Date   

Upcoming Event: EdgeX Security WG Meeting (Weekly) - Wed, 06/12/2019 8:00am-9:00am, Please RSVP #cal-reminder

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Reminder: EdgeX Security WG Meeting (Weekly)

When: Wednesday, 12 June 2019, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

Where:https://zoom.us/j/576218946

An RSVP is requested. Click here to RSVP

Organizer: EdgeX-TSC-Security@...

Description: EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx


WG call tomorrow at 10am CDT

White2, James
 

All,

A reminder that the Security WG meets tomorrow at 10am CDT right after the TSC call.  Find the agenda and connection information here:  https://wiki.edgexfoundry.org/display/FA/Security+Working+Group.

 

 

 

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 


Upcoming Event: EdgeX Security WG Meeting (Weekly) - Wed, 06/05/2019 8:00am-9:00am, Please RSVP #cal-reminder

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Reminder: EdgeX Security WG Meeting (Weekly)

When: Wednesday, 5 June 2019, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

Where:https://zoom.us/j/576218946

An RSVP is requested. Click here to RSVP

Organizer: EdgeX-TSC-Security@...

Description: EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx


Linux Security Summit - deadline May 31

Maemalynn Meanor <maemalynn@...>
 

Hi All:

This is a reminder that the deadline to submit speaking proposals for the Linux Security Summit is Friday, May 31. The Linux Security Summit will be in San Diego on August 19-21, which takes place right before Open Source Summit + Embedded Linux Conference North America in the same area. 

Topic areas include but are not limited to:

  • Kernel self-protection
  • Access Control
  • Cryptography and key management
  • Integrity Policy and enforcement
  • Hardware Security
  • IoT and Embedded Security
  • Virtualization and Containers
  • System-specific System Hardening
  • Case Studies
  • Security Tools
  • Security UX
  • Emerging Technologies, Threats & Techniques

Feel free to submit a proposal at https://linuxfoundation.smapply.io/prog/lssna2019/. Or, if you would like our help, please send us your bio and security-focused abstract and we’ll do the rest. 

Thanks,
Mae

Maemalynn Meanor
Senior PR Manager 
The Linux Foundation
Maemalynn@...
(602) 541-0356
Skype: Maemalynn







Upcoming Event: EdgeX Security WG Meeting (Weekly) - Wed, 05/29/2019 8:00am-9:00am, Please RSVP #cal-reminder

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Reminder: EdgeX Security WG Meeting (Weekly)

When: Wednesday, 29 May 2019, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

Where:https://zoom.us/j/576218946

An RSVP is requested. Click here to RSVP

Organizer: EdgeX-TSC-Security@...

Description: EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx


WG Meeting tomorrow at 10am CDT

White2, James
 

Reminder that we have our Security WG call tomorrow at 10am CDT after the TSC meeting.  Here is the link to connection info and agenda:  https://wiki.edgexfoundry.org/display/FA/Security+Working+Group.  On tap:  updates on current security work and Tingyu will provide some designs that address the refactor of Security Store service.

 

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 


Upcoming Event: EdgeX Security WG Meeting (Weekly) - Wed, 05/22/2019 8:00am-9:00am, Please RSVP #cal-reminder

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Reminder: EdgeX Security WG Meeting (Weekly)

When: Wednesday, 22 May 2019, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

Where:https://zoom.us/j/576218946

An RSVP is requested. Click here to RSVP

Organizer: EdgeX-TSC-Security@...

Description: EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx


Working Group meeting tomorrow at 10am CDT

White2, James
 

Security WG team,

Reminder that we have a WG call tomorrow at 10am CDT right after the TSC meeting.  Meeting connection information and agenda are here:  https://wiki.edgexfoundry.org/display/FA/Security+Working+Group

 

Topics of conversation:

  • Security Issue Process approved so what’s next
  • Edinburgh’s service access to Vault issue and dot release plan

 

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 


Re: [Edgex-tsc] Security feature and an Edinburgh dot release

Ike Alisson ALICON Sweden
 

Hello James et al,
Thank you for your mail update.
I am sorry to hear about the delay related to Vault. I agree that it is an important aspect.

On the issue of undertaking the responsibility, I hereby would like to convey that as with everyone's participation at the weekly TSC Security meetings and possibility to contribute and/or provide feedback, I hereby would like to emphasize that, it is a Team Work and therein, it is everyone's shared responsibility for such delays. 

When it comes to the success and achievements (there is a difference between the two), I personally think that it is a priviledge to be in a group at which I have the chance to listen to experts like you and your Team members such as Tingyu and Ahmad and yourself and being able to enrich my knowledge and experience in the field of Security. 
For this delay, as a participating and non-voting TSC Security Member, I would like to convey that I am standing side by side with you and everyone in your Team and fully share the responsibility for the delay.
Sincerely yours,
Ike
_______________________________
Ike Alısson
GSM :                +46 707 60 99 00
E-mail:               ike.alisson@...
Webpage:          www.alicon.se
_______________________________
This communication is confidential and intended solely for the addressee(s). Any unauthorized review; use, disclosure, or distribution is prohibited.  If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it.  Thank you.  E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.


Den mån 20 maj 2019 kl 19:32 skrev <James.White2@...>:

TSC & EdgeX community,

 

I am sad to report that we ran into some issues implementing the Vault security work for Edinburgh release (v1.0).  In particular, the ability to have the database using services pull in the database username/password from Vault (versus Consul where they are in clear text) is not going to make our May 28 freeze date.  I take full responsibility for this slip.  My team has been working hard on this, and we just did not anticipate some complexities with the service bootstrapping.

 

Tingyu from team has already worked a detailed task plan about the work that remains and we are pretty confident that we can and will have the solution shortly -  but just not in time for the May 28 freeze.  On the TSC call this week, I am going to share our plan for getting the work done and I will be requesting a Edinburgh dot release for a to-be-determined date this summer (likely July or August timeframe).  I welcome comments and thoughts this Wednesday.

 

Regards,

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 


Re: Issue with core microservice access credentials in the secret service when secret service is enabled.

White2, James
 

All,

Based on a call with Trevor, Tingyu and Brandon from my team just after the security working group call, we made some decisions about this design (some that are a reversal of what was discussed on the WG call).

 

  1. Per Tingyu’s message below, the command line parameter to use Vault secrets by the service is going to be named “secrets” versus “secretservicerequired” in order to shorten it up a bit
  2. The default value for this will be false versus true.  Meaning you have to add this command line parameter in order to turn on secrets by Vault.

 

This means that by default, services will still get the database username/password info from Consul or config file for the Edinburgh release and will get the secrets out of Vault only if someone adds the “secrets” command parameter setting.

 

While the preferred way would be to have secrets coming from Vault by default (especially production), the change for developers and the change to all the blackbox tests immediately (and as discussed in our WG meeting) was going to create too much turmoil this close to the release.  We will revisit this default for Fuji.  The functionality will still be there, just not on by default.

 

If you have comments or additional concerns , please let us know.

 

 

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 

 

From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of Zeng, Tingyu
Sent: Wednesday, May 15, 2019 10:35 AM
To: EdgeX-TSC-Security@...
Subject: [Edgex-tsc-security] Issue with core microservice access credentials in the secret service when secret service is enabled.

 

[EXTERNAL EMAIL]

All, 

 

I have created an issue #1341 in the edgex-go repo that addressed the discussion during our secruity WG meeting.

 

 

Here I propose to add one more command line option in the core microservice that is going to consume the secret service. Fore coredata service I think the best place is in https://github.com/edgexfoundry/edgex-go/blob/master/cmd/core-data/main.go.  as you see it parses the command line parameters. we need to add one more option, something like 

 

flag.BoolVar(&sercretservicerequired,"secretservicerequired",true,"Indicates

if the secret service is required.")

 

By default the value is true, which means we need to check if the secret service is up and running to provide credentials. if the secret service is down, then we need to exit the whole micro service.

 

If it is false, when we check the secret service and if it is down, we need to continue the original logic, means we need to check the configuration file and then consul to get the credentials. In another words, we try our best to look up all the places to get the credentials. 

 

let me know if you have any questions.

 

Thanks

Tingyu


Issue with core microservice access credentials in the secret service when secret service is enabled.

Zeng, Tingyu <tingyu.zeng@...>
 

All, 

I have created an issue #1341 in the edgex-go repo that addressed the discussion during our secruity WG meeting.


Here I propose to add one more command line option in the core microservice that is going to consume the secret service. Fore coredata service I think the best place is in https://github.com/edgexfoundry/edgex-go/blob/master/cmd/core-data/main.go.  as you see it parses the command line parameters. we need to add one more option, something like 

flag.BoolVar(&sercretservicerequired,"secretservicerequired",true,"Indicates if the secret service is required.")

By default the value is true, which means we need to check if the secret service is up and running to provide credentials. if the secret service is down, then we need to exit the whole micro service.

If it is false, when we check the secret service and if it is down, we need to continue the original logic, means we need to check the configuration file and then consul to get the credentials. In another words, we try our best to look up all the places to get the credentials. 

let me know if you have any questions.

Thanks
Tingyu


Upcoming Event: EdgeX Security WG Meeting (Weekly) - Wed, 05/15/2019 8:00am-9:00am, Please RSVP #cal-reminder

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Reminder: EdgeX Security WG Meeting (Weekly)

When: Wednesday, 15 May 2019, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

Where:https://zoom.us/j/576218946

An RSVP is requested. Click here to RSVP

Organizer: EdgeX-TSC-Security@...

Description: EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx


Upcoming Event: EdgeX Security WG Meeting (Weekly) - Wed, 05/08/2019 8:00am-9:00am, Please RSVP #cal-reminder

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Reminder: EdgeX Security WG Meeting (Weekly)

When: Wednesday, 8 May 2019, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

Where:https://zoom.us/j/576218946

An RSVP is requested. Click here to RSVP

Organizer: EdgeX-TSC-Security@...

Description: EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx


EdgeX Security WG Meeting (Weekly) - Wed, 04/24/2019 8:00am-9:00am #cal-reminder

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Reminder:
EdgeX Security WG Meeting (Weekly)

When:
Wednesday, 24 April 2019
8:00am to 9:00am
(GMT-07:00) America/Los Angeles

Where:
https://zoom.us/j/576218946

Organizer:
EdgeX-TSC-Security@...

Description:
EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx

An RSVP is requested. Click here to RSVP


Security Work Group Meeting tomorrow

White2, James
 

All,

A reminder that the Security WG will have its weekly meeting tomorrow at 10am CDT.  Find connection information here:  https://wiki.edgexfoundry.org/display/FA/Security+Working+Group.

 

Tingyu Zeng from my team will be leading the group meeting tomorrow and after any quick updates, the meeting will focus on Security road map beyond Edinburgh.   Below is Fuji road mapping slide for the Seoul Face-to-face meeting next week.  Many of the items come from the discussion led by Bryon last week.  Reaction, additions, refinements sought in advance of the Fuji planning meeting.

 

 

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 


Cancelled Event: EdgeX Security WG Meeting (Weekly) - Wednesday, 1 May 2019 #cal-cancelled

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Cancelled: EdgeX Security WG Meeting (Weekly)

This event has been cancelled.

When:
Wednesday, 1 May 2019
8:00am to 9:00am
(GMT-07:00) America/Los Angeles

Where:
https://zoom.us/j/576218946

Organizer:
EdgeX-TSC-Security@...

Description:
EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx


EdgeX Security WG Meeting (Weekly) - Wed, 04/17/2019 8:00am-9:00am #cal-reminder

EdgeX-TSC-Security@lists.edgexfoundry.org Calendar <EdgeX-TSC-Security@...>
 

Reminder:
EdgeX Security WG Meeting (Weekly)

When:
Wednesday, 17 April 2019
8:00am to 9:00am
(GMT-07:00) America/Los Angeles

Where:
https://zoom.us/j/576218946

Organizer:
EdgeX-TSC-Security@...

Description:
EdgeX Security WG Meeting. Meeting content posted to Security WG Wiki.
Meeting Lead: David Ferriera, Security WG Chair, david.ferriera@...
-----
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946

Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#

Or Telephone:
    Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
    +1 855 880 1246 (US Toll Free)
    +1 877 369 0926 (US Toll Free)
    Meeting ID: 576 218 946
    International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx

An RSVP is requested. Click here to RSVP


Re: Security WG meeting

Malini Bhandaru
 

Inline comments Jim

 

From: <EdgeX-TSC-Security@...> on behalf of "White2, James via Lists.Edgexfoundry.Org" <James.White2=dell.com@...>
Reply-To: "White, James (EMC)" <James_White2@...>
Date: Monday, April 15, 2019 at 6:58 PM
To: "ian.johnson@..." <ian.johnson@...>
Cc: "EdgeX-TSC-Security@..." <EdgeX-TSC-Security@...>
Subject: Re: [Edgex-tsc-security] Security WG meeting

 

Thanks Ian – sorry for the mix up.  Here are the links:

 

Addressing security issues (CVE):

https://wiki.edgexfoundry.org/display/FA/Security+Working+Group?preview=/329467/27492766/EdgeX%20Process%20for%20Addressing%20Security%20Issues-v5.pdf

I would make each a section:

  1. Setup SIR Team, with sub-sections: Team composition, Ratification, Tenure, Handling Vacancies, Role: Handling the security issues
  2. Security-Issues Email address set up. For privately and responsibly reporting security issues to the SIR Team
  3. Security Issues Landing page set up.
  4. Response Procedure
    1. EdgeX Code
    2. 3 rd Party Dependencies

    The contents of sections 2-4 look done to me.

 

Some minor edits:

  1. s/chairman/chairperson
  2. s/effected/affected

 

Protecting EdgeX Secrets for Edinburgh:

https://wiki.edgexfoundry.org/display/FA/Security+Working+Group?preview=/329467/27492703/Protecting%20EdgeX%20Secrets-v7.pdf

 

From: Ian Johnson <ian.johnson@...>
Sent: Monday, April 15, 2019 8:55 PM
To: White2, James
Cc: EdgeX-TSC-Security@...
Subject: Re: [Edgex-tsc-security] Security WG meeting

 

[EXTERNAL EMAIL]

 

 

On Mon, Apr 15, 2019 at 8:21 PM White2, James <James.White2@...> wrote:

All,

A reminder that the security working group will hold its call right after the TSC meeting on Wednesday (10am CDT).  We have a full agenda to include:

  • Review/finalization of the Securing service secrets doc – version 7

This doc link seems to be for the Security issue process?

 

  •  
  • Review/finalization of the Security issue process – version 5
  • Discussion on which credential generation mechanism to use for Vault DB secrets (pick up from Tingyu’s discussion last week)
  • Bulk of the time to Fuji scoping and roadmapping – based on Bryon’s Github pull request document.

 

Find connection information and full agenda here:  https://wiki.edgexfoundry.org/display/FA/Security+Working+Group

 

Look forward to talking to you all.

 

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 


Re: Security WG meeting

Ian Johnson
 

Perfect, thanks!
Ian

On Mon, Apr 15, 2019 at 8:58 PM <James.White2@...> wrote:

Thanks Ian – sorry for the mix up.  Here are the links:

 

Addressing security issues (CVE):

https://wiki.edgexfoundry.org/display/FA/Security+Working+Group?preview=/329467/27492766/EdgeX%20Process%20for%20Addressing%20Security%20Issues-v5.pdf

 

Protecting EdgeX Secrets for Edinburgh:

https://wiki.edgexfoundry.org/display/FA/Security+Working+Group?preview=/329467/27492703/Protecting%20EdgeX%20Secrets-v7.pdf

 

From: Ian Johnson <ian.johnson@...>
Sent: Monday, April 15, 2019 8:55 PM
To: White2, James
Cc: EdgeX-TSC-Security@...
Subject: Re: [Edgex-tsc-security] Security WG meeting

 

[EXTERNAL EMAIL]

 

 

On Mon, Apr 15, 2019 at 8:21 PM White2, James <James.White2@...> wrote:

All,

A reminder that the security working group will hold its call right after the TSC meeting on Wednesday (10am CDT).  We have a full agenda to include:

  • Review/finalization of the Securing service secrets doc – version 7

This doc link seems to be for the Security issue process?

 

  •  
  • Review/finalization of the Security issue process – version 5
  • Discussion on which credential generation mechanism to use for Vault DB secrets (pick up from Tingyu’s discussion last week)
  • Bulk of the time to Fuji scoping and roadmapping – based on Bryon’s Github pull request document.

 

Find connection information and full agenda here:  https://wiki.edgexfoundry.org/display/FA/Security+Working+Group

 

Look forward to talking to you all.

 

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 


Re: Security WG meeting

White2, James
 

From: Ian Johnson <ian.johnson@...>
Sent: Monday, April 15, 2019 8:55 PM
To: White2, James
Cc: EdgeX-TSC-Security@...
Subject: Re: [Edgex-tsc-security] Security WG meeting

 

[EXTERNAL EMAIL]

 

 

On Mon, Apr 15, 2019 at 8:21 PM White2, James <James.White2@...> wrote:

All,

A reminder that the security working group will hold its call right after the TSC meeting on Wednesday (10am CDT).  We have a full agenda to include:

  • Review/finalization of the Securing service secrets doc – version 7

This doc link seems to be for the Security issue process?

 

  •  
  • Review/finalization of the Security issue process – version 5
  • Discussion on which credential generation mechanism to use for Vault DB secrets (pick up from Tingyu’s discussion last week)
  • Bulk of the time to Fuji scoping and roadmapping – based on Bryon’s Github pull request document.

 

Find connection information and full agenda here:  https://wiki.edgexfoundry.org/display/FA/Security+Working+Group

 

Look forward to talking to you all.

 

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...