Changes between Version 1 and Version 2 of CompSec-QSR-3Q2011


Ignore:
Timestamp:
12/05/11 15:27:13 (8 years ago)
Author:
Adam Slagell
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CompSec-QSR-3Q2011

    v1 v2  
    1212We created the following documents
    1313 
    14   1. Operational Security Plan v. 0.5.1
    15   2. GENI Clearinghouse Policy v. 0.1
    16   3. GENI Clearinghouse Policy v. 0.2
    17   4. GENI Clearinghouse Policy v. 0.2.1
     14
     15  1. GENI Clearinghouse Policy v. 0.3
     16  2. GENI Clearinghouse Policy v. 0.3.1
     17
    1818
    1919=== B. Deliverables made ===
     
    2323
    2424=== A. Activities and findings ===
    25 Primarily, I worked on creating a concept of a clearinghouse and a base policy for its operation. After I had that, I conferred with Aaron Falk of the GPO several times to come to a common conception of the clearinghouse, though we were never far off besides terminology. The multiple versions reflect the changing terminology and structure of a clearinghouse as Aaron was getting feedback on his concept from other GENI stakeholders. The changes in terminology where also the reason for the small update to the Operational Security Plan.
     25CH
     26ABAC feedback
     27panel
     28update llr
     29update apa
    2630
    27 The overall purpose of the security plan and its basic structure was presented at the GEC 11. Much of it is not actionable until funding for operating a security team is established, though one can still comment on the proposed way to create and run such a team. More immediately, people where asked to comment on the recommendations that came from a risk assessment of GENI, which are presented at the end of the plan. It became apparent that no one had looked at this document even though it was mentioned at the previous GEC. However, Ted Faber and the GMOC will review it in the near future. The real struggle then will be communicating the important points in this and the other agreements to all stakeholders as it should impact the current development activities  and operations. This is the perennial problem with creating policies for GENI, especially now since we have multiple tracks and not everyone will see my presentations.
    28 
    29 There are many details that need to be filled in on the clearinghouse policy. It was hard to get feedback at the short GEC 11 session because it came before the big federation/clearinghouse discussion. Hopefully the clearinghouse conception can solidify in the near future and allow the clearinghouse agreement to progress. This is unlikely to happen without a prototype implementation and another round of discussions at GEC 12. Therefore, it is probably best to focus on other policies and plans in the interim.
    30 
    31 One problematic issue was raised at the GEC 11. Many agreements and plans assume that an activity or problem can be associated with a particular slice and hence slice owner. This is not necessarily true for openflow deployments. It remains to be seen how problematic this will be in practice and whether or not this is a rare exception.
    32 
    33 I believe there should be a shift in focus on the work to be done before the next GEC. Currently, the only milestone is a 1.0 version of the Operational Security Plan, but I don't think much remains to be done with that unless there is significant feedback. That seems unlikely, though. Also, it can't really be implemented until there is funding to establish a security team. The clearinghouse agreement could see minor updates as there are lots of small questions that could be answered before the GEC, but I don't see potential for filling in the major questions such as the attributes needed without stronger use cases.
    34 
    35 I believe most work should be focused on the an Acceptable Use Policy (AUP) for new users. An RUP exists, but is missing several key items and uses outdated terminology. Therefore, I propose the following activities during the next trimester:
    36 
    37  * Create an AUP based off of the RUP, the requirements needed as stated in other recent agreements (e.g., LLR plan and CH policy) and the requirements needed as presented in Aaron's recent federation talk at GEC 11.
    38  * Update the clearinghouse policy by answering several of the small unknowns. This will be a minor version number update.
    39  * Update the op. sec. plan as feedback is received. This would be a minor version update instead of a 1.0 version as on the SOW.
    40  * Continue role as LLR rep. This will likely mean updating the plan based on some feedback I am expecting.
    4131
    4232
     
    4535
    4636=== C. Publications (individual and organizational) ===
    47 The only related publications are the documents we created as the deliverables, specifically GENI Clearinghouse Policy and the Operational Security Plan
     37The only related publications are the documents we created as the deliverables, listed in Section A.
    4838
    4939=== D. Outreach activities ===
    50 There have no been substantial out reach activities beyond those already within the GENI community.
     40There have no been substantial out reach activities beyond those already within the GENI community. Most in-GENI communication has been on the ABAC and Dev email lists and some phone calls with the Monitoring "task-force?"
    5141
    5242=== E. Collaborations ===