Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Working Group

Published byPhoebe Cross Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Working Group"— Presentation transcript:

1 Security Working Group
2017 July 07 Conference Call

2 2017 July 07 - Agenda Review last Security Working Group (SWG) meeting notes Discuss Today Meeting Action Plan

3 Review - 2017 June 1-2 Actions Plan
Agreed to process All members to review the EdgeX Architecture Identity threat surfaces Define mitigation plan for threats Review and comment on existing Security Requirements document – Security Requirements for Fuse IoT Gateway Software (Dated: January 27, 2017) Provided review comments by 2017 July 11. To be sent by using Sec WG alias. Conference call to discuss all comments on 2017 July 18 at 10:00 AM (US Eastern Standard Time)

4 Review - 2017 June 1-2 Actions Plan
Post Security Requirements Review Prioritize requirements Identify security MVP functionality for beta Define milestones Assign owners and implement MVP Additional Agreements Focus on APIs so that vendors can provide plug-ins Open Source core will provide basic security services APIs will replace basic solutions with more advanced implementations Need to collaborate with Core Architecture and System Management WG Concerns The scope seems broad with large amount of work Not clear if the group has sufficient resources and what can be delivered by beta deadline. Need to assess after security requirements review.

5 Review - Security Working Group Governance Plans
Team structure and communication Current SWG Chairman: John Walsh (role will rotate every 6 months) alias: Wiki:

6 2017 July 07 - Agenda Need teams to review and provide written comments on existing security requirements by July 11 Discuss current security requirements comments/changes Discuss which members have content, products and personnel that are relevant to each element in Security MVP

7 Barcelona MVP Plan The Barcelona MVP Status & Plan
Next EdgeX Release named Barcelona MVP to focus minds on target release date to coincide with IOT Solutions World Congress, Barcelona 3rd- 5th October Barcelona MVP Draft Project Plan in Progress now released and available at EdgeXBarcelonaPlanJune2017_v1(draft).gan . Please note to view the full plan you will need to install the FREE Gantt tool from

8 Barcelona MVP Plan 13 Week Development Interval starting 7/9/17

9 Barcelona MVP Resource Plan

10 Fuse Arch.

11 Security Discussion Points - Barcelona MVP
“Fuse microservices to enforce access control, authentication, and authorization (AAA).” - Needs to support smart end points to cloud (AAA) Need to support tunneled and encrypted sensor data to the cloud – Gateway in passthrough mode only. Specifies Gateway administrator provisions devices. Should it allow for smart devices? “Rely on installation-unique credentials for protecting access to any of the Fuse repositories.” - Smart end points support (certificate, authentication, integrity, optional encryption) “Documentation provided with Fuse should strongly recommend that implementers expose HTTPS only.” – Needs to require TLS 2.0 or higher, down grade to unsecure modes should be flagged as insecure by EdgeX. “For those subscribers of MQTT data, there is no ability to protect sensitive data in transit” – This statement is in error. Typical protection is provided by a TLS layer that MQTT is tunneled through. Mangement Use Cases “EdgeX Administrator updates software” – Does everyone agree that this is only the EdgeX software upgrade and not end devices? Control Use Cases “EdgeX published all data” – This disallows smart devices from publishing data – This seems too restrictive.

12 Conclusion – The End Review action items Review agreements
Review Next steps Review and comment on existing Security Requirements document – Security Requirements for Fuse IoT Gateway Software (Dated: January 27, 2017) Provided review comments by 2017 July 11. To be sent by using Sec WG alias.

13

14

Download ppt "Security Working Group"

Similar presentations

USPTO Seal Patent Public Advisory Committee Meeting John B Owens II Chief Information Officer July 8, 2010.

USPTO Seal Patent Public Advisory Committee Meeting John B Owens II Chief Information Officer July 8, 2010.
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.

U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
SMART METER TEXAS Status Update July 29, 2010. AGENDA Release 1 Smart Meter Texas Online Portal Update – SMT Solution Update – Registration Statistics.

SMART METER TEXAS Status Update July 29, AGENDA Release 1 Smart Meter Texas Online Portal Update – SMT Solution Update – Registration Statistics.
SMART METER TEXAS Status Update May 5, 2010. AGENDA Release 1 Smart Meter Texas Online Portal Update – SMT Solution Update – Registration Statistics –

SMART METER TEXAS Status Update May 5, AGENDA Release 1 Smart Meter Texas Online Portal Update – SMT Solution Update – Registration Statistics –
SMART METER TEXAS Status Update June 3, 2010. AGENDA Release 1 Smart Meter Texas Online Portal Update – SMT Solution Update – Registration Statistics.

SMART METER TEXAS Status Update June 3, AGENDA Release 1 Smart Meter Texas Online Portal Update – SMT Solution Update – Registration Statistics.
Targets for project progress 2015: graduation review – clear documentation and PoC implementation specify general framework and API requirements gap analysis.

Targets for project progress 2015: graduation review – clear documentation and PoC implementation specify general framework and API requirements gap analysis.
DGC Paris 6.03.02 WP2 Summary of Discussions and Plans Peter Z. Kunszt And the WP2 team.

DGC Paris WP2 Summary of Discussions and Plans Peter Z. Kunszt And the WP2 team.
State of Georgia Release Management Training

State of Georgia Release Management Training
Doc.: IEEE 802.15-03/054r0 Submission January 2003 Dr. John R. Barr, MotorolaSlide 1 Project: IEEE 802.15 Working Group for Wireless Personal Area Networks.

Doc.: IEEE /054r0 Submission January 2003 Dr. John R. Barr, MotorolaSlide 1 Project: IEEE Working Group for Wireless Personal Area Networks.
K. Long, 25 June, 2016 IDR: structure and overall timeline: Slides are to introduce discussion of how we prepare IDR. Propose to revise slides as we discuss.

K. Long, 25 June, 2016 IDR: structure and overall timeline: Slides are to introduce discussion of how we prepare IDR. Propose to revise slides as we discuss.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Use Cases Discuss the what and how of use cases: Basics Examples Benefits Parts Stages Guidelines.

Use Cases Discuss the what and how of use cases: Basics Examples Benefits Parts Stages Guidelines.
Security Working Group

Security Working Group
Command Microservice Deep Dive

Command Microservice Deep Dive
Meta Data Deep Dive Part 1

Meta Data Deep Dive Part 1
ArcGIS for Server Security: Advanced

ArcGIS for Server Security: Advanced
Security Working Group

Security Working Group
Security Working Group

Security Working Group
Export Services Deep Dive

Export Services Deep Dive

Similar presentations

Ads by Google