[Security_sig] 03/17 Conf. call minutes
chrisw at osdl.org
Thu Mar 17 09:42:21 PST 2005
Joseph Cihula (Intel)
Ed Reed (Novell)
Emily Ratliff (IBM)
Serge Hallyn (IBM)
Chris Wright (OSDL)
Matt Anderson (HP)
- CGL spec ownsership
- DCL spec ownership
- any other business
Chris: Find editable version of CGL spec.
Ed: Do OSDL working groups take a stance on TPM?
Chris: No stance on judgement of TCG spec, but CGL hardware spec calls
out TPM hardware, and thusly software spec requires drivers when
hardware is present.
Chris: CGL spec co-editor needed. We've lost Ge for now ;-(
Joseph: Not much spec writing, more editing, writing some use cases and
reviewing the current implemenation listings.
Emily: Could you give quick overview of DCL status/needs? I think it
should get to something like the CGL spec.
Chris: Sure, the assumptions that you've seen/commented on went out in
1.1. Next step is to turn that all into something that looks much more
Emily: I'll volunteer to help on the DCL spec.
Matt: I can jump in if nobody else will (re: CGL).
Chris: Great. I'm sure Ed and Joseph will welcome the help.
Emily: What's the time frame.
Chris: DCL needs solid draft in July.
Joseph: CGL is May 3rd.
Chris: Should we consider a meeting at OLS.
Emily: That'd be great. Quite a few members from my team will be there.
Chris: I think the BoF slots are full, I can double check on that.
Ed: (describes his view of content for DCL spec)
Ed: What I don't konw how to do is end up with list of rpms.
Chris: Likely to not get to that granularity. BTW, I didn't get good
notes for your description, they'll be lacking in the minutes.
Ed: It's basically a Security Target.
Ed: Feature set that appears to be relevant for securing an enterprise
data center linux machine. Database/app server/public protocol server/
Emily: Do you plan to allow for options? So when we talk about
containment there may be a few options listed?
Ed: Yes, you're right. So it's somewhere inbetween a Protection Profile
and a Security Target.
Emily: It also helps people who may not be familiar with security to
understand the requirement when seen with an example that they may have
Ed: Can we categorize things into specific sections, like containment,
separation of duties, audit, etc. And have a small top-down list for
Emily: Are you ready for volunteers yet?
Chris: He's almost done writing ;-)
Ed: Just got details yesterday afternoon.
Emily: Pedantic checks up front, or broader comments first?
Ed: I don't mind keeping wordsmithing as we go, it's better than doing
it at the end.
Matt: Do we have an editiable doc for CGL. Only see PDF.
Chris: Yes, I think I have one, and Ed needs it too. If I don't Joseph
or Ge should be able to get it to us.
Chris: And I'd prefer to see it done in OpenOffice format.
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
More information about the security_sig