Date
Attendees
Agenda
Mgr coordination (first this time)
· Others besides SysOps and Security can drop off unless they are interested in the next items
Security incident involving SSO Hub outage
o Review of NSF “suggestions” that came from John Towns
o Final, final report preparation
o Incident notification/escalation plan for security incidents including notifying NSF
o Discussion about SSO hub and Duo multi-factor authentication (MFA)
· Using cloud services for XSEDE Enterprise Services
o Need a security standard and guidelines for housing an XES in the cloud
o Planning a pilot project of having SSO backup in the AWS cloud using Univ of Illinois AWS contract
o When/how/why to move a XES to the cloud
o Is cloud usage for XES due to cost-savings, or other factors.
Discussion items
| Time | Item | Who | Notes |
|---|---|---|---|
| Manager coordination | Victor | None | |
Security incident involving SSO Hub outage | Victor/Adam/Jim | o Final, final report preparation for the incident at hand; will be waiting on a report of discussion with PI o Discussed the NSF “suggestions” that came from John Towns email; security team saw this; o Discussion of XSEDE security incident notification/escalation plan for notifying NSF; This included a discussion of the definition of an “incident”; Jim drafted this for the PEP text o Discussion was had about the SSO hub and Duo multi-factor authentication (MFA). A recommendation is coming from XSEDE security to require 2FA for SSO hub. · Using cloud services for XSEDE Enterprise Services o Need a security standard and guidelines for housing an XES in the cloud o Planning a pilot project of having SSO backup in the AWS cloud using Univ of Illinois AWS contract o Need a plan to investigate and be able to answer: When/how/why to move a XES to the cloud o Question we need to answer: How long will it take to develop get a security standard and/or guideline (2 months)? o Another question: How long will it take to do the pilot evaluation and identify the issues, costs, etc.? |