[Security_sig] Test matrix 1.11

Bryce Harrington bryce at osdl.org
Wed May 4 12:02:42 PDT 2005


I've updated the test matrix with info from today's call on NFSv4
security testing priorities.  

    http://developer.osdl.org/dev/nfsv4/testmatrix/

We completed the prioritization of this section today.  Next meeting
will return to some items in the performance testing section that we had
not gotten to yet.

As a quick recap, the main topic discussed today was documentation,
particularly as needed for doing security auditing/testing.  We built a
good concensus that the highest near-term priority for documentation is
to create inline documentation for the relevant security API's in the
a) kernel code, b) libgssapi, and c) librpcsecgss.

DocBook is traditionally used for inline docs in kernel code; for the
other libs, any inline documentation system could be used.

In addition to the inline code docs, some high level design docs will be
needed.  The inline code docs sort of describe what was implemented,
whereas the design docs describe what was intended; both answer
different types of questions, and comparing the latter to the former may
be an extremely useful way to identify issues.

Trond and Bruce said they're probably the best people to write the
design docs.  The inline docs are probably going to take more of a
collaborative effort.

I have also collected links to other various nfsv4-related documentation
here:  http://developer.osdl.org/dev/nfsv4/documentation/

In addition to documentation, we identified one security "use case", using
NFSv4 over VPN.  Venkata took the action to define this use case.

Bryce



More information about the security_sig mailing list