============================== #openlmi: OpenLMI (2013-11-04) ============================== Meeting started by sgallagh at 14:01:17 UTC. The full logs are available at http://meetbot.fedoraproject.org/openlmi/2013-11-04/openlmi_public_irc_meeting.2013-11-04-14.01.log.html . Meeting summary --------------- * Meetings are recorded and will be posted on www.openlmi.org. Opinions expressed do not necessarily reflect the reviews of the participant's employer. (sgallagh, 14:01:40) * Roll Call (sgallagh, 14:01:49) * Attendance: Stephen Gallagher, Russ Doty, Klaus Kämpf, Praveen Paladugu, Jan Safranek, Radek Novacek, Tomas Smetana (sgallagh, 14:04:36) * Follow-ups (sgallagh, 14:04:52) * praveen_pk: For publishing the BMC information, we worked out the initial model, and we should be good to start working on it (sgallagh, 14:08:32) * LINK: https://lists.fedorahosted.org/pipermail/openlmi-devel/2013-November/001858.html (sgallagh, 14:11:10) * In Dell's system, the user identity is passed to each individual provider for access-control determination. It is not performed by the CIMOM. (sgallagh, 14:12:01) * Attendance: Stef Walter (sgallagh, 14:18:45) * Requirements of access control (sgallagh, 14:22:41) * rdoty: A system administrator should have full root access to the system. (sgallagh, 14:23:00) * stefw: being able to see stuff, but not change stuff through an openlmi provider (sgallagh, 14:23:23) * stefw: monitor a system vs. configure it (sgallagh, 14:23:34) * OpenPegasus has very limited trinary access control right now (user whitelist): No access, Read-Only and Read-Write on a user in a namespace (sgallagh, 14:24:03) * ACTION: praveen_pk to attempt to recruit Dell access-control representation (sgallagh, 14:29:49) * LINK: https://raw.github.com/cockpit-project/cockpit/master/doc/cockpit-transport.png (stefw, 14:35:23) * All agree that proper auditing is necessary (sgallagh, 14:53:05) * Much debate as to the level of access-control that is sufficient vs. complete. (sgallagh, 14:53:22) * rdoty My take is that system administrators need full access (with auditing) (sgallagh, 14:53:50) * rdoty Other users, especially monitoring, may get by with restricted access (sgallagh, 14:54:00) * rdoty I don't see a real use case for "allow this user the ability to configure storage but not see network configuration details" (sgallagh, 14:54:12) * Auditing will be the primary agenda item for next week's meeting (sgallagh, 15:01:27) Meeting ended at 15:02:00 UTC. Action Items ------------ * praveen_pk to attempt to recruit Dell access-control representation Action Items, by person ----------------------- * praveen_pk * praveen_pk to attempt to recruit Dell access-control representation * **UNASSIGNED** * (none) People Present (lines said) --------------------------- * sgallagh (89) * stefw (72) * rdoty (49) * kkaempf (14) * praveen_pk (8) * jsafrane (7) * zodbot (5) * fche (2) * tsmetana (2) * rnovacek (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot