<p>Begin forwarded message:</p>

<p>&nbsp;</p>

<p><strong>From:&nbsp;</strong>Romain Wartel &lt;Romain.Wartel@cern.ch&gt;</p>

<p><strong>Subject:&nbsp;</strong><strong>Introduction call -- DRAFT Meeting notes</strong></p>

<p><strong>Date:&nbsp;</strong>July 16, 2019 at 9:22:37 AM CDT</p>

<p><strong>To:&nbsp;</strong>"wlcg-security-SLATE-wg (WLCG SLATE WG)" &lt;wlcg-security-SLATE-wg@cern.ch&gt;</p>

<p><strong>Resent-From:&nbsp;</strong>&lt;rwg@uchicago.edu&gt;</p>

<p>&nbsp;</p>

<p>DRAFT Meeting notes of today’s call. All corrections, additions very welcome!<br>
<br>
Cheers,<br>
<br>
Romain.<br>
—<br>
***************************<br>
* Meeting participants:<br>
***************************<br>
<br>
- Chris Weaver<br>
- Dave Kelsey<br>
- Frank Wuerthwein<br>
- Igor Sfiligoi<br>
- Jim Basney<br>
- Johannes Elmsheuser<br>
- Lincoln Bryant<br>
- Nikolai Hartmann<br>
- Paul Millar<br>
- Robert Gardner<br>
- Romain Wartel<br>
- Petr Vokac<br>
- Tom Barton<br>
- Stephane Jezequel<br>
- Shawn McKee<br>
- Vincent Brillault<br>
- Brian Bockelman<br>
- Xavier Espinal<br>
- Elizabeth Sexton-Kennedy<br>
<br>
<br>
***************************<br>
* Agenda<br>
***************************<br>
<br>
- Romain explained several additional parties (including OSG, Fermilab, ESnet) are interested in participating in this working group but had not yet time to appoint someone.<br>
<br>
- Introduction by Chris Weaver (slides on Indico)<br>
Q&amp;A:<br>
Vincent: The logs are stored locally with Systemd. Maybe these logs should be forwarded to a central remote system for added security?<br>
Chris: Agree.<br>
<br>
Vincent: The portal stores tokens giving significant access to the infrastructure. How’s the security managed on the portal and for token management?<br>
Chris: There are different components. Most of the SLATE development team has access to the different systems. Only the “current" tokens are in memory, and the main database is the Amazon DynamoDB, who is accessible only by a couple of people in the SLATE development team.<br>
<br>
Vincent: Scanning the container is very nice. Have you also considered scanning for insecure configurations (e.g. exposing unprotected SMB on the Internet)?<br>
Chris: The current scans are any case quite limited. This said, the number of new SLATE applications is quite low and the review is largely done manually for the moment.<br>
Searching for configuration issues is a good idea— This is not done yet as the tools are currently quite limited.<br>
<br>
- General discussion:<br>
<br>
Romain: What should this group try to achieve? What are the security aspects that needs to be covered by this WG?<br>
Rob: The resources providers would probably like to see an effort to increase the trust in the SLATE service, security model, and overall operational/deployment strategy. SLATE is a significant cultural shift in the way services are operated across a distributed infrastructure.<br>
A WLCG-wide discussion is needed to address the different (security) challenges to overcome, in order to improve service adoption and gain additional capabilities.<br>
Igor: As a side admin, I worry about the permissions I need to give to the SLATE developers to make it work; How can I be sure SLATE will not compromise by Kubernetes system?<br>
Rob: There is documentation available that should address questions around deployment impact, permissions needed, etc.<br>
Romain: The security team would probably also like to see some basic bases covered (image security, security updates, incident response, etc.)<br>
<br>
Romain: Do we need to also discuss security policies and trust framework as part of this working group?<br>
Dave: Yes, we need to review the risks and understand more details around SLATE. Depending on the findings we may or may not need new security policies.<br>
Romain: Do we need a security review?<br>
Dave: Probably. This would enable everybody to understand in more details how SLATE works and implications for the resource providers.<br>
Tom: Regarding the security review, Jim Basney and TrustedCI have already started some security review work.<br>
In addition, preparing some kind of “declarations” would help bringing additional transparency, which would be very welcome to improve trust from the different parties involved.<br>
Jim: TrustedCI would like to engage with this WG and ideally share tasks. TrustedCI is looking at the security policy aspects around the SLATE infrastructure, as well as image security scanning tools. It would be helpful to understand how to map this with WLCG policy and operational security practices.<br>
Romain: Direct, close cooperation between TrustedCI and this WG is absolutely crucial.<br>
<br>
Romain: We should maybe also explore the implications on incident response of the role/responsibility changes implied by the shift in deployment model.<br>
We will address the trust framework, security policies, security architecture, operational security aspects (vulnerability management, incident response, etc.). Any other obvious area to explore?<br>
Rob: More topics will probably come up in the near future!<br>
<br>
***************************<br>
* Next meetings<br>
***************************<br>
<br>
- Co-locate a side meeting around the September GDB at Fermilab (coordination: Rob, Fermilab)<br>
https://indico.cern.ch/event/739882/<br>
<br>
- Co-locate a side meeting around the October NSF Security Summit / WISE meeting (coordination: Tom, Dave, Romain)<br>
https://trustedci.org/2019-nsf-cybersecurity-summit<br>
&nbsp;</p>