance. 18:19:23 exactly 18:19:24 Agreed. 18:19:33 and delivery is for the whole group to do 18:19:41 +1. 18:19:49 Give me a break you guys. You pulled off a book, cover OSSA and OSSNs -- not a single point of failure, all meetings covered between the two of you 18:20:05 ok, so stay tuned on the email list for most details, a timeline, etc 18:20:17 malini1 thanks... yeah, and we're pretty tired now too ;-) 18:20:37 #topic Open Discussion 18:20:49 malini1: Thanks, it's nice to be appreciated but I have high hopes for this group and I think that someone other than me (or perhaps someone without the same commitments) can move the group along 18:21:03 Has anyone had a look at the Keystone threat analysis stuff? 18:21:20 link? 18:21:29 I had a look but couldn't comment on the document. It looks like a good start and clearly borrows from the security guide in places - which is a good thing 18:21:35 bdpayne: one sec 18:21:54 https://drive.google.com/file/d/0B1aEVfmQtqnoMmpPZ3hmUHpBa1k/edit?usp=sharing 18:22:48 Sorry, I thought that the email about that stuff had gone to the whole distro, maybe it was just those that showed an earlier interest 18:22:49 who's putting this document together? 18:23:00 Just a quick comment .. the book linked me to some folks at McAfee for a firewall as a service network-virtual-function POC for Neutron 18:23:41 hyakuhei I think this may be the first I've heard of this document? 18:24:05 yes, first I've heard of this doc too 18:24:19 I didn't know you were going to start with keystone. 18:25:42 This isn't my baby 18:25:54 One second, I can't see what this shouldn't be shared with the whole group (email on route) 18:26:29 :-) Keystone is a logical starting point .. we all think of login/password as a first step 18:26:43 Logical, big and scary 18:26:51 I might have been inclined to do Glance first 18:26:54 This look similar to an analysis of keystone that was done back in Folsom 18:27:03 if it's big and scary then it's doing too much 18:27:18 bknudson: meet keystone. Keystone, bknudson 18:27:33 Is there a threat model repo (or previous analysis)? 18:27:47 Not much that I'm aware of. 18:28:27 I might be weird but I really want to make a Solum threat model very prominent on the site. 18:28:32 hyakuhei so is there an action here? is there a person that is pushing this work forward and in need of help or ?? 18:29:13 It seems to be organised largely by email at the moment. There's a call/meeting for this, possibly tomorrow I'm going to attend that and see how itgoes 18:29:32 cool, sounds good 18:29:32 I would hope that whoever is preparing this is getting engaged with the keystone devs (like bnkudson) 18:29:32 malini1: re McAfee can you send me the link please? 18:29:34 keep us posted 18:29:40 On the starting-point .. how often is keystone replaced with a plugin and all that is really used are its tokens and access policies, it is more likely that glance is not plugged-out 18:30:20 malini1 some people do use keystone... but certainly not everyone 18:30:30 nkinder: I agree, getting in with the devs is very important and having someone like bknudson who has a foot in both camps is incredibly valuable to a project like this 18:30:40 +1 18:31:04 malini1 I'm happy to help with the book question, but I don't fully understand it 18:31:23 malini1 given the time, could we take that discussion to the mailing list? 18:31:59 bdpayne -- no book question 18:32:13 ah ok! 18:32:23 so... any other discussion for today? 18:32:50 we're out of time, but still pushing the OSSN stackforge repo thing forward 18:33:52 nkinder: let me know how/if I can help with that 18:34:03 hyakuhei: will do 18:34:23 thanks everyone 18:34:26 #endmeeting