[Fiware-security] Review of more deliverables

Antonio Garcia Vazquez antonio.garcia at atosresearch.eu
Thu Jul 26 12:10:57 CEST 2012
Previous message: [Fiware-security] Review of more deliverables
Next message: [Fiware-security] Review of more deliverables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Pascal,

 

-          I’ve updated wiki page according with the comments on column “User and Programmers Guide”

 

-          Regarding with comments on column “Installation & Administration Guides”. Can you ask them to clarify what an End to End test should be for TID?.

According with the template:

This is basically quick testing to check that everything is up and running. It may be composed of a single test or a few of them. E.g.: login on a web site and doing a basic query on a web form or API (provide URL and user/password) 

It is supposed to be enough to login on the local management tool and validate the main OSSIM options are accessible to the user (and I’m reviewing the information uploaded in that direction).  In case of some additional information is needed I’d appreciated any guide they could provide.

 

-          Finally, please notice that they’re providing references to a  Generic Enablers with more than one implementation guide in their comments about wiki structure & component’s naming. I suppose that you’ve already clarify TID that  MulVAL Attack Paths Engine &  Service-Level-SIEM are not different implementations of a GE but components of the same one (Security monitoring GE), but it seems that they do not understood this point.

 

 

Best Regards

 

 

************************************

*      Antonio García-Vázquez      *
*        (+34) 91 214 9384         *
*  antonio.garcia at atosresearch.eu  *
************************************ 

 

From: BISSON Pascal [mailto:pascal.bisson at thalesgroup.com] 
Sent: jueves, 26 de julio de 2012 10:13
To: GIDOIN Daniel; Antonio Garcia Vazquez; Seidl, Robert (NSN - DE/Munich); Wolfgang.Steigerwald at telekom.de; Meyer, Gerald (NSN - DE/Munich); DI CERBO, Francesco; TRABELSI, Slim; Rodrigo Diaz Rodriguez; GASPARD Lucie
Cc: BISSON Pascal; LELEU Philippe; fiware-security at lists.fi-ware.eu; MUSARAJ Kreshnik
Subject: TR: Review of more deliverables
Importance: High

 

Dear Colleagues,

 

(IMPORTANT EMAIL – SO PLEASE READ CAREFULLY & PERFORM THE REQUESTED ACTIONS)

 

Here is the TID review report of Instal & Admin manual and User and Programmer's manual of our Security Chapter (aka D8.3.1 & D8.4.1). As you will see once more it is not good in the sense there are a number of issues that if not corrected by each of you would lead to rejection of our deliverables by TID and also rejection of some our costs as per penalties TID as announced.

 

According to the attached review report the content you put to Unit Test Plan & Reporting for the GE you own is rejected for both Instal & Admin manual and User and Programmer's manual (with one exception for DB Anonimyzer where content for Install & Admin is rejected but content for User & Programmers guide is accepted)

 

Security Monitoring GE (Thales -> Daniel & al) rejected for both deliverables !

Identity Management GE (NSN - DT -> Robert & Wolfgang) rejected for both deliverables !

Data Handling GE (SAP -> Slim) rejected for both deliverables  !

DB Anonimyzer GE (SAP -> Francesco) -> rejected Install & Admin  ! (but ok for User & Programmers guide)

Secure Storage Service (Thales -> Lucie) -> Rejected for both deliverables !

 

So please Daniel, Robert, Wolfgang, Slim, Francesco and Lucie look at the issues and add the necessary corrections for your content to both D8.3a and D8.4a to give a chance to these deliverables to be accepted. 

 

Bear in mind the ultimate deadline to have them fixed is July 27th EOB as per decision taken by CA at last WPL/WPA. But to a on the safe side and did some review of the fixes it could be appropriate to have them fixed by today EOB.

 

In any case here is what is stated in the minutes of Monday 23 WPL/WPA audio and that you should have in mind as the contract:

 

Installation and Admin guides

Results of this check will be provided by July 25. As a result of this checking, the

guides can be:

·         Accepted

·         rejected with a deadline on July 27th EOB to fix a number of identified issues

Cost rejection measurements will be applied to GE owners failing to deliver the guides

by July 27th EOB.

Installation and Administration Guides which do not contain the mandatory sections

established in the defined guidelines will be rejected.

Several partners express objections to the request for the delivery of the Installation

and Admin Guide in the case of GEs offered “As a Service”. These need to be provided at least for auditing purposes.

 

Users’ and Programmers’ Guide

TID will check provided guides and will check whether they fulfill the defined guidelines

at:

https://forge.fi-ware.eu/plugins/mediawiki/wiki/fi-ware-private/index.php/

FiwareDeliverables

Results of this check will be provided by July 25. As a result of this checking, the

guides can be:

·         accepted

·         rejected with a deadline on July 27th EOB to fix a number of identified issues

Cost rejection measurements will be applied to GE owners failing to deliver the guides

by July 27th EOB.

 

Last but not I’d like also to draw your attention to points stated in Miguel’s emails and some of you would also have to address:

*	General comment for all WPs:  there are many GEs in some  WP with an "Installation and Administration Guide" that is an installation manual only. Giving the need to deliver at once, we will not try to fix it immediately. After the delivery we will provide a deadline to address it and provide the administration part. Of course, the impact on the cost reporting could be affected by this. 

*	This applies to part of the WPs only. The case of the Install and Admin Guides of GEs offered as a Service of nature PP the partner has to provide proper guides (what is needed by the administrator of the machine where it is running at your company ). This will given to the EC upon request and it will protected somehow (account/password, IP filtering, ...).  In the deliverables at the end of the month we will provide simply a text stating that.  We would give the manuals+binaries afterwards and only if they ask for it.

	*	Please ALL to whom it applies please address.

 

Counting on you all to have the issues for your GE fixed  the sooner the better and according to the set and final deadline.

 

Please acknowledge receipt of this email and let me know and Daniel once the issues have been fixed. As usual the sooner the better.

 

Hearing from you

 

BR

Pascal

 

 

De : Miguel Carrillo [mailto:mcp at tid.es] 
Envoyé : mercredi 25 juillet 2012 20:09
À : BISSON Pascal; GIDOIN Daniel
Cc : JUAN JOSE HIERRO SUREDA
Objet : Review of more deliverables

 

Dear Pascal,

This is my review for the Instal & Admin l manual and also for the User and Programmer's manual. The problematic things are marked in light blue. Please be aware that you have a very short time to react so let your partners know ASAP.

A few comments:

*	Things to be addressed are highlighted in blue. 

*	Note that my review is "formal" (formats, structure, consistency, reasonable aspect) but the coordination (Juanjo) may add comments of a more technical nature afterwards. So an "ok" from me does not necessarily means a final approval by the project coordination. 

*	General comment for all WPs:  there are many GEs in some  WP with an "Installation and Administration Guide" that is an installation manual only. Giving the need to deliver at once, we will not try to fix it immediately. After the delivery we will provide a deadline to address it and provide the administration part. Of course, the impact on the cost reporting could be affected by this. 

*	This applies to part of the WPs only. The case of the Install and Admin Guides of GEs offered as a Service of nature PP the partner has to provide proper guides (what is needed by the administrator of the machine where it is running at your company ). This will given to the EC upon request and it will protected somehow (account/password, IP filtering, ...).  In the deliverables at the end of the month we will provide simply a text stating that.  We would give the manuals+binaries afterwards and only if they ask for it.

 
I'd appreciate it if you could confirm what GEs are going to be provided as a Service (not to install on the testbed) in July. Theoretically this is in the testbed wiki but things change too fast and I prefer to ask you.

Best regards,

Miguel




-- 
----------------------------------------------------------------------
     _/          _/_/                     Miguel Carrillo Pacheco
    _/   _/     _/  _/   Telefónica       Distrito Telefónica 
   _/ _/_/_/   _/   _/   Investigación y  Edifico Oeste 1, Planta 9 
  _/   _/     _/  _/     Desarrollo       Ronda de la Comunicación S/N 
 _/          _/_/                         28050 Madrid (Spain)  
                                          Tel:  (+34) 91 483 26 77    
 
                                          e-mail: mcp at tid.es
 
Follow FI-WARE on the net
 
        Website:  http://www.fi-ware.eu
        Facebook: http://www.facebook.com/pages/FI-WARE/251366491587242
        Twitter:  http://twitter.com/Fiware
        LinkedIn: http://www.linkedin.com/groups/FIWARE-4239932
----------------------------------------------------------------------

 

________________________________


Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at.
http://www.tid.es/ES/PAGINAS/disclaimer.aspx

------------------------------------------------------------------
This e-mail and the documents attached are confidential and intended 
solely for the addressee; it may also be privileged. If you receive 
this e-mail in error, please notify the sender immediately and destroy it. 
As its integrity cannot be secured on the Internet, the Atos 
group liability cannot be triggered for the message content. Although 
the sender endeavours to maintain a computer virus-free network, 
the sender does not warrant that this transmission is virus-free and 
will not be liable for any damages resulting from any virus transmitted. 

Este mensaje y los ficheros adjuntos pueden contener informacion confidencial 
destinada solamente a la(s) persona(s) mencionadas anteriormente 
pueden estar protegidos por secreto profesional. 
Si usted recibe este correo electronico por error, gracias por informar 
inmediatamente al remitente y destruir el mensaje. 
Al no estar asegurada la integridad de este mensaje sobre la red, Atos 
no se hace responsable por su contenido. Su contenido no constituye ningun 
compromiso para el grupo Atos, salvo ratificacion escrita por ambas partes. 
Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor 
no puede garantizar nada al respecto y no sera responsable de cualesquiera 
danos que puedan resultar de una transmision de virus. 
------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20120726/b6acdefe/attachment.html>
Previous message: [Fiware-security] Review of more deliverables
Next message: [Fiware-security] Review of more deliverables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Old-Fiware-security mailing list
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy