The Fedora Repository Committer's would like to invite you to a special topics tele-meeting.

There are a number of concerns that have been voiced about using Fedora security and its current documentation.  You are invited to a special topics meeting to discuss this and to form a working group to provide accurate, up to date information.  In particular, we would like to include persons outside the usual attendees especially those implementing or running production Fedora installations since we all need to benefit from their hands-on experience.

Time/Place

This meeting is a hybrid teleconference and IRC chat. Anyone is welcome to join...here's the info:

Agenda

  1. Last Meeting for 2010, Date for the next meeting?
  2. Status of Git
    1. EOL Handling
  3. Critical new items or work-in-progress
    1. newly-submitted issues
  4. Special Topic - Updating Fedora Security Information Resources and Documentation
    1. Working pages started here and here (explanation of discussion threads)
    2. Fixing deficiencies and inaccuracies, and making improvements
    3. Lowering the barrier to use
      1. Quick start guide
      2. A comparison are various security features
    4. Update of Repository XACML users documentation
      1. Check the sample rules
      2. Add rule sets for typical uses
      3. Policy Objects
    5. CMA Security Implications
      1. Cacheing implications
      2. Back-end (Deployment Security or lack there-of)
    6. FeSL
      1. Bring guide up to date
      2. Add example rule sets (including for typical uses)
      3. FeSL AuthN and FeSL AuthZ
      4. Interactions between FeSL and Repository XACML enforcement
    7. Update Servlet Filter Documentation
    8. SSL provided by Tomcat (and/or other Application Servers)
    9. Use of Apache as a front-end including security options and operations
    10. Operations security
    11. AuthN
      1. Realms
      2. LDAP Guide
      3. Shibboleth
      4. User-defined
    12. Others?
    13. Solicit help of production operators