18:00:02 <bdpayne> #startmeeting OpenStack Security Group
18:00:03 <openstack> Meeting started Thu Feb 20 18:00:02 2014 UTC and is due to finish in 60 minutes.  The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:07 <openstack> The meeting name has been set to 'openstack_security_group'
18:00:19 <bdpayne> Hi OSSG
18:00:24 <bdpayne> #topic Rollcall
18:00:25 <bknudson> bdpayne: hi
18:00:26 <paulmo> Paul Montgomery
18:01:00 <nkinder> o/
18:01:22 <bdpayne> ok, looks good
18:01:27 <bdpayne> #topic Agenda
18:01:37 <bdpayne> I have a few things on my mind today... open to others as well
18:01:44 <bdpayne> OSSG Leadership
18:01:48 <bdpayne> Summit Talk Voting
18:01:52 <bdpayne> any other topics?
18:02:25 <nkinder> nothing major, just small updates we can discuss in open-discussion
18:02:26 <bdpayne> sounds like you guys are more tired than me :-)
18:02:36 <bdpayne> sure, sounds good nkinder
18:02:52 <bdpayne> #topic Summit Talk Voting
18:03:00 <bdpayne> So, I know that many people submitted talks
18:03:08 <bdpayne> And now voting has started
18:03:20 <bdpayne> So I just wanted to give people a brief opportunity to advertise their talk here
18:03:33 <bdpayne> feel free to paste in a link to your talk so the group can be aware and vote on it
18:03:57 <bdpayne> here's mine:
18:03:59 <bdpayne> https://www.openstack.org/vote-atlanta/Presentation/openstack-security-group-ossg-an-update-on-our-progress-and-plans
18:04:00 <bdpayne> and
18:04:06 <bdpayne> https://www.openstack.org/vote-atlanta/Presentation/security-for-private-openstack-clouds
18:04:20 <bdpayne> the first one is an OSSG talk with Nate, Rob, and myself
18:04:27 <bdpayne> we should all vote for that one!
18:04:42 <bdpayne> the other one is just me... but I'd be happy for votes if you like the idea :-)
18:04:43 <nkinder> I voted for both of those earlier this morning
18:04:48 <bdpayne> cool, thanks
18:05:01 <nkinder> https://www.openstack.org/vote-atlanta/Presentation/dogtag-and-barbican-open-source-key-management
18:05:23 <nkinder> That's from one of my co-workers.  It's related to barbican, which should be interesting from a security perspective
18:05:44 <bdpayne> cool, sounds interesting
18:05:54 <nkinder> Here's one of mine:
18:05:55 <nkinder> https://www.openstack.org/vote-atlanta/Presentation/openstack-security-crunchy-on-the-outside-with-a-chewy-center
18:06:29 <bdpayne> ah nice
18:06:35 <bdpayne> like a yummy candy bar
18:06:46 <paulmo> :)
18:07:33 <nkinder> hyakuhei had a talk I voted for too
18:07:34 <nkinder> https://www.openstack.org/vote-atlanta/Presentation/state-of-openstack-security
18:08:01 <bdpayne> great, so this is a nice selection here
18:08:12 <bdpayne> #topic OSSG Leadership
18:08:23 <bdpayne> So I'd like to take a moment to discuss this one
18:08:38 <bdpayne> As many of you know, Rob and I started OSSG about 1.5 years ago
18:08:43 <bdpayne> it has come a long way since then
18:08:56 <bdpayne> but one theme has remained constant... Rob and I are both *very* busy
18:09:18 <bdpayne> and neither of our jobs are making it easy for us to devote lots of time to this leadership role in OSSG
18:09:36 <bdpayne> I spoke with Rob this week and we believe that this time is right for us to step down as leaders of this group
18:09:54 <bdpayne> the goal here would be to hold an election to fill the role with a single person
18:10:26 <bdpayne> I think that this is an important next step for the continued growth of the group and to ensure that we can have the kind of impact in the community that we desire
18:10:31 <nkinder> hopefully the two of you are still planning to be involved as your availability permits?
18:10:38 <bdpayne> yes, we are
18:10:41 <nkinder> ok, great
18:10:46 <bdpayne> in fact, this whole thing kind of makes us sad :-(
18:10:54 <bdpayne> but I believe it is the right step
18:11:06 <bdpayne> OSSG is important to us, and we certainly won't be just walking away
18:11:12 <nkinder> growth of the group is key right now
18:11:14 <paulmo> I haven't been here long but thanks for the effort and above and beyond to keep things moving! :)
18:11:22 <bdpayne> we just want to make sure that someone at the top has the time to make this group solid
18:11:32 <nkinder> by growth though, it's getting people involved.  There are alot of members, but there isn't a lot of involvement.
18:11:48 <bdpayne> paulmo thanks
18:11:57 <paulmo> nkinder: I'm successfully convincing our Product Security team to join (probably one active member) if that helps.
18:11:59 <bdpayne> nkinder yes, it is growth like that, but also growth in the sense of maturity
18:12:10 <nkinder> paulmo: that would be great
18:12:25 <malini1> sad announcement
18:12:31 <bdpayne> in my view, we need to concentrate on a few areas that provide value to the community and do them well
18:12:45 <bdpayne> and work to really be recognized as a full part of the OpenStack community
18:13:11 <nkinder> bdpayne: +1.  We need a clear charter so be can be a legitimate pare of OpenStack (as opposed to a side group that is thought of as unofficial)
18:13:16 <nkinder> s/pare/part/
18:13:18 <bdpayne> I actually view this as a time for us to show how healthy we are as a community
18:13:35 <bdpayne> we should get some strong candidates to put their names forward and really push this group to the next level
18:14:00 <bdpayne> so... I'm now stepping away immediately
18:14:10 <bdpayne> and I intend to stay a part of this group well into the future
18:14:11 <nkinder> s/now/not/ ?
18:14:19 <bdpayne> ha, not
18:14:21 <bdpayne> yea
18:14:23 <nkinder> whew... :)
18:14:33 <bdpayne> I'm *not* stepping aside immediately
18:14:35 <bdpayne> ;-)
18:14:44 <malini1> whew indeed!!
18:14:48 <bdpayne> I will help ensure that the election happens smoothly
18:15:00 <bdpayne> and I'm thinking that perhaps the handoff should happen at the summit in May
18:15:18 <bdpayne> which should provide time for elections and some transition
18:15:29 <bdpayne> with all of that, I'd like to hear your thoughts
18:16:00 <hyakuhei> Sorry, I'm here now!
18:16:12 <hyakuhei> I presume you've mentioned something about us being very busy bdpayne ;)
18:16:15 <bdpayne> perfect timing!
18:16:15 <nkinder> I'm in basic agreement with all of that, though sad that you and hyakuhei have to step back.
18:16:37 <hyakuhei> Sorry I'm late, damned customers wanting to know about security etc.
18:16:46 <bdpayne> hyaluhei yeah, just finished laying out a path forward for leadership elections
18:16:59 <nkinder> Having a clear lead role is a good idea.
18:17:29 <nkinder> My largest concerns are having enough team involvement to do the things we set out to do well.
18:17:30 <malini1> I understand the sentiment too. But question one leader only .. is that to be in sync with PTLs on other projects, one voice kind of thing
18:17:35 <bdpayne> so... to ensure that everyone sees this, I will be sending out an email to the mailing list
18:17:41 <hyakuhei> just reading through the log, thanks bdpayne I think you've covered it all.
18:18:00 <hyakuhei> Personally I'll look to be involved in a couple of key projects that I hope I can dedicate some more time to
18:18:02 <bdpayne> malini1 yes, I'm trying to mirror the PTL model
18:18:16 <bdpayne> as I think that an elected "PTL" will be most easily accepted by the openstack community
18:18:35 <bdpayne> so that should help OSSH gain acceptance with the larger community
18:18:37 <hyakuhei> Having a single poc is sometimes a good thing
18:18:41 <bdpayne> *OSSG
18:18:49 <hyakuhei> Although they're also a single point of failure
18:18:50 <bdpayne> and yeah, a single POC is useful
18:18:58 <hyakuhei> moving away from our current, dual points of failure ;)
18:18:59 <bdpayne> but, there's plenty of room for all of us to contribute
18:19:02 <nkinder> We can have a PTL set a clear charter of the things we want to accomplish as a group, but we really need to deliver on those goals to gain acceptance.
18:19:23 <bdpayne> exactly
18:19:24 <hyakuhei> Agreed.
18:19:33 <bdpayne> and delivery is for the whole group to do
18:19:41 <nkinder> +1.
18:19:49 <malini1> Give me a break you guys. You pulled off a book, cover OSSA and OSSNs -- not a single point of failure, all meetings covered between the two of you
18:20:05 <bdpayne> ok, so stay tuned on the email list for most details, a timeline, etc
18:20:17 <bdpayne> malini1 thanks... yeah, and we're pretty tired now too ;-)
18:20:37 <bdpayne> #topic Open Discussion
18:20:49 <hyakuhei> malini1: Thanks, it's nice to be appreciated but I have high hopes for this group and I think that someone other than me (or perhaps someone without the same commitments) can move the group along
18:21:03 <hyakuhei> Has anyone had a look at the Keystone threat analysis stuff?
18:21:20 <bdpayne> link?
18:21:29 <hyakuhei> I had a look but couldn't comment on the document. It looks like a good start and clearly borrows from the security guide in places - which is a good thing
18:21:35 <hyakuhei> bdpayne: one sec
18:21:54 <hyakuhei> https://drive.google.com/file/d/0B1aEVfmQtqnoMmpPZ3hmUHpBa1k/edit?usp=sharing
18:22:48 <hyakuhei> Sorry, I thought that the email about that stuff had gone to the whole distro, maybe it was just those that showed an earlier interest
18:22:49 <bknudson> who's putting this document together?
18:23:00 <malini1> Just a quick comment .. the book linked me to some folks at McAfee for a firewall as a service network-virtual-function POC for Neutron
18:23:41 <bdpayne> hyakuhei I think this may be the first I've heard of this document?
18:24:05 <nkinder> yes, first I've heard of this doc too
18:24:19 <bknudson> I didn't know you were going to start with keystone.
18:25:42 <hyakuhei> This isn't my baby
18:25:54 <hyakuhei> One second, I can't see what this shouldn't be shared with the whole group (email on route)
18:26:29 <malini1> :-) Keystone is a logical starting point .. we all think of login/password as a first step
18:26:43 <hyakuhei> Logical, big and scary
18:26:51 <hyakuhei> I might have been inclined to do Glance first
18:26:54 <nkinder> This look similar to an analysis of keystone that was done back in Folsom
18:27:03 <bknudson> if it's big and scary then it's doing too much
18:27:18 <hyakuhei> bknudson: meet keystone. Keystone, bknudson
18:27:33 <paulmo> Is there a threat model repo (or previous analysis)?
18:27:47 <hyakuhei> Not much that I'm aware of.
18:28:27 <paulmo> I might be weird but I really want to make a Solum threat model very prominent on the site.
18:28:32 <bdpayne> hyakuhei so is there an action here?  is there a person that is pushing this work forward and in need of help or ??
18:29:13 <hyakuhei> It seems to be organised largely by email at the moment. There's a call/meeting for this, possibly tomorrow I'm going to attend that and see how itgoes
18:29:32 <bdpayne> cool, sounds good
18:29:32 <nkinder> I would hope that whoever is preparing this is getting engaged with the keystone devs (like bnkudson)
18:29:32 <hyakuhei> malini1: re McAfee can you send me the link please?
18:29:34 <bdpayne> keep us posted
18:29:40 <malini1> On the starting-point .. how often is keystone replaced with a plugin and all that is really used are its tokens and access policies, it is more likely that glance is not plugged-out
18:30:20 <bdpayne> malini1 some people do use keystone... but certainly not everyone
18:30:30 <hyakuhei> nkinder: I agree, getting in with the devs is very important and having someone like bknudson who has a foot in both camps is incredibly valuable to a project like this
18:30:40 <bdpayne> +1
18:31:04 <bdpayne> malini1 I'm happy to help with the book question, but I don't fully understand it
18:31:23 <bdpayne> malini1 given the time, could we take that discussion to the mailing list?
18:31:59 <malini1> bdpayne -- no book question
18:32:13 <bdpayne> ah ok!
18:32:23 <bdpayne> so... any other discussion for today?
18:32:50 <nkinder> we're out of time, but still pushing the OSSN stackforge repo thing forward
18:33:52 <hyakuhei> nkinder: let me know how/if I can help with that
18:34:03 <nkinder> hyakuhei: will do
18:34:23 <bdpayne> thanks everyone
18:34:26 <bdpayne> #endmeeting