1) TOR Doc / EGI-SSO csirt:
- separate in sso communications from editorial access to wikis for example.
keep access to incident communications as little as possible (need to know
basis)
- formalize how to get membership of egi-csirt while not being a NGI-Security Officer, needed to get more hands on board for standard work (wiki clean up), need external experts for new technologies (fedcloud)
- should not change our current daily work (irtf shifts)
2) FedCloud:
- get tech experts in csirt, how/who (see 1)
- fedcloud contact shifter available for egi csirt?
- fedcloud incident: prepare work list for fedcloud to improve IR (how to get information on running VM instances, how to suspend them, how to remove them from thew app db, ....) / how to suspend users? / hook up cloud interfaces to argus?
This "workplan" should be discussed / agreed/ finalized at the fedcloud f2f in January (Amsterdam, EGI will jointly host a user event for EPOS/earth science on the 22-23 of January)
3) CRP questionnaires, results / status
4) The wLCG (readiness) operations pakiti joint Monitoring
- do we have something like a policy on who gets access to pakiti information, or do we treat it standard wise, i.e. need to know basis, which will likely not leave any room for wLCG operations?
- if we want to do something together with wLCG operations this has to be formalized, in particular,
- who deploys the monitoring software (ex: "pakiti clients")
- who collects the data?
- who owns the data
- who can stop it (access to monitoring data out site irtf) under which conditions
5) F2F Prague
- Venue/travel
- Agenda?
- who else to invite besides Boris (who is local)? (see also 1)
- have a slot for Boris Parak on fedcloud, suggest a presentation from him which should cover how to answer our standard questions during IR Expected outcome:
-> get a list of questions to Boris
-> get Boris introduced to IRTF
-> from the discussion at the f2f get input for the fedcloud workplan
-> (see 2)
6) ISGC 2015 paper & training/security workshop