Open Stack

Damn - i missed the meeting again :(. I will check the logs to catch up.
Sorry


On Thu, Feb 20, 2014 at 10:26 AM, Clark, Robert Graham
<robert.clark at hp.com>wrote:

> Including the whole security group as there was significant interest
> during the OSSG weekly meeting.
>
>
>
> *From:* Sriram Subramanian [mailto:sriram at sriramhere.com]
> *Sent:* 20 February 2014 16:35
> *To:* Abu Shohel Ahmed
> *Cc:* Clark, Robert Graham; Grant Murphy; Mats Näslund; Makan Pourzandi
> *Subject:* Re: OpenStack Threat Analysis activity - OSSG
>
>
>
> Shohel,
>
>
>
> Friday 17.00 UTC works - though 18.00 UTC would work better for me. Are we
> meeting tomorrow?
>
>
>
> thanks,
>
> -Sriram
>
>
>
> On Wed, Feb 19, 2014 at 4:25 AM, Abu Shohel Ahmed <
> ahmed.shohel at ericsson.com> wrote:
>
> Hi,
>
> From our last week's, it becomes  clear that we need set up a way of
> working process in place
> to take this activity forward.
>
> So here are some ideas (Please also share yours):
>
> 1.   WoW:
>
>         In the short time frame,
>
>        - First, We should define the purpose and the concrete output of
> this work ( which i think, most of us here has some ideas, if we still have
> question -
>          we can clear that up before moving forward).
>
>        - Second issue is, how we can do threat analysis contribution in an
> effective manner. Here comes the collaboration issues within
>          this group.  For this, I have created a free node IRC channel
> ##openstack-threat-analysis  ( unofficial channel, as you can see from
> name).
>         Lets start biweekly (15 days) meetings from this week. Lets vote
> for what is the suitable time for meeting for all of us.
>         I propose Friday at 17.00 UTC. However, i am happy to schedule the
> meeting based on most people preference.
>
>        In the longer time frame, we should think about setting up a Threat
> analysis working group (could be under OSSG) to perform threat modelling of
> all OpenStack components
>            - Define a clear out from this working group e.g., Threat
> documentation, Design guidance.
>           -  Engage developers and security minded people to the work.
>
>
> 2. Now  on the technical side,
>
>               First and foremost, we should agree on a  threat modelling
> process that can be applied for all OpenStack services and internal
> components. We have some ideas that
>                   can be applied for this work... Here is the link of our
> proposal :
>
>
> https://drive.google.com/file/d/0B1aEVfmQtqnoMmpPZ3hmUHpBa1k/edit?usp=sharing
>
>                   and here are two concrete implementation of  applying
> the threat modelling process...
>
>                          Keystone over all :
> https://drive.google.com/file/d/0B1aEVfmQtqnobzB6M21uMEFXNUE/edit?usp=sharing
>                          Keystone Token-provider:
> https://drive.google.com/file/d/0B1aEVfmQtqnoejN1T1kybjlnMkk/edit?usp=sharing
>
>                   (These are work in progress documents, so by no means
> provide a complete picture)
>
>                   Lets discuss  what do you guys think about the Modelling
> steps and its applicability with OpenStack (e.g., Keystone)
>
>
>
> Thanks,
> Shohel
>
>
>
>
>
> --
>
> Thanks,
>
> -Sriram
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>


-- 
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140220/6102ee77/attachment.html>