Agenda & Minutes
Meeting 05th of February at 12:00-13:00CET
Present: Dan, Daniel, Uwe Absent:
Channels: Google Hangouts: https://plus.google.com/hangouts/_/g4g5nyl5glc66wqgbqk4yjvb4ua
1. Review of last meeting
2. Action points - progress & issues
- AP: Daniel cloud security talk to
- AP: Daniel consider Glenna architecture
- AP: Dan & Uwe image repositories
- AP: Dan investigate Pouta Blueprints inclusion into Glenna
- AP: Daniel: Cloud Controls Matrix v3.0.1 EGI
3. Todays topics - issues to discuss:
- Daniels architecture review (continued)
Daniel to start working on T3.5. T3.5 - Security Analysis, Test and Evaluation. This task will carry out the necessary analysis, testing and evaluation of the security mechanisms for Glenna.
Daniel: Evaluation of the services. Daniel: data.deic.dk what mechanism are they using to protect the data. Federated access, each user authenticates through Kalmar2. Evaluate if that line of communication is secure or not. Identify state of the art of federated authentication. For the data what type of encryption.
T3.5. document 1) to contain general discussion on federated access. 2) the list of measures needed for Glenna services to be connected to Kalmar2 3) Q: how are users blacklisted in Kalmar2? Q: should "everyone" have access to all resources, and if not how do we limit access in the current architecture? acceptable user policy policy document from EGI FEDCLOUD: Daniel to adapt that for Glenna
AP on Daniel: Send out questionnaire adapted for Glenna but similar to "EGI Federated Cloud Security - Questionnaire for sites deploying cloud" https://documents.egi.eu/public/RetrieveFile?docid=2114&version=9&filename=EGI%20Federated%20Cloud%20Security%20-%20Questionnaire%20for%20sites%20deploying%20cloud%20technology.pdf
Adapt questionnaire for 1) IaaS and 2) datacloud and send out to 1) Finland (CSC) and Sweden (Uppsala) Norway (UH Sky) 2) Denmark (DeIC) and Iceland (UI)
AP Daniel will make a new picture indicating that identification will be user centered and not portal centered.
T3.3 - Controlling Access in Virtual Infrastructures. access control for the core Glenna infrastructure. It includes secure access to virtual machines and technologies for securing hypervisor and guest OS:s.
AP on Dan: remove "access control for the core Glenna infrastructure." from task 3.3. headline
AP on Daniel: Consult https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwib7anQyuDKAhXMBywKHaORA54QFggcMAA&url=http%3A%2F%2Fcsrc.nist.gov%2Fpublications%2Fnistpubs%2F800-125%2FSP800-125-final.pdf&usg=AFQjCNHTZ_FdjjypG3mn3-7Aez4X17oUjQ&bvm=bv.113370389,d.bGg&cad=rja
and see how relevant for Task3.3
Discussion on project vs groups in OpenStack. Define mechanism how resources within that group will be accessed.
- Uwe on image bakery: snapshots can be converted to loadable images (need to be cleaned up)
- include OpenFoam, Chipster image
Daniel attended CSA Congress EMEA 2015 Nov 17-19
- safe harbor agreement ends December last 2015
- iso 27018 AWS and Azure, Dropbox are certified, fits for cloud security but very difficult to get certified.
one of the requirements is that the physical location of the datacenter must be disclosed to the client
4. Any other business
5. Next meeting