Wikis > Software-Defined Security Services > Software-Defined Security Services Working Group–March 16, 2017 Meeting Notes


Time: March 16, 2017: 11am EST – 12pm EST.

Participants: Ali Sydney; Chris Messina; Hari K, Linda Dunbar; Mukesh Gupta; Nick; Rakesh Kumar; Scott Brander; Simon Fiddian; Scrini; Thom S; Call-in_user 1;

Use Case and White paper discussion


  • Good discussion on the use case on the mailing list.
  • Security white paper: need more clarity on use cases
  • Need richer policy


  • What we do in ONUG takes one step closer to the implementation.
  • Let’s put the document on the wiki page for more people to view.


  • It has been difficult to put everything. Need more comments.


  • Other groups also have framework document. We might need to blow up the pictures for the Spring Work
  • Use the use cases as guidance for any company to showcase their proof of concept. Issue award to companies that have the best matches with the framework, to amplify the work done by ONUG.

Scott: it might be difficult to organize it.


  • We can create multiple pictures, one is consolidated one, others are “individual ones”


  • can we separate Infrastructure security polices from polices impose on user data.


  • It is important to have policies on which users can access which port

User_2: we should identify the trust boundary. For trusted domain, you don’t need security policies for access control. For untrusted domain, you need more policies.

Nick: it probably too early for the award process. The purpose is to create more interests for this framework.

Scrini: has the data models been published anywhere?

Rakesh: the data models are specified at IETF I2NSF. There is north bound data models.

Linda: we should brief the data models being proposed by IETF I2NSF WG and get more feedback from ONUG Wg. If agreed, we can attach one page of data models to the Framework post at the ONUG Spring.

Nick: it is more important to have a small set of use cases, instead of a lot of them.  For example: for data center, the key use cases are segregation. Should focus on a few important one

Tom: should focus on one key use case: how to run work load securely in an environment owned by 3rd party. If you can solve this problem: confidentiality, integrity, availability. Untrusted service providers who are running my applications, the VMs run there have no idea. How do I mitigate that threat? How to use commodity resource that are not trusted. Can we develop a solutions around it?

Srini: there are other use cases as well, IoT connecting to the network, not sure if this group is only for WorkLoad security?

Nick: everyone is so focused on Hybrid cloud, being able to move work load from trusted environment to untrusted environment is key. IoT is interesting, but enterprises are not knocking our door for this.

If we can focus on what Nick has suggested, we are doing a good service to the community.