Skip to content

Latest commit

 

History

History
71 lines (62 loc) · 2.85 KB

2016-10-05.md

File metadata and controls

71 lines (62 loc) · 2.85 KB

ISIG: Meeting Notes

Date

October 5 from 2:00 PM-3:00 PM EST

Medium

https://join.skype.com/uohKGgCNMBSG

Agenda

  • Old Business
  • Ask for use cases for security on the ListServ (Rosie)
  • Modify the "Sensitive" label in JIRA (Melissa)
  • Start/Test the Github Wiki for Procedures and Information (Don)
  • Any further * Propsal feedback by the Roadmap Committee (Will)
  • Last Month’s Suggestion
    • Explore Authorization and Access control concerns

Action items

  • Rosie post on listserv about use cases for Permissions / Roles
  • Danny will contact Melissa about the security email
  • Danny will send out a securit test email
  • ISRT team will email Danny if they didn't recieve an email
  • Don will Update procedure doc: Notes from ISIG monthly is emailed to Security@ after meeting

Next meeting

  • Next Chair: Will Panting
  • Next Meeting: November 2 from 2:00 PM-3:00 PM EST

Attendees

  • Don Richards (chair)
  • Marcus Barnes
  • Ed Fugikawa
  • Rosie Le Faive
  • Daniel Aitken
  • Danny Lamb
  • Mark Jordan
  • Will Panting
  • Ed

Notes

Melissa was out but the JIRA ticket field for security

  • Everyone can see

    CLAW is using tool to push MD to gh-pages
  • ISIG to stick with MD files
  • In MD files would we like point to other security channels for advice
  • Disclaimers to explain we aren't the end-all-be-all for security advice
  • New Folder "security_docs" for submitting Security Documentation
    Request post to the listserv for Use cases for XACML or WEBAC (Rosie)
  • Role permissions, roles, users, operations, items(objects, triples)
  • Claws Use case: Islandora/documentation#385
  • Rosie pointing to this issues
  • PerTriple granularity as a pro
  • https://groups.google.com/forum/#!topic/islandora/YGBMUU4OSM8

Roadmap had no objections to final draft of ISIG & ISRT proposal
- Was asked if any objections and no one responded.
CLAW refining permissions
- They are looking into a Hooks system

Last month is was asked if we were the right team to discuss "Explore Authorization and Access control concerns"
- No one had much to add but a policy for how to submit a topic request was suggested. Added it to the wiki for now.
Comment was brought up on the Response team: Security List
- No emails recieved recently - Danny Sent a test email: FAILED - Update procedure doc: Notes from ISIG monthly is emailed to Security@ -- This updates SIRT and varifies the team is getting the emails - Danny will look into the issue.