27 | | The overall purpose of the security plan and its basic structure was presented at the GEC 11. Much of it is not actionable until funding for operating a security team is established, though one can still comment on the proposed way to create and run such a team. More immediately, people where asked to comment on the recommendations that came from a risk assessment of GENI, which are presented at the end of the plan. It became apparent that no one had looked at this document even though it was mentioned at the previous GEC. However, Ted Faber and the GMOC will review it in the near future. The real struggle then will be communicating the important points in this and the other agreements to all stakeholders as it should impact the current development activities and operations. This is the perennial problem with creating policies for GENI, especially now since we have multiple tracks and not everyone will see my presentations. |
28 | | |
29 | | There are many details that need to be filled in on the clearinghouse policy. It was hard to get feedback at the short GEC 11 session because it came before the big federation/clearinghouse discussion. Hopefully the clearinghouse conception can solidify in the near future and allow the clearinghouse agreement to progress. This is unlikely to happen without a prototype implementation and another round of discussions at GEC 12. Therefore, it is probably best to focus on other policies and plans in the interim. |
30 | | |
31 | | One problematic issue was raised at the GEC 11. Many agreements and plans assume that an activity or problem can be associated with a particular slice and hence slice owner. This is not necessarily true for openflow deployments. It remains to be seen how problematic this will be in practice and whether or not this is a rare exception. |
32 | | |
33 | | I believe there should be a shift in focus on the work to be done before the next GEC. Currently, the only milestone is a 1.0 version of the Operational Security Plan, but I don't think much remains to be done with that unless there is significant feedback. That seems unlikely, though. Also, it can't really be implemented until there is funding to establish a security team. The clearinghouse agreement could see minor updates as there are lots of small questions that could be answered before the GEC, but I don't see potential for filling in the major questions such as the attributes needed without stronger use cases. |
34 | | |
35 | | I believe most work should be focused on the an Acceptable Use Policy (AUP) for new users. An RUP exists, but is missing several key items and uses outdated terminology. Therefore, I propose the following activities during the next trimester: |
36 | | |
37 | | * Create an AUP based off of the RUP, the requirements needed as stated in other recent agreements (e.g., LLR plan and CH policy) and the requirements needed as presented in Aaron's recent federation talk at GEC 11. |
38 | | * Update the clearinghouse policy by answering several of the small unknowns. This will be a minor version number update. |
39 | | * Update the op. sec. plan as feedback is received. This would be a minor version update instead of a 1.0 version as on the SOW. |
40 | | * Continue role as LLR rep. This will likely mean updating the plan based on some feedback I am expecting. |