Re: Security WG meeting tomorrow after the TSC Call (10am central)

Malini Bhandaru

Thank you Tingyu and Jim for the secrets storage v4 document.


A few comments/questions:

  1. Would you please include a sample vault master token file.
  2. What is the auth: null in the json response from a rest API call?
  3. While ACLs are not checked in Edinburgh, would it make sense to have some stub code in there that tests ACLs and returns trivially true to get the flow in place?
  4. How do we anticipate to use the ACL? Might it be which microservice can make what REST call on another microservice?
  5. Is the namespace to microservice mapping one-to-one?
  6. Why do the namespaces need to be secret? 

3. Define the secret namespaces and share the namespace definitions with the individual consuming micro service or init scripts.

       7) Looks like the flow chart figure with steps 1, 2, .. 4.1 .. 5 is duplicated. Why?

       8) What does secret store namespace description look like?




From: <EdgeX-TSC-Security@...> on behalf of "White2, James via Lists.Edgexfoundry.Org" <>
Reply-To: "White, James (EMC)" <James_White2@...>
Date: Tuesday, March 26, 2019 at 7:51 AM
To: "EdgeX-TSC-Security@..." <EdgeX-TSC-Security@...>
Cc: "EdgeX-TSC-Security@..." <EdgeX-TSC-Security@...>
Subject: [Edgex-tsc-security] Security WG meeting tomorrow after the TSC Call (10am central)



Apologies in that it has taken me sometime to get organized as the temporary chair of this working group.  However, we have been working in the background to try to organize the necessary work for the Edinburgh release.  Additionally, we have been talking to members of Intel and David Ferriera about roadmap items (importantly what has to be explored for Fuji).  In tomorrow’s meeting, I’d like to share with you some of this work and get your reaction.


Specifically, the agenda for tomorrow includes:

  1. Edinburgh Release Securing EdgeX Secrets (securing the Vault Master token and database username/password at a minimum)
  2. Providing a means to report/react to security issues (per recent CVE discussions)
  3. Planning/working roadmap and Fuji release – getting out front of that release starting now (Intel helping to drive)


Please see and review the attached documents in advance of tomorrow’s meeting to discuss items #1 and #2


Look forward to the call and chatting with you all.


Jim White

Distinguished Engineer, IoT Platform Development Team Lead

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693




Join to automatically receive all group messages.