►
From YouTube: Kubernetes WG IoT Edge 20190508
Description
May 8 2019 meeting of the Kubernetes IoT edge Working Group - formative discussion of edge security white paper
A
So
to
kick
it
off,
I'd
like
to
say
so:
moritz
bernhard,
you
guys
have
just
your
contributions,
were
fantastic.
Thank
you!
A
So
much,
and
so
it's
I
think,
we've
got
a
lot
of
great
material
in
from
from
you
guys
that
we
can
talk
through,
and
I
put
you
guys
up
on
the
on
the
paper
as
contributing
authors,
given
that
you
guys
dropped
in
some
really
great
stuff
and
it
seemed
seemed
appropriate
that
you
guys
be
listed
as
full
authors
on
the
paper,
because
that
so
why
don't?
A
I
share
my
screen
and
we
can
kick
this
off
and
I'll
be
kind
of
like
the
screen
share
driver
here,
how's
that
sound
okay,
everybody
see
yes,
cool
and
let
me
also
remember
to
turn
off
my
notifications
too.
That
was
my
alarm
goes
off
to
clean
the
cat
box.
You
guys
don't
have
to
see
it
all
right,
great
cool,
so
let
me
get
this
video
out
the
way.
In
fact,
I
may
bury
it
up
there.
A
There
we
go
okay,
so
I
did
a
refresh
on
the
table
of
contents
and
we
got
some
really
good
sections
right
stuff
on
man
in
the
middle
and
and
all
that
where-
and
I
think
I
think
cindy's
comment
is
there's.
Definitely
something
to
be
said
about.
You
know
the
the
benefits
of
of
edge
competing
for
data
locality
and
privacy,
and
she
had
another
comment
too,
which
I
think
was.
A
I
don't
know
where
it
went,
but
it
was
up
above
regarding
multi-tenancy,
and
I
think
yes,
I'm
just
not
sure
where,
like
what
to
be
done
with
those
right
there,
they're
they're
good
comments,
but
they're
short
comments,
so
I'm
letting
them
sit
for
now.
A
Okay,
so
a
reply
does:
does
anybody
know
how
to
pronounce
his
first
name?
Is
it
jono?
Is
it
jono?
Do
you
know
how
to
pronounce
his
first
name?
A
No,
okay,
I'm
gonna,
say
I'm
gonna,
say
jono
until
he
gets
on
the
call
and
identified
he
had
yeah
a
lot
of
material
here,
which
is,
I
agreed
with
him
this
section
on
the
condition
of
hardware.
A
As
I
was
writing
it
out,
I
really
ended
up
describing
more
like
how
condition
of
hardware
should
be
monitored
and
so
on,
rather
than
the
real
challenge
around
it
and-
and
he
pointed
out
the
last
paragraph
is
really
the
only
place
where
we
get
into
the
challenge.
I
think
I
just
need
to
rewrite
this
and
I'm
going
to
take
jono's
comment
and
and
then
turn
it
into
the
rework
of
the
content.
A
So
probably
good
here
to
put
a
comment:
let's
see,
heading
mode,
you
can
see
how
little
I
actually
comment
my
own
document,
because
I'm
not
actually
sure
how
to
do
this
right
here
comment
there
we
go
great
say:
hilton
will
revise
this
section.
A
Great
okay,
so
I
think
that
that
handles
that
one
then
we
get
into
okay,
so
also
from
jono
here.
So
I
liked
his
idea.
It's
really
talking
about
the
different
ways
that
you
can
tamper.
I
I
think
I
think
I
even
said
here
yeah.
I
asked
him.
You
want
to
take
a
shot
at
directly,
adding
it
in
right,
because
he's
got
like
basically
comments
that
are
full
full
sections.
A
So,
let's
see
if
he
replies
to
that
comment
with
you
know
with
the
direct
contribution,
and
that
would
be
an
effective
way
to
do
that.
A
Okay,
this
is,
I
believe,
tied
to
nope,
not
authenticity
of
hardware
to
indication
of
compromise
is
that
right?
Yes,
under
indication
of
compromise,
he
said,
I
think
there
are
two
different
ideas
that
can
be
broken
out:
first,
intrusion,
detections
systems,
blah
blah
solutions
to
the
problem
of
forming
trust
with
a
device
in
operation.
Second,
is
that
identified
as
remediation
of
a
compromised
device?
So
since
this
is
under
indication
of
compromise,
I
I
actually
am
going
to
push
back.
A
I
think
on
him
a
little
with
the
same
kind
of
comment
that
he
had
above
talking
about
like
remediation
of
a
compromised
device
kind
of
gets
into
what
you
would
do
about
it.
But
I
do
think
that
there's
something
in
here
not
sure
what
to
do
yet
with
this
comment,
something
in
here
about
expanding
this
section
to
be
to
be
better
and
maybe
I'll
just
work
with
him
directly
on
that,
unless
anybody,
unless
anything,
jumps
out
to
anybody
right.
A
So
if
at
any
point
I'm
talking
here
a
blue
streak
and
you
want
to
jump
in
anybody
and
say
like
well
hey,
why
don't
we
do
this,
then
just
interrupt
me.
So
I
think
the
resolution
there
is
to
I'm
going
to
say
why
don't
we
discuss.
B
A
See
what
he
says
to
that
okay,
he
basically
hit
us
hard
in
these
first
sections.
Then
he
eases
up
all
right.
Let's
see,
says,
supply
chain
attack
the
targeting
manufacturer
of
a
device.
That
is
true.
I
actually,
I
actually
thought
when
I
put
this
in
that
under
authenticity
of
hardware.
It
really
is
it's
not
a
problem,
unique
to
the
edge
right.
The
same
thing
could
happen
in
the
cloud
they
gave
a
couple
of
links.
I
I
definitely
want
to
avoid
being
too
wikipedia
so
not
needing
to
link
to
everything.
A
What
do
you
guys?
I
actually
would
like
to
take
a
little
opinion
on
this
one.
What
do
you
guys
think
this
is
not
really
a
unique
challenge
of
the
edge
or
do
you
think
it
is,
and
you
think
this
this
has
enough
merit
to
stay
in
this
idea
that
somebody
could
basically
sell
you
hardware
with
the
back
door.
C
So
I
I
personally
think
that
you're
at
that
point
right,
so
it's
not,
let's
say
iot
only
problem.
It
also
applies
somehow
to
hardware
as
of
of
the
cloud
for
example,
so
at
least
I
would
keep
it,
but
maybe
we
should
shorten
it
a
little
bit
or
address
it
more
explicitly
for
iot.
A
Sounds
good:
let's
let
me
put
this
as
a
reply,
or
did
he
let's
see?
Can
I
yeah
I
can
reply.
We
have
agreed
to
tighten
up
this
section
to
be
a
to
be
more
more
specific,
around
iot
edge
scenarios
and
take
into
account
your
comment,
but
this
is
a
general
supply
chain
issue,
all
right,
how's
that
sound.
That's
that's
work
to
be
done,
but
we
can
do
that
work.
A
Wait
my
cat's
chiming
in
on
the
the
work
here
we'll
see
if
he
contributes
anything
good
all
right.
That
was
that
that
one
there
so
man
in
the
middle
got
added
and-
and
I
liked
it,
I
thought
it
was
good
to
start
having
some
links
in
here.
The
quality
link
seemed
to
be
good,
and
I
thought
the
content
was.
You
know,
succinct,
but
we
can
also
expand
on
it.
Now
that
it's
in
any
objection
to
to
having
men
in
the
middle
in
in
this
section
it
might.
A
This
is
under
the
trusting
hardware.
Typically
that
falls
in
network
a
bit.
More
of
it
sorry
go
ahead.
A
Under
connected
actually
yeah
yeah,
actually
you
know
what
it
says:
it's
related
to
devices
at
the
edge
you're
right,
it's
under
the
connected
devices
and
how
to
trust
them
right,
yes,
cool!
Why
don't
we
just
tack
this
on
to
the
end
of
the
next
section?
That's
a
good
idea
depends
on
from
where
you
look
right.
D
What's
that
say
it
again
from
where
you
look
when
you,
when
you
take
a
look
from
the
edge
device
into
the
cloud,
I
would
say
it's
there,
like
trust
the
hardware
or,
if
you,
if
you,
if
your
man
in
the
middle
attack,
tries
to
attack
the
cloud
server,
it's
something
different
than
the
attacking
the
the
edge
hardware.
So
I.
A
Yeah,
do
you
think
if
we
added
it
under
the
trusting
connected
devices
at
the
end
here
and
then
change
as
well,
so
yeah
and
change
the
title,
maybe
a
little
bit
from
man
in
the
middle
and
so
we'll
call
it?
This
will
be
3.5
right
and
if
we
change
it
there
we
go
and
let's
so
let's
say:
do
we
you
want
to
call
it
like
device
man
in
the
middle.
A
Or
device
or
device
to
gateway
man
in
the
middle,
probably
yeah,
we
can
always
edit
it
again
later
yeah.
Therefore,
you
know
avoiding
kind
of
the
you
know
device
to
cloud
right:
okay,
cool!
Let's
do
I'll
do
a
refresh
real
quick
on
this
make
sure
it
picked
up
the
let's
try
to
resolve
issues
as
we
go.
Let's
see
that
worked,
and
that
worked
okay,
great
okay,
cool!
This
is
good.
This
is
good
progress,
okay,
so
we're
into
section
three.
Let
me
collapse
this
down.
How
do
I
collapse
it
down?
A
Apparently,
I
can't
okay
trusting
connected
devices.
So
what
did
we
have
any
comments
around
here?
We
did.
We
had.
Okay,
it
said
feel
like
two
different
points
deserve
to
be
addressed
separately,
or
at
least
sequentially
first
is
forming
an
identity,
and
then
second,
even
if
it
has
a
unique
identity,
challenge
that
if
it
can
be
trusted
fair
enough
fair
enough,
so
we
said
first
verifying
devices
detecting
corruption
yeah.
A
I
I
think
we
could
turn
it
into
two
different
sections
forming
a
divide:
yeah,
okay,
okay,
I'm
in
kind
of
an
agreement
with
him
here
it's
applying
an
identity
to
something
that
doesn't
have
possibly
even
any
unique
identity
right.
It's
like
a
really
inexpensive
temperature
sensor
or
something
that
that's
reporting
on
in
the
lorawan
or
whatever,
and
then
trusting
the
unique
identity.
A
Oh
yes,
it
actually
is.
Okay
templates,
given
is
great
yeah.
Well,
maybe
we
move
that
out
into
a
next
paper
or
it
can
be
reframed,
I
think
so,
then
bernhard
did
you
want
to
talk
a
little
bit
more
on
your
comment
here.
You
said
you
know,
in
your
opinion,
one
potential
solutions,
data
verification
mentioned
partly
move
it
to
3-2
and
partly
extend
care
to
add
any
more.
C
A
Okay,
so
what
if,
let's
see
I'm
thinking,
how
do
we
wanna?
How
do
we
wanna
add
some
action
to
this
if
it's
under
three
two
protecting
data
in
commands,
which
also
has
some
comments,
so
he
said
looking
at
three
one,
three
two,
I
would
suggest
only
dealing
with
the
challenge
of
device
identity
for
three
one
use
three,
two
to
talk
about.
Second
order
challenges:
identity
of
a
device
cannot
be
trusted.
Data
comes
from
the
device
cannot
be
trusted.
A
Taking
this
into
account
with
the
comments
directly
above,
we
will
add
more
of
three
one
more
of
the
three
one
content,
two
three
two
and
perhaps
expand
on
three
one
to
be
more
accurate
and
it's
all
right.
Okay,
so
like
some
a
little
bit
of
a
little
bit
of
rework
there,
this
one
had
a
lot
around
it
in
commentary.
So
mertz
do
you
want
to
describe
here.
D
D
It's
actually
quite
easy
to
attack
these
and
as
soon
as
you
are
in
an
environment,
for
example,
in
urban
environment
and
your
edge
device
sits
in
a
I
don't
know,
maybe
a
bike
or
something
like
that.
You
can
just
walk
up
there
and
attack
it
with
whatever
you
want
and
nobody's
gonna.
Stop
you
from
that.
D
Just
because
your
environment
is
so
open,
I
would
say
so.
That's
definitely
one
of
the
challenges.
I
think
I
see
on
the
edge
that
you
can't
really
control
anything
around
it
and
because
of
that,
of
course
you
can
just
start
attacking
the
communication
channel
like
zigbee
or
bluetooth,
with
whatever
you
want,
because
nobody's
gonna.
Stop
you
from
that.
A
Yeah
and
in
a
way
that
makes
sense,
then
that
it
really
should
go
under
the
network
challenges
right
because
it's
related
to
wireless,
because
you
could
do
the
same
thing
to
wi-fi
if
you
had
a
strong
enough
set
of
equipment
right,
gotcha,
gotcha,
okay!
Well,
it
looks
like
you
had
some
good
agreement
on
that
too,
and
so
I'm
going
to
put
here
well,
why
don't
we?
Why
don't
we
go
ahead
and
move
it
right
now?
Is
that
a
good
solution
to
put
it
down
under
the
network.
B
E
Yeah
in
in
this
one
or
this
more
up
there,
I'm
not
sure
quite
time
ago,.
A
All
right
all
right,
let's,
let's
see
if
we
can
find
it
here.
I
don't
see
that
many
in
here.
A
No,
unless,
unless
it
was
part
of
something
that
I
clicked
as
resolved
already
is
possible.
So
if
I
paste,
if
I
paste
in
here
at
the
end.
F
A
Okay,
excellent
and
it
brought
the
the
comments
with,
which
is
also
fine,
so
we
can
read
through
and
then,
if
we
want
to
make
edits
and
then
resolve
and
after
okay,
great
bruce
is
actually
doing.
A
A
So
that
means
that
we
are
down
to
device
management
becomes
the
new
3-3
and
the
man
in
the
middle
becomes
the
new
3-4
which
I'll
adjust
the
table
of
contents
again
middle,
so
device
management
didn't
seem
to
have
any
any
comments,
it's
good,
and
then
this
is
the
new
that
we
had
already
gone
in
and
edited
so
any
further
comments
on
section
three,
as
I
yet
again
refresh
the
table
the
contents,
I
think
that
section
got
shrunk,
but
we
were
planning
to
expand
it
as
well.
So.
A
Cool
okay,
nothing,
there
all
right!
I'd,
say
that
operating
system
was
an
area
where
I
I
felt
like
I
needed
the
most
contributions
and
help
or
one
of
the
sections
anyway.
So
let's
see
what
happened
here,
I
put
in
biosecure
boot
running
processes
binary
there
we
go
okay,
so
well,
you
made
a
very
significant
contribution.
There
delete
the
o
great
got
that
so,
let's
see
so
this
seems
very
similar
to
three
one
might
be
a
way
to
fold
these
two
together
in
that
we're
talking
about
identities.
A
Okay,
so
what
did
I
put
here?
Digital
signatures,
edge,
compute
nodes,
even
sensors,
effective
way
to
verify
the
identity,
but
they
require
a
private
key
yeah.
It's
something
a
little
more,
I'm
going
to
write
that
up.
There
is
something
a
bit
different
here
that
I
think
I
did
not
explain
quite
well
yet
I'll
take
another
shot
to
differentiate
from
oh.
Is
it
three
one?
Okay
cool?
Then,
here,
let's
see,
this
point
is
somewhat
addressed
in
two
three
physical
access
as
a
general
challenge,
yeah
might
say
so.
A
Here's
what
I
was
trying
to
get
to-
and
maybe
you
guys
have
some
idea-
how
to
do
this
better.
What
I
was
trying
to
get
at
is:
oh,
there
are
companies
making
devices
or
iot
systems,
and
you
know
all
these
different
things
where
they're
using
you
know
fixed
private
keys
as
the
solution
for
verifying
the
identity
of
the
edge
node,
but
because
those
keys
are
used,
you
know
in
not
necessarily
coming
out
of
you
know,
trusted
memory,
location
and
whatnot.
A
In
some
cases,
they're
just
right
on
disk
or
in
the
flash
memory
you
can,
you
can
get
into
the
device
and
get
the
key,
and
this
this
is
really.
The
problem
I
was
trying
to
to
address
here
is
like
you
know
you,
don't
it's
not
so
easy
to
get
into
the
the
nodes
in
a
cloud
or
data
center
environment,
and
so
it's
a
little
bit
more.
A
You
know
acceptable
to
have
a
fixed.
You
know
key,
you
know
into
the
the
os
there,
but
with
the
edge
nodes,
it's
it's.
You
got
to
think
twice
about
doing
that,
and
I
guess
that
didn't
really
come
through
here
that
that's
really
the
problem.
It's
it's
a
little
different
than
having
the
identity
get
masked
or
spoofed.
It's
more
that
the
identity.
A
A
Yeah,
that's
exactly
the
thing
is,
if
you
do
it
right,
you
know
that
you
have
this
combined
identity
right
in
which
the
separating
one
unit
from
the
other
allows.
You
know
that
can
be
detected,
but
if
not,
then
what
you
end
up
with
is
you
know
kind
of
a
false
sense
of
trust
that
that
I
wanted
to
to
have
come
through.
A
I
think
that's
worthy
of
note.
Let's,
let's
put
a
comment
in
here
on
this,
so
we
should
discuss
fixed
private
key
can
be
mixed
with
tpm
or
other.
A
Route
of
trust,
to
avoid,
I
would
call
it
a
simple
key
theft
right.
A
Cool
great,
I
think
I
think
we
should
discuss
that
a
bit
here
if
you
want
to
take
a
whack
at
adding
some
of
that
in
that
would
be
cool
and-
and
if
not,
you
can
just
put
more
in
comments
if
you'd
like
cool
okay-
let's
see
here
so
we
got
some
stuff
added
in.
Let's
see
these
consistency,
black
box,
okay-
and
I
think
I
approved
all
of
the
the
edits
here-
cool,
so
some
good
good
stuff
in
there.
A
C
Yes,
so
basically
we
have
to
change
the
color
of
the
front.
A
I
will
do
that
now
and
oh
yeah.
It
was
actually
a
fun
color
change.
Okay,
so
you
had
asked
how's
this
related
the
4-2
initial
setup.
Do
you
have
more
to
say
on
that.
C
A
Okay,
cool,
I
think,
that's
good.
I
think
I
think
I'd
like
to
merge
that
up
as
this
is
it's
worth
mentioning
where
you
describe
getting
that
that
initial
setup
verified
right.
How
about
under
logging?
Was
this
your
your
commentary
as
well,
here
too,
with
the
the
bullet
points,
because
this
was
not
a?
I
think
this
was
not
a
section
that
I
put
in
right.
You
added
all
of
logging
here.
C
Yes,
that's
true
because
what
I
at
least
from
a
cloud
perspective,
my
understanding
from
security,
is
that
you
always
end
up
in
some
sort
of
also
logging
issues,
because
one
is
first
of
all,
you
have
to
be
notified
that
something
is
going
on.
So
I
explicitly
wanted
to
have
a
dedicated
locking
session.
But
if
it's
not,
let's
say
within
the
scope
of
the
paper,
then
just
remove
it.
A
Oh,
I
think
I
think
it
I
think
it
belongs
here.
How
can
we,
let's
see
so
you
have
a
challenge
right,
which
is
logs,
have
to
protect
the
same
manner
as
regular
data.
That
is
absolutely
true.
A
So
when
you
gave
some
boundary
I'd
like
to
flesh
this
out
more,
I'm
not
quite
sure
yet
how
to
do
it,
but
I
think
you're
on
to
something
which
is
it
does
belong
here
in
the
operating
system.
You
know
your
logging
is
it's
almost
it's
a
portion
of
an
audit
trail.
A
It
is
the
beginning
of
your
ability
to
identify
if
things
are
occurring
out
of
sequence
out
of
authorization
and
if
the
logs
are
as
editable
as
you
know
the
stolen
data,
then
you
might
even
never
know
that
someone
was
in
there
right.
Yeah!
That's
exactly
the
point
great
I'm
just
going
to
put
a
note
here
that
we
can
work
on,
I'm
going
to
say:
let's
expand
this
section
with
great
content
and
and
spend
some
more
text
describing
the
difficulties
of
protecting
blogs
and
audit
well
I'll,
just
say
vlogs.
A
B
H
A
Audit
trail-
and
I
I'd
like
to
include
the
the
notion
of
vlogging
in
the
title,
but
how
about
something
like
well,
we
can
also,
we
can
just
call
it.
You
know
audit
trail
and.
A
A
A
Okay
describe.
A
Is
that
a
thing,
and
anyway,
protecting
log
files
and
audit.
A
That's
not
really
it
log
files.
A
There
we
go
information
at
the
edge
cool
great,
that's
some
good
stuff,
a
lot
of
value
there
cool,
let's
see,
and
yes,
I
would
love
to
let's
see
logging
categories,
specifically
multiple
workloads
addressing
various
security
challenges.
Yes,
I
think
you
know
hopefully
this.
If
this
paper
has
the
right
impact,
it
will
actually
trigger
a
lot
of
deeper
discussion.
I
think
it's
already
starting
to
trigger
some
good
stuff.
Well,
anything
else
in
this
section
or
are
we
do
we
have
the
right
actions
for
the
go
forward?
A
No,
for
me,
it's
fine!
Okay,
all
right,
excellent,
okay,
another
one
that
I
was
kind
of
scared
to
put
out
there,
because
I
I
feel
like
there's,
you
know
10
times
more
information
you
know
should
be
put
in
here
than
what's
in
here,
but
let's
see
how
it's
going
so
network
concerns
open
ports,
no
surprise
that
one
slid
by
great
okay,
fixed
vpns.
What
do
we
got?
A
Okay,
so
jonah
said
made
a
comment
earlier
yeah
encryption
in
the
network
section:
okay,
any
solutions
are
well
known,
accepted,
solving
issue,
preventing
full
abilities
of
data
in
transit
table
stakes
for
deploying
to
do
real
challenges.
Actually,
around
identity
or
potential
that
are
going
to
be
stolen
via
physical
access
right
and
that's
covered
earlier.
Well,
let's
see!
A
Yes,
there
was
a
little
bit
more.
I
might
reply
to
his
comment
here
with
a
little
bit
of
pushback.
A
There
was
a
little
bit
more
that
that
I
was
trying
to
get
across
here,
and
maybe
I
should
have
written
more
so
there's
an
inherent
risk
to
having
fixed
vpns
that
are
a
little
bit
different
about
the
edge
than
than
they
you
know
than
they
are
with
kind
of
like
facilities,
integration
if
you
have
a
vehicle
with
a
vpn
that
allows
it
to
share
data
with
you
know
the
you
know,
the
data
center
or
the
warehouse
facility
or
something
you
don't
normally
have
your
private
assets
that
are
connected
via
vpn
out
moving
around
this
is
this
is
a
newer
thing,
and
so
the
opportunity
for
getting
access
to
the
the
computer
hardware
in
a
vehicle
is
much
greater
than
your
your
ability
to
get
access
to
that
inside
of
a
network
or
a
factory
or
whatever.
A
So
I
thought
it
was
worth
mentioning
that
you
know
if
I'm,
if
I'm
able
to
you,
know,
connect
to
the
the
compute
node
in
the
vehicle,
possibly
just
by
you,
know,
tapping
into
it
with
a
keyboard,
and
you
know,
and
mouse
then
or
an
ssh
connection,
I'm
not
sure
what,
but,
if
you
can
get
in,
then
you
actually
are
in
some
cases
present
in
the
warehouse
system
right
or
the
data
center
system,
and
you
don't
normally
think
of
vpns
as
being
a
problem
that
way,
but
you
kind
of
have
nodes
out
in
the
world
that
are
permanently
connected.
A
You
contain
some
privileged
information,
so
that
was
my
notion
here.
What
do
you
guys
think
I
mean
I'm
also
happy
to
take
it
out
or
merge
it
in
with
stuff,
if
you
guys
don't
see
value
in
this
as
a
standalone
section.
C
Yeah,
normally
from
a
cloud-ish
perspective,
you
always
have
some
sort
of
fixed
vpns,
but
the
ips
change
dynamically.
At
that
sense-
and
you
normally,
let's
say:
change
urp
within
a
dedicated
range
to
ensure,
let's
say
a
minimum
thing
of
security,
so
well
from
my
perspective,
I'm
quite
neutral
to
fixed
vpns,
section,
okay,
okay,.
H
Yeah,
I
think
I
I
would
leave
it
in
because
it's
it's
a
valid,
a
valid
point,
so
we
are
using
vpns
at
at
some
places
and
to
just
give
a
reminder
that
there's
a
security
challenge
connected
to
that,
I
think
is-
is
worth
that
section.
Okay,.
A
Okay,
excellent,
so
I
think
what
I'll
do
here
is
I'll
reply
to
the
comment
and
say
I
will
revise
this
section
a
bit
to
include
your.
A
Concerns
but
we
have
decided
to
keep.
B
This
section
in
place,
I
will
see
if
I
can
also.
B
A
All
right
network
access
is
data.
Access
so
said,
feel
free
to
just
screen.
I
take
is
that
access
credent,
essentially
different
implementation
with
pure
identities,
and
I
suggest
we
incorporate
all
the
different
solutions
around
identity
in
a
single
section.
Okay,
that's
a
pretty
that's
a
pretty
big
change
and
then
bernhard.
You
said:
let's
move
into
section
six
x.
Could
you
tell
me
what
you
were
thinking
with
that
and
I
think,
oh,
that
was
regarding
this
one
edgemaker
services.
C
Yeah,
but
it's
just
a
question
of
favor,
because
normally
yeah,
if
you
want,
we
can
keep
it
in
five
if
you,
if
you
want
from
the
other
perspective,
since
normally
you
have
a
lot
of
of
micro
services
and
streams
and
so
on,
it
probably
makes
sense
to
put
it
to
the
micro
service
section,
which
reflected
that
point.
Some
higher
applications
that
are
running
on
the
edge
node,
just
a
basic
idea.
A
Gotcha
gotcha
yeah,
because
this
really
it
really
is
talking
about
all
about
microservices,
sending
out
right
data,
that's
unexpected
and
so
on.
I
think
I
think
let's
do
it.
Let's,
let's
put
this
under
the
the
microservices
section.
A
A
A
You
know
I
was
a
little
worried
when
I
put
this
in
that
that
it
was
almost
like
a
almost
like
an
opinion
paper
here
in
this
section,
which
is
so
much
more
than
just
just
a
a
situation
at
the
edge,
and
I
toyed
with
the
idea
of
not
putting
it
at
all,
because
the
point
I
was
trying
to
make
is
that
you
know
we
we
like
to
we
like
to
create
computer
networks
and
put
devices
on
in
order
to
you
know,
allow
for
all
different
types
of
interconnections,
but
because
of
that
it
means
that
you
know
you're.
A
You
have
devices
on
a
lan
of
which
they
maybe
use
one
or
two
services,
but
the
rest
are
there
and
maybe
you
don't
have
the
access
credentials.
So
if
you,
if
you
segment
things
properly,
it's
probably
okay.
A
The
point
I
was
trying
to
make
is
that:
do
we
really
need
to
you
know,
take
an
iot
gateway
that
is
on
a
remote
piece
of
equipment
and
really
make
it
part
of
a.
If
a
you
know
a
true
computer
network,
or
do
we
would
we
rather
be
in
some
way
connecting
the
data
coming
off
of
it?
A
You
know
where
it's
it's
a
very
it's
a
privatized
channel
or
it's
a
it's
a
you
know,
a
data
pathway
that
doesn't
necessarily
allow
any
kind
of
port
scanning
and
stuff
that
you
typically
do.
If
you
get
onto
a
network
and
see
what's
there
as
a
you
know
as
an
intruder,
but
so
I've
really
tossed
out
a
lot
here,
and
I
I
kind
of
get
it
that
that
jono
was
saying,
I'm
not
sure,
really
that
you
know
this
is.
A
This
is
necessarily
the
any
different
than
protecting
identities
and
stuff,
but
so
I'm
kind
of
open
as
to
where
what
we
do
with
this
did
anybody
think
that
this
section
made
sense
or
was
it
just
kind
of
like
a
bad
brain
dump?
For
me,.
C
At
some
sort
it
it
makes
sense
because,
for
example,
what
I
usually
do
is
when
I
verify,
for
example,
streaming
systems
and
in
that
sense
iot
is
a
streaming
system.
I
usually
open
a
telnet
session
and
grab
the
data
and
see
if
the
data
is
coming
in
or
submit
to
be
a
telnet
steering
command.
So
it's
on
at
that
point.
It
makes
sense,
because
I
need
access
to
the
network
and
yeah.
A
Okay,
so
it
sounds
like
there's.
There
really
really
is
something
around
this
that
that
that
needs
to
be
described
any
idea
how
to
improve
this.
This
section,
it's
definitely
not
not
clear
enough
that
I'm
willing
to
defend
it
as
it
stands,.
C
D
C
A
I'm
gonna,
I'm
I'm
just
feel
free
to
you,
know,
reject
the
responsibility
later,
but
it
is
going
to
think
a
bit
about
how
to.
A
Great
and
then
we'll
just
we'll
just
check
in
with
you
or
you
can
feel
free
to
reply.
Hey,
I
don't
know
what
to
do
forget
about
it,
and
then
we
can
see
what
to
do
next.
Yeah
sure.
Okay,
thanks,
let's
see
I
identity
for
verification
or
control
plane.
So,
okay,
so
this
important
consideration,
arguably
one
of
the
easier
ones.
Oh
yeah,
totally
it's.
On
the
other
hand,
the
control
plane
lives
on
the
edge
as
well.
Then
it's
susceptible
same
problems.
Right,
that's
actually
a
good
idea.
B
Edge
and.
A
Then,
let's
see.
A
Great,
let's
see
if
he
replies
there
all
right
so
then
this
is
the
comments
that
came
with
us
for
denial
of
things.
So
I
think
that
so
we've
already
got
some
good
material
here
and
we
can
review
and
I'd
see
that
doing
a
time
check.
We're
gonna
get
down
just
to
the
the
wire
here
on
finishing
this
out
this
out
as
a
working
session.
Let's
see
we
had
is
this
more
of
the
green
that
we
just
need
to
change
the
the
color?
A
G
No,
it's
it's
just,
let's
say
improvement
of
the
section,
nothing,
nothing
special
edit
excellent!
Well,
I
liked
it
when
I
read
it
so
excellent.
Great
thank.
A
You,
I
think,
we'll
do
like
that
great
cool,
let's
see
great
yeah,
so
I'm
happy
to
integrate
all
of
these
so
yep.
Thanks
for
the.
A
Totally
true
controlled
access,
so
great
we'll
get
to
that
comment
in
this
section
to
avoid
multiple
compete
against
hosts
for
the
more
encourage
that
they're
consumed
are
proactively
monitored.
A
C
Yes,
what
I
had
in
mind
when
I
read
this
this
during
guaranteed
remote
shutdown,
so
there
are
now
potentially
two,
let's
say:
schools
of
vlogging.
The
first
one
has
this
plastic
approach
where
you
have
a
dedicated
log
file
and
the
other
one
which
is
arising
through
the
area
of
big
data,
was
that
okay,
we
use
the
log
file,
basically
as
a
kafka
or
mqtt
stream.
So
I
think
in
the
sense
of
iot
it
should
be
more
or
less
a
data
stream
and
not
a
file
in
that
sense.
But
please
correct
me:
if
I'm
wrong.
A
I
actually
didn't
hear
the
last
10
seconds,
because
my
internet
connection
wasn't
so
good.
I
just
heard.
G
You
say
correct
me
if
I'm
wrong:
okay,
okay,
so
the
point
here
is.
C
C
But
this
is
just
my
impression
that
that
that's
the
reason
why
I've
made
it
as
a
command
or
command
with.
A
Gotcha,
I
think
I
think
the
the
presence
of
of
stored
log
files
at
the
edge-
and
perhaps
even
you
know,
data
used
for
data
and
logs
used
for
audit
trail
are
used.
For
you
know
analysis.
A
I
think
I
think
this
is
something
we
are
going
to
have
to
contend
with
and
and
therefore
you
know
perhaps
wanting
to
clear
these
out,
so
they
can't
be
accessed
with
you
can
if
you
know
you
detect
intrusion
or
you
want
to
decommission
a
piece
of
edge
hardware,
so
I
think
in
the
case
that
you've
described
where
they're
being
untransmitted
for
centralized
logging
then
yeah.
Definitely
we
don't
have
that
issue
right.
A
It's
the
system
of
record
is
the
is
the
receiver
right
and
when
it's
upon
receipt,
if
you
trusted
it,
then
it's
all
good
yeah.
So
I
think
I'm
gonna,
I'm
gonna
say
here.
We
should
probably
add
a.
B
Bit
of
content
regarding
the
difference
between
sending
logs
as
a
stream
to
a.
B
Centralized
recipient
versus.
A
So
probably
a
bit
more
commentary
or
content
would
probably
not
only
answer
the
question
but
help
anyone
else
who's.
Reading
I
think
and
yeah
okay,
great
all
right,
matching
microsoft
edge
hardware
that
seemed
to
work
out
okay
and
then
this
one
was
I'm
going
to
mark
this
as
resolve
because
we
moved
it
to
6x
great
okay.
We
have
a
very
full
seven
minutes
left.
A
A
Yeah
we
were
saying
we
could
publish
it
today,
but
I
think
it's
pretty
clear
that
we're
not
quite
ready
for
that.
When,
when
do
we
want
to
publish
it,
I
think
cubecons
in
a
couple
weeks,
it
would
be
really
great
to
have
it
done
by
then.
A
A
Okay,
cool
I'd,
say
we've,
you
know,
we've
said
for
a
couple
working
sessions
now
that
working
group
meetings
now
that
we
we'd
like
to
wrap
it
up
by
the
next
one.
But
I
think
in
this
case
not
only
have
we
been
faster
than
most
of
these,
both
of
these
working
group
white
papers,
but
also
we
have
kind
of
you
know
a
a
hard
deadline
that
you
know
it's
arbitrary,
but
I
think
it
makes
a
lot
of
sense.
A
Okay,
I
can
definitely
contribute
some
more
time
to
getting
this
ready
by
kubecon
will
at
that
point,
put
in
a
third
status
for
whatever
date
that
lands
on
and
say,
first
release,
first
release
version,
and
so
if
anybody
wants
to
grab
any
certain
sections
and
take
the
work
on,
maybe
just
put
your
name
on
it
with
a
comment
like
hey,
I'm
going
to
work
this
section
or
I'll
try
this
or
that
I
definitely
don't
need
it
to
be
like
a
task
queue
anywhere.
A
Where
I
put
you
know
a
direct
comment
like
I
will
or
this
or
that
I
intend
to
go
and
do
that
work,
but
this
has
been
really
great
so
far.
I'm
really
happy
with
the
the
contributions
the.
A
E
F
So
I
think
we
can
wrap
up
this
right.
So
let's
continue
on
the
slack
and
and
and
the
mailing
list
until
the
next
meeting.
G
F
Can
you
hear
me
yes,
yes,.
H
Cool,
so
so
maybe
they
are
one
one
question
for
the
the
agenda
of
upcoming
meetings.
H
Would
it
make
sense
to
or
do
do
we
still
have
this
sort
of
presentations
of
different
parties
about
edge,
iot
challenges
or
approaches,
or
whatever.
H
So
so
would
it
make
sense,
maybe
in
in
one
of
the
next
meetings
to
present
our
current
status
and
and
the
things
that
we
have
investigated,
especially
these
things
regarding
this
network
awareness,
yeah
and
scheduling
so
yeah.
F
Also
one
of
the
things
I
think
that
the
next
meeting
will
will
overlap
with
the
with
the
kubecon
eu.
So
I
I
don't
know
how
much
people
will
actually
attend.
So
maybe
that's
something
I
I
can
you
know
start
the
discussion
on
the
slack
and
see
if
you
should
reschedule
something
around
it,
but
okay,
but
for
the
topic.
Yes,
absolutely.
H
So
maybe
I
would
suggest
since
srina
the
colleague
of
mine
will
be
there.
You
will
be
also
there
at
the
cuba
yeah
okay,
so
maybe
you
can
discuss
a
little
bit
and
he
can
share
some.