Versions Compared

Old Version 5

changes.mady.by.user David Kelsey - STFC UKRI

Saved on

compared with

New Version Current

changes.mady.by.user David Kelsey - STFC UKRI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Next steps
  • Next meeting

 

Minutes 

Present: Eli Beker, Linda Cornwall, Dave Kelsey, Vincent RibailllerRibaillier, Hannah Short, Adam Slagell, Romain Wartel (joined late), Eric Yen.

Apologies: David Groep, Mischa Salle.

  1. Minutes of last meeting were approved.
  2. The current list of actions was reviewed. (new action  DaveK to update Vidyo connection details - CERN has changed IP addresses)
  3. We discussed some of the questions and issues arising out of SCI v1 document.
    Section OS1 - what is meant by a "security model". DaveK explains that this was aimed at a security "architecture" relating to AuthN and AuthZ services.
    What about local services versus centrally operated?
    "Access control" for files relates to role-based authZ to read/write/delete/control files. For XSEDE, Adam comments that their most important example of central access control is to for accounting.
    We need to decide how to score an item with many sub-items. Is it the sum, the average, the lowest score?
    Section OS4 - what about IDS? Do we mean host-based or network-based? Best practice would be to implement at least something in this area.
    Eli: Can also be done after the event by analysing log files.
    Questions like "can you detect brute-force SSH attacks?  Do you have centralised logging? Can you correlate these logs?
    We can put details in the guidance document. It doesn't all have to be done - the main document needs to stay light-weight.
    Some problems with terminology. Service provider versus service operator. All needs to be checked!
    Adam suggests that we could see the section OS to be more of a "baseline standard". He will send a copy of the XSEDE Baseline Security document.
    Eric points out that we need to include post-mortem analysis  as a way of learning lessons. Do we expand IR2 or create a new bullet? 
  4. We discussed the Mandate and workplan page. Generally thought to be good but concerns were expressed that the goal of finalising everything this year was perhaps too ambitious. May take longer.
  5. For the TNC16 BoF it was agreed that we just show the agreed mandate and if time permits present some of the issues we have been discussing with the guidelines document.
  6. The next meetings were agreed to be on 27th June and 8th July.  Dave will create Doodle polls to choose the best time slot (start at 14:00 UTC? 15:00 UTC?).