Video conference meeting of the WISE SCIV2-WG
1 June 2016 at 15:00 UTC
Agenda
- Minutes of last meeting (13th May 2016)
- SCIV2-WG List of Actions
- Look at the SCI V1 comparisons (section 4 OS and section 5 IR)
- Decide what to present at the TNC BoF (e.g. an agreed mandate statement)
- Original SCIV2-WG Mandate and workplan (from 2016)
- Next steps
- Next meeting
Minutes
Present: Eli Beker, Linda Cornwall, Dave Kelsey, Vincent Ribaillier, Hannah Short, Adam Slagell, Romain Wartel (joined late), Eric Yen.
Apologies: David Groep, Mischa Salle.
- Minutes of last meeting were approved.
- The current list of actions was reviewed. (new action DaveK to update Vidyo connection details - CERN has changed IP addresses)
- We discussed some of the questions and issues arising out of SCI v1 document.
Section OS1 - what is meant by a "security model". DaveK explains that this was aimed at a security "architecture" relating to AuthN and AuthZ services.
What about local services versus centrally operated?
"Access control" for files relates to role-based authZ to read/write/delete/control files. For XSEDE, Adam comments that their most important example of central access control is to for accounting.
We need to decide how to score an item with many sub-items. Is it the sum, the average, the lowest score?
Section OS4 - what about IDS? Do we mean host-based or network-based? Best practice would be to implement at least something in this area.
Eli: Can also be done after the event by analysing log files.
Questions like "can you detect brute-force SSH attacks? Do you have centralised logging? Can you correlate these logs?
We can put details in the guidance document. It doesn't all have to be done - the main document needs to stay light-weight.
Some problems with terminology. Service provider versus service operator. All needs to be checked!
Adam suggests that we could see the section OS to be more of a "baseline standard". He will send a copy of the XSEDE Baseline Security document.
Eric points out that we need to include post-mortem analysis as a way of learning lessons. Do we expand IR2 or create a new bullet? - We discussed the Mandate and workplan page. Generally thought to be good but concerns were expressed that the goal of finalising everything this year was perhaps too ambitious. May take longer.
- For the TNC16 BoF it was agreed that we just show the agreed mandate and if time permits present some of the issues we have been discussing with the guidelines document.
- The next meetings were agreed to be on 27th June and 8th July. Dave will create Doodle polls to choose the best time slot (start at 14:00 UTC? 15:00 UTC?).