* 2021 ** 2021-W03 *** 2021-01-21 Thursday **** IN-PROGRESS code jwt-service :work: [2021-01-21 Thu 14:19] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*prepare standup bulletpoints for meeting][prepare standup bulletpoints for meeting]] *** 2021-01-22 Friday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-22 Fri 18:49] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-----------------------------+--------+---+------+------| | | | *Total time* | *8:56* | | | | |------------------------+------+-----------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-22 Friday][2021-01-22 Friday]] | | | 8:56 | | | [2021-01-22 Fri 09:52] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*refacto jwt-service][refacto jwt-service]] | | | | 8:56 | #+END: **** IN-PROGRESS refacto jwt-service :work: :LOGBOOK: CLOCK: [2021-01-22 Fri 09:53]--[2021-01-22 Fri 18:49] => 8:56 :END: [2021-01-22 Fri 09:52] - ref :: ** 2021-W04 #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-01 Mon 14:47] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------------+---------------------------------------------+---------+-------+-------+------| | | | *Total time* | *41:38* | | | | |------------------------+--------------------+---------------------------------------------+---------+-------+-------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W04][2021-W04]] | | 41:38 | | | | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-25 Monday][2021-01-25 Monday]] | | | 7:28 | | | [2021-01-25 Mon 19:23] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Posture Onboarding][Posture Onboarding]] | | | | 0:38 | | [2021-01-25 Mon 15:04] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*cleanup jwt extract feedback][cleanup jwt extract feedback]] | | | | 4:19 | | [2021-01-25 Mon 14:36] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*refacto JWT extraction reviews][refacto JWT extraction reviews]] | | | | 0:15 | | [2021-01-25 Mon 10:16] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat issues org][morning chat issues org]] | | | | 2:16 | | [2021-01-26 Tue 19:06] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-26 Tuesday][2021-01-26 Tuesday]] | | | 9:03 | | | [2021-01-26 Tue 10:36] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Victors UncaughtExceptionHandler][Victors UncaughtExceptionHandler]] | | | | 8:29 | | [2021-01-26 Tue 10:16] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*PR review][PR review]] | | | | 0:06 | | [2021-01-26 Tue 09:47] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Weekly meeting Presentation][Weekly meeting Presentation]] | | | | 0:28 | | [2021-01-27 Wed 22:01] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-27 Wednesday][2021-01-27 Wednesday]] | | | 10:59 | | | [2021-01-27 Wed 18:22] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration workflow presentation][CSA Migration workflow presentation]] | | | | 2:10 | | [2021-01-27 Wed 17:26] | interruption, work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Helping Jessica Bair about client][Helping Jessica Bair about client]] | | | | 0:54 | | [2021-01-27 Wed 16:01] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*weekly dev meeting][weekly dev meeting]] | | | | 1:25 | | [2021-01-27 Wed 12:07] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration notes preparation][CSA Migration notes preparation]] | | | | 3:54 | | [2021-01-27 Wed 09:31] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] | | | | 2:36 | | [2021-01-28 Thu 18:09] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-28 Thursday][2021-01-28 Thursday]] | | | 8:09 | | | [2021-01-28 Thu 09:52] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration API PoC preparation][CSA Migration API PoC preparation]] | | | | 8:09 | | [2021-01-29 Fri 17:46] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-29 Friday][2021-01-29 Friday]] | | | 5:59 | | | [2021-01-29 Fri 15:47] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create Client for Vitalii in TEST][create Client for Vitalii in TEST]] | | | | 1:59 | | [2021-01-29 Fri 15:46] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*provisionning API][provisionning API]] | | | | 4:00 | #+END: *** 2021-01-25 Monday **** MEETING Posture Onboarding :work:meeting: :LOGBOOK: CLOCK: [2021-01-25 Mon 19:24]--[2021-01-25 Mon 20:02] => 0:38 :END: [2021-01-25 Mon 19:23] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*cleanup jwt extract feedback][cleanup jwt extract feedback]] ***** Notes Martin, Trapani, Didi, Jyoti, Elias, Mirabell, Guillaume @Martin: I am a customer of SecureX Sources (inTune, AMP, Custom, JAMF, Duo, Meraki) Creating the inventory on their behalf. Active AMP, should be onboarded in SecureX. Onboard device managers, Meraki, etc... Into "my" SecureX Tenant. Extra credit if we can do this with OAuth2. Most important make a connection here. - email exchange. @Jyoti @Martin Vault service and what is authorized between services. APIs underneath @Didi webhook to push changes. Ask the vault. Return keys, etc... We need continuation. @Didi Google, trusts, etc... @Martin onboarding, revocation, What about notification? @Didi that's the idea of continuous data flow. Bidirectional webhooks. Some services will need to have webhooks. Orbital webehook is a very good example. You go into orbital, you register webhook. And webhook is triggered. @Elias to Didi use cases? @Martin - continuous flow of data? need to describe use cases. **** DONE cleanup jwt extract feedback :work: :LOGBOOK: CLOCK: [2021-01-25 Mon 15:04]--[2021-01-25 Mon 19:23] => 4:19 :END: [2021-01-25 Mon 15:04] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*commander les fruits & légumes][commander les fruits & légumes]] **** DONE refacto JWT extraction reviews :work: :LOGBOOK: CLOCK: [2021-01-25 Mon 14:36]--[2021-01-25 Mon 14:51] => 0:15 :END: [2021-01-25 Mon 14:36] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat issues org][morning chat issues org]] **** CHAT morning chat issues org :work:chat: :LOGBOOK: CLOCK: [2021-01-25 Mon 10:00]--[2021-01-25 Mon 12:16] => 2:16 :END: [2021-01-25 Mon 10:16] - ref :: *** 2021-01-26 Tuesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-26 Tue 19:06] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------+------------------------------------------+--------+---+------+------| | | | *Total time* | *9:03* | | | | |------------------------+--------------+------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-26 Tuesday][2021-01-26 Tuesday]] | | | 9:03 | | | [2021-01-26 Tue 10:36] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Victors UncaughtExceptionHandler][Victors UncaughtExceptionHandler]] | | | | 8:29 | | [2021-01-26 Tue 10:16] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*PR review][PR review]] | | | | 0:06 | | [2021-01-26 Tue 09:47] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Weekly meeting Presentation][Weekly meeting Presentation]] | | | | 0:28 | #+END: **** REVIEW Victors UncaughtExceptionHandler :work:review: :LOGBOOK: CLOCK: [2021-01-26 Tue 10:37]--[2021-01-26 Tue 19:06] => 8:29 :END: [2021-01-26 Tue 10:36] **** GEEK Try to write JS warn in dashboard :perso: :LOGBOOK: CLOCK: [2021-01-26 Tue 10:22]--[2021-01-26 Tue 10:32] => 0:10 :END: [2021-01-26 Tue 10:22] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Weekly meeting Presentation][Weekly meeting Presentation]] **** REVIEW PR review :work:review: :LOGBOOK: CLOCK: [2021-01-26 Tue 10:16]--[2021-01-26 Tue 10:22] => 0:06 :END: [2021-01-26 Tue 10:16] **** DONE Weekly meeting Presentation :work: :LOGBOOK: CLOCK: [2021-01-26 Tue 09:47]--[2021-01-26 Tue 10:15] => 0:28 :END: [2021-01-26 Tue 09:47] ***** Weekly Status - Extracted a JWT service - Added audiences as an array. Does not appear to break anything - Updated the SSE OIDC Clients to support CSA Migration - Contacted QA for testing CSA Migration, Houman will probably ping me today. + Testing CSA Migration ***** Tech notes worth seeing by the team ****** naming conventions After a few discussions choose a project/ns naming convention for the =iroh-service= lein template. We do not really have one. Selected this conventions because it is: - shorter than most actual used conventions - iroh specific to make it clear a ns is iroh related. Need to find files via path, not just its name. Sounds ok to me. For an example look at the jwt service: - =project.clj=: ~(defproject iroh/foo ,,,,)~ - =src/iroh/foo/service.clj= => ~(ns iroh.foo.service ,,,)~ - =src/iroh/foo/web_service.clj= => ~(ns iroh.foo.web-service ,,,)~ - =test/iroh/foo/service/test_helpers.clj= => ~(ns iroh.foo.service.test-helpers ,,,)~ I don't think we should move the existing code to the new conventions yet. But new services should probably try to follow this convention. ****** Refacto Plan: Testing web services and cycles. Example: #+begin_src clojure (deftest my-web-service-test (tk-test app svc-helper (let [{:keys [mk-jwt svc-get client-post]} (init-tst-state app "/iroh/my-service") jwt (mk-jwt {}) jwt-admin (mk-jwt {:role roles/admin})] (check-status 403 (svc-get "/sub-route" jwt {})) (check-status 200 (svc-get "/sub-route" jwt-admin {})) (check-status 200 (client-post "/sub-route" jwt {:form-parms {:foo "bar"}}))))) #+end_src See a few =init-tst-state= examples which uses =get-jetty-port=, =mk-http-callers=, =iroh-web.test-helpers.core/gen-jwt=. Takes care of: - starting the web app on a random port. - providing functions to make http call - narrowed to your service (svc-get, svc-post, etc...) - narrowed only the localhost:PORT (client-get, client-post, etc...) - providing a jwt generator. **** GEEK org-fc conf for doom-emacs :perso: :LOGBOOK: CLOCK: [2021-01-26 Tue 09:39]--[2021-01-26 Tue 09:47] => 0:08 :END: [2021-01-26 Tue 09:39] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*bouteilles][bouteilles]] *** 2021-01-27 Wednesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-27 Wed 22:01] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------------+---------------------------------------------+---------+---+-------+------| | | | *Total time* | *10:59* | | | | |------------------------+--------------------+---------------------------------------------+---------+---+-------+------| | | | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-27 Wednesday][2021-01-27 Wednesday]] | | | 10:59 | | | [2021-01-27 Wed 18:22] | work, meeting | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration workflow presentation][CSA Migration workflow presentation]] | | | | 2:10 | | [2021-01-27 Wed 17:26] | interruption, work | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Helping Jessica Bair about client][Helping Jessica Bair about client]] | | | | 0:54 | | [2021-01-27 Wed 16:01] | work, meeting | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*weekly dev meeting][weekly dev meeting]] | | | | 1:25 | | [2021-01-27 Wed 12:07] | work | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration notes preparation][CSA Migration notes preparation]] | | | | 3:54 | | [2021-01-27 Wed 09:31] | work, chat | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] | | | | 2:36 | #+END: **** MEETING CSA Migration workflow presentation :work:meeting: :LOGBOOK: CLOCK: [2021-01-27 Wed 18:22]--[2021-01-27 Wed 20:32] => 2:10 :END: [2021-01-27 Wed 18:22] AMP accounts, TG accounts, SSE devices, Orbital Prepare a reset system to reset to before migration. **** DONE Helping Jessica Bair about client :interruption:work: :LOGBOOK: CLOCK: [2021-01-27 Wed 17:27]--[2021-01-27 Wed 18:21] => 0:54 :END: [2021-01-27 Wed 17:26] **** MEETING weekly dev meeting :work:meeting: :LOGBOOK: CLOCK: [2021-01-27 Wed 16:01]--[2021-01-27 Wed 17:26] => 1:25 :END: [2021-01-27 Wed 16:01] - Talk about dahsboard **** DONE CSA Migration notes preparation :work: :LOGBOOK: CLOCK: [2021-01-27 Wed 12:07]--[2021-01-27 Wed 16:01] => 3:54 :END: [2021-01-27 Wed 12:07] - [[https://github.com/threatgrid/iroh/issues/4203][Main Epic]] - https://cisco.invisionapp.com/share/MBYJ09WXP3F#/screens/429343341 - [[file:~/dev/iroh/services/iroh-auth/doc/developer.org::#sxso-migration][SxSO Migration IROH Auth dev docs]] **** CHAT morning chat :work:chat: :LOGBOOK: CLOCK: [2021-01-27 Wed 09:31]--[2021-01-27 Wed 12:07] => 2:36 :END: [2021-01-27 Wed 09:31] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*PR review][PR review]] *** 2021-01-28 Thursday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-28 Thu 18:09] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-------------------------------------------+--------+---+------+------| | | | *Total time* | *8:09* | | | | |------------------------+------+-------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-28 Thursday][2021-01-28 Thursday]] | | | 8:09 | | | [2021-01-28 Thu 09:52] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration API PoC preparation][CSA Migration API PoC preparation]] | | | | 8:09 | #+END: **** DONE CSA Migration API PoC preparation :work: :LOGBOOK: CLOCK: [2021-01-29 Fri 15:46]--[2021-01-29 Fri 15:46] => 0:00 CLOCK: [2021-01-28 Thu 10:50]--[2021-01-28 Thu 18:09] => 7:19 CLOCK: [2021-01-28 Thu 09:52]--[2021-01-28 Thu 10:42] => 0:50 :END: [2021-01-28 Thu 09:52] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration workflow presentation][CSA Migration workflow presentation]] *** 2021-01-29 Friday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-29 Fri 17:46] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-------------------------------------------+--------+---+------+------| | | | *Total time* | *5:59* | | | | |------------------------+------+-------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-29 Friday][2021-01-29 Friday]] | | | 5:59 | | | [2021-01-29 Fri 15:47] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create Client for Vitalii in TEST][create Client for Vitalii in TEST]] | | | | 1:59 | | [2021-01-29 Fri 15:46] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*provisionning API][provisionning API]] | | | | 4:00 | #+END: **** IN-PROGRESS create Client for Vitalii in TEST :work: :LOGBOOK: CLOCK: [2021-01-29 Fri 15:47]--[2021-01-29 Fri 17:46] => 1:59 :END: [2021-01-29 Fri 15:47] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*provisionning API][provisionning API]] **** DONE provisionning API :work: :LOGBOOK: CLOCK: [2021-01-29 Fri 14:16]--[2021-01-29 Fri 15:46] => 1:30 CLOCK: [2021-01-29 Fri 09:46]--[2021-01-29 Fri 12:16] => 2:30 :END: [2021-01-29 Fri 15:46] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration API PoC preparation][CSA Migration API PoC preparation]] ** 2021-W05 *** 2021-02-01 Monday **** IN-PROGRESS enforce whoami db check to sync users. :work: :LOGBOOK: CLOCK: [2021-02-01 Mon 17:19]--[2021-02-01 Mon 18:19] => 1:00 :END: [2021-02-01 Mon 17:19] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*fix iroh-auth doc regarding jwks][fix iroh-auth doc regarding jwks]] **** DONE fix iroh-auth doc regarding jwks :work: :LOGBOOK: CLOCK: [2021-02-01 Mon 10:35]--[2021-02-01 Mon 14:53] => 4:18 :END: [2021-02-01 Mon 10:35] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Améliorer son Anglais (bis) (italki)][Améliorer son Anglais (bis) (italki)]] *** 2021-02-02 Tuesday **** IN-PROGRESS Testing CSA Migration :work: :LOGBOOK: CLOCK: [2021-02-02 Tue 10:42]--[2021-02-03 Wed 10:11] => 23:29 :END: [2021-02-02 Tue 10:42] **** DONE morning routine :work: :LOGBOOK: CLOCK: [2021-02-02 Tue 09:48]--[2021-02-02 Tue 10:42] => 0:54 :END: [2021-02-02 Tue 09:48] *** 2021-02-03 Wednesday **** IN-PROGRESS CORS headers bug :work: :LOGBOOK: CLOCK: [2021-02-03 Wed 14:42]--[2021-02-04 Thu 10:24] => 19:42 :END: [2021-02-03 Wed 14:42] - ref :: **** DONE IdP Migration Testing :work: :LOGBOOK: CLOCK: [2021-02-03 Wed 10:11]--[2021-02-03 Wed 10:11] => 0:00 :END: [2021-02-03 Wed 10:11] Note quite complex workflow but worked as expected. Had the "You are in the middle of an Invitation" prompt. *** 2021-02-04 Thursday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-04 Thu 19:00] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------+------------------------------------------+--------+---+------+------| | | | *Total time* | *9:46* | | | | |------------------------+---------------+------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-02-04 Thursday][2021-02-04 Thursday]] | | | 9:46 | | | [2021-02-04 Thu 17:32] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*didi Posture][didi Posture]] | | | | 1:28 | | [2021-02-04 Thu 10:25] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning review tour][morning review tour]] | | | | 7:07 | | [2021-02-04 Thu 10:24] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*test and discussion about CSA Migration][test and discussion about CSA...]] | | | | 1:11 | #+END: **** MEETING didi Posture :work:meeting: :LOGBOOK: CLOCK: [2021-02-04 Thu 17:32]--[2021-02-04 Thu 19:00] => 1:28 :END: [2021-02-04 Thu 17:32] Best user experience, etc.. Create a response issue about OAuth2/OIDC/trusted clients. #+begin_src { "scopes": [ "openid","profile" ], "description": "string", "redirects": [ "https://127.0.0.1:5443/callback" ], "availability": "everyone", "name": "int-posture-test", "grants": [ "auth-code" ], "audiences": [ "posture" ] } #+end_src **** REVIEW morning review tour :work:review: :LOGBOOK: CLOCK: [2021-02-04 Thu 10:25]--[2021-02-04 Thu 17:32] => 7:07 :END: [2021-02-04 Thu 10:25] **** DONE test and discussion about CSA Migration :work: :LOGBOOK: CLOCK: [2021-02-04 Thu 09:14]--[2021-02-04 Thu 10:25] => 1:11 :END: [2021-02-04 Thu 10:24] *** 2021-02-05 Friday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-05 Fri 13:58] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------+-------------------------------------------+--------+---+------+------| | | | *Total time* | *2:59* | | | | |------------------------+--------------+-------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-02-05 Friday][2021-02-05 Friday]] | | | 2:59 | | | | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Team discussion][Team discussion]] | | | | 0:36 | | [2021-02-05 Fri 11:34] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Ambrose review][Ambrose review]] | | | | 0:28 | | [2021-02-05 Fri 09:49] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Client creation review with Diana][Client creation review with Diana]] | | | | 1:55 | #+END: **** IN-PROGRESS playing? :work: :LOGBOOK: CLOCK: [2021-02-05 Fri 13:57]--[2021-02-05 Fri 14:57] => 1:00 :END: [2021-02-05 Fri 13:57] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Ambrose review][Ambrose review]] **** CHAT Team discussion :work:chat: :LOGBOOK: CLOCK: [2021-02-05 Fri 11:42]--[2021-02-05 Fri 12:18] => 0:36 **** REVIEW Ambrose review :work:review: :LOGBOOK: CLOCK: [2021-02-05 Fri 11:14]--[2021-02-05 Fri 11:42] => 0:28 :END: [2021-02-05 Fri 11:34] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Client creation review with Diana][Client creation review with Diana]] **** CHAT Client creation review with Diana :work:chat: :LOGBOOK: CLOCK: [2021-02-05 Fri 09:19]--[2021-02-05 Fri 11:14] => 1:55 :END: [2021-02-05 Fri 09:49] - ref :: https://ui-staging.int.iroh.site/platform/sx-help-docs-1-66-db/help/settings-api-clients Hi Diana, Thanks for reaching out. While reviewing the doc, I also checked the second screenshot. I think it should be changed by another one. The screenshot was made by a super user, so the scopes displayed are private one that none of our customer will ever see. The main difference between a "Client Credentials Grant Client" and an "Authorization Code Grant Client" (those are the technically correct and kind of bad names for the two different kind of clients) is that: 1. /Client Credentials Grant Client/ are for your user only. Also you do not need to own a website. 2. /Authorization Code Grant Client/ can be used to ask other users to trust your application. You need to have a website to host your application. The reason why a customer would want to configure an /Authorization Code Grant Client/ could be: 1. The customer follow a documentation provided by Cisco to integrate a on-premise product. In that case, the customer will probably need to only select a /client-preset/ and enter a custom /Redirect URL/. 2. The customer want to build an integration with SecureX. In this case this will be an advanced usage and the creator will probably be a developer. In this case the advanced developer doc should be mentionned for that customer. https://visibility.amp.cisco.com/iroh/doc/iroh-auth/ So both kind of clients are sufficiently different that I think the section about "Using API Client Credentials to Get Access Token" should be moved just after the API client creation section and before OAuth Code client creation section. Also Explaining how to retrieve the access token from a Authorization Code Grant client is quite a technically advanced topic. This is why I would advise to directly provide a link to the advanced developer doc (the one inside IROH not the Cisco DEVNET; thus https://visibility.amp.cisco.com/iroh/doc/iroh-auth/) So I think it is important to mention important limitations about those client creations. There is a notion of "Auto-approved clients". So a customer will be able to create clients but if some criteria are not met the client will be disabled until an IROH admin approve the client. I think this should probably need to be talked about with someone in the UI/UX team. This system was very convenient for our advanced usage, but I don't know how to handle that nicely in the UI. So here are (some) of the constraints a newly client must have to be automatically approved: 1. The URL must start with =https://= 2. The URL must not contain any wildcard =*= 3. The Availabily must not be =everyone= 4. The client contain some restricted scope (this should never occurs as the UI take care to show only scopes not subject to restriction) 5. The client must not be =public= (the UI does not appear to provide the confidential vs public option) 6. The client configure a list of specific =audiences= (the UI does not appear to provide any mean to configure this field) I think for the documentation perspective we should only be concerned by point 1, 2 and 3. And this should probably be mentionned. I think we could probably give a few hints. So in your point 6 > Enter the Redirect URL that the authorization server uses to redirect back to the application. > Click Add another Redirect URL to enter multiple URLs. I think you should probably mention that all URL must start with =https://= and should not contain any =*=. And for point 7 > Choose the Availability from the drop-down list. You can make the client > available to User, Organization, or Everyone. You should probably mention that selecting Everyone is subject to approval and will need the intervention of a Cisco Administrator to approve your client. We should probably add a short sentence explaining what is Availbility for. This is not an OAuth2 standard field. Availabilty "Org" mean that only member of your own Organization will be able to approve your client and this should probably be your default choice. I hope I have been helpful. Do not hesitate to reach out if you have more questions. ** 2021-W06 *** 2021-02-08 Monday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-08 Mon 19:45] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------+----------------------------------+--------+---+------+------| | | | *Total time* | *7:36* | | | | |------------------------+---------------+----------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-02-08 Monday][2021-02-08 Monday]] | | | 7:36 | | | [2021-02-08 Mon 17:01] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration meeting][CSA Migration meeting]] | | | | 2:44 | | [2021-02-08 Mon 12:08] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Module configuration doc][Module configuration doc]] | | | | 4:52 | #+END: **** MEETING CSA Migration meeting :work:meeting: :LOGBOOK: CLOCK: [2021-02-08 Mon 17:01]--[2021-02-08 Mon 19:45] => 2:44 :END: [2021-02-08 Mon 17:01] - ref :: Problem with prefixes. Here is the fix: https://github.com/threatgrid/iroh/pull/4763 **** REVIEW Module configuration doc :work:review: :LOGBOOK: CLOCK: [2021-02-08 Mon 12:09]--[2021-02-08 Mon 17:01] => 4:52 :END: [2021-02-08 Mon 12:08] - ref :: https://github.com/threatgrid/response/blob/master/features/platform/module_activation.png *** 2021-02-10 Wednesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-10 Wed 15:25] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------+-----------------------------------------+--------+---+------+------| | | | *Total time* | *3:19* | | | | |------------------------+--------------+-----------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-02-10 Wednesday][2021-02-10 Wednesday]] | | | 3:19 | | | [2021-02-10 Wed 15:23] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Victor PR about build speed-up][Victor PR about build speed-up]] | | | | 1:14 | | [2021-02-10 Wed 11:01] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*write weekly status][write weekly status]] | | | | 0:34 | | [2021-02-10 Wed 10:18] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Jyoti CSA Migration, Account Activation Simplification][Jyoti CSA Migration, Account...]] | | | | 1:31 | #+END: **** IN-PROGRESS Document SBG single account :work: :LOGBOOK: CLOCK: [2021-02-10 Wed 17:06]--[2021-02-10 Wed 18:06] => 1:00 :END: [2021-02-10 Wed 17:06] - ref :: [[file:~/dev/iroh/int-modules/amp-investigate/src/amp_investigate/events.clj::(ns amp-investigate.events]] **** DONE Prepare meeting :work: :LOGBOOK: CLOCK: [2021-02-10 Wed 15:26]--[2021-02-10 Wed 17:06] => 1:40 :END: [2021-02-10 Wed 15:26] 1. How's everyone? Good, Great, Bad, Sad? 2. Short daily stand up. - Done - Doing - need help **** REVIEW Victor PR about build speed-up :work:review: :LOGBOOK: CLOCK: [2021-02-10 Wed 14:10]--[2021-02-10 Wed 15:24] => 1:14 :END: [2021-02-10 Wed 15:23] **** DONE write weekly status :work: :LOGBOOK: CLOCK: [2021-02-10 Wed 11:01]--[2021-02-10 Wed 11:35] => 0:34 :END: [2021-02-10 Wed 11:01] - CSA Migration work: - Implemented a PoC for plan B (migration via provisioning API) - Tested the PoC using Vitalii work on AMP team - Jyoti/QA/AMP Team tests (engineering) - Propose other improvements (write a long detailed document about possibilities to help Elias think about what is possible) **** CHAT Jyoti CSA Migration, Account Activation Simplification :work:chat: :LOGBOOK: CLOCK: [2021-02-10 Wed 09:30]--[2021-02-10 Wed 11:01] => 1:31 :END: [2021-02-10 Wed 10:18] - ref :: *** 2021-02-11 Thursday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-11 Thu 14:17] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------+--------------------------------------------+--------+---+------+------| | | | *Total time* | *2:37* | | | | |------------------------+--------------+--------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-02-11 Thursday][2021-02-11 Thursday]] | | | 2:37 | | | [2021-02-11 Thu 11:00] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*write doc for Auth/Id improvements][write doc for Auth/Id improvements]] | | | | 1:07 | | [2021-02-11 Thu 09:10] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*multiple reviews and comment][multiple reviews and comment]] | | | | 1:30 | #+END: **** IN-PROGRESS write doc for Auth/Id improvements :work: :LOGBOOK: CLOCK: [2021-02-11 Thu 14:17]--[2021-02-15 Mon 11:20] => 93:03 CLOCK: [2021-02-11 Thu 11:00]--[2021-02-11 Thu 12:07] => 3:17 :END: [2021-02-11 Thu 11:00] **** REVIEW multiple reviews and comment :work:review: :LOGBOOK: CLOCK: [2021-02-11 Thu 09:10]--[2021-02-11 Thu 10:40] => 1:30 :END: [2021-02-11 Thu 09:10] ** 2021-W07 *** 2021-02-15 Monday **** IN-PROGRESS Authentication, ID, Activation Optimisation :work: :LOGBOOK: CLOCK: [2021-02-15 Mon 11:20]--[2021-02-16 Tue 09:07] => 21:47 :END: [2021-02-15 Mon 11:20] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*managed IdP vs non-managed IdP and org-ids][managed IdP vs non-managed IdP and org-ids]] *** 2021-02-16 Tuesday **** DONE create OAuth2 clients for Vitalii in PROD :work: :LOGBOOK: CLOCK: [2021-02-16 Tue 16:34]--[2021-02-16 Tue 16:35] => 0:01 :END: [2021-02-16 Tue 16:34] - ref :: [[file:~/dev/iroh/services/iroh-auth/test/iroh_auth/iroh_auth_web_service_test.clj:::expect-merge? true]] **** DONE update SSE clients :work: :LOGBOOK: CLOCK: [2021-02-16 Tue 15:22]--[2021-02-16 Tue 16:34] => 1:12 :END: [2021-02-16 Tue 15:22] - ref :: [[orgit:~/dev/iroh/][~/dev/iroh/ (magit-status)]] ***** NAM client-id: client-3e55e6a3-4561-4733-b380-ffbd94733ba1 #+begin_src js { "scopes": [ "integration", "private-intel", "admin", "profile", "inspect", "iroh-master", "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel", "collect", "response", "ui-settings", "openid", "ao" ], "description": "PROD NAM Environment for Security Services Exchange Admin Console", "approved?": true, "redirects": [ "https://admin.sse.itd.cisco.com/*/*", "https://admin.sse.itd.cisco.com/*/*/*", "https://admin.sse.itd.cisco.com/*", "https://admin.sse.itd.cisco.com/*/*/*/*", "https://devops.sse.itd.cisco.com/*/*", "https://devops.sse.itd.cisco.com/*/*/*", "https://devops.sse.itd.cisco.com/*", "https://devops.sse.itd.cisco.com/*/*/*/*" ], "availability": "everyone", "access-token-lifetime-in-sec": 86400, "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "idb-amp": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ], "password": "$s0$f0801$yjznqcXJR2qIloN/JFc4LQ==$FPuIlE/C5Pk/vVG+VVJeTos5UtV5HPhDveM3T/m4wAg=", "id-token-lifetime-in-sec": 86400, "name": "sse-ui-prod-nam-client", "org-id": "576c9ad4-7820-44ca-9d5e-6ca678eadcd1", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-3e55e6a3-4561-4733-b380-ffbd94733ba1", "approval-status": "approved", "owner-id": "d697511a-9164-49d0-8c7b-a5c1a11fb25d", "created-at": "2020-02-03T13:48:54.758Z" } #+end_src ****** PATCH #+begin_src js { "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "idb-amp": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "idb-amp": "AMP" }, "default-value": "AMP", "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ] } #+end_src ***** EU become master: user-id: 080c8271-e1c7-4fe6-b6e2-bc1fda123432 done. #+begin_src js { "scopes": [ "integration", "private-intel", "admin", "profile", "inspect", "iroh-master", "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel", "collect", "response", "ui-settings", "openid", "ao" ], "description": "PROD EU Environment for Security Services Exchange Admin Console", "approved?": true, "redirects": [ "https://admin.eu.sse.itd.cisco.com/*/*", "https://admin.eu.sse.itd.cisco.com/*/*/*", "https://admin.eu.sse.itd.cisco.com/*", "https://admin.eu.sse.itd.cisco.com/*/*/*/*", "https://devops.eu.sse.itd.cisco.com/*/*", "https://devops.eu.sse.itd.cisco.com/*/*/*", "https://devops.eu.sse.itd.cisco.com/*", "https://devops.eu.sse.itd.cisco.com/*/*/*/*" ], "availability": "everyone", "access-token-lifetime-in-sec": 86400, "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-EU", "idb-amp": "AMP-EU" }, "default-value": "AMP-EU", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ], "password": "$s0$f0801$yjznqcXJR2qIloN/JFc4LQ==$FPuIlE/C5Pk/vVG+VVJeTos5UtV5HPhDveM3T/m4wAg=", "id-token-lifetime-in-sec": 86400, "name": "sse-ui-prod-eu-client", "org-id": "576c9ad4-7820-44ca-9d5e-6ca678eadcd1", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-3e55e6a3-4561-4733-b380-ffbd94733ba1", "approval-status": "approved", "owner-id": "d697511a-9164-49d0-8c7b-a5c1a11fb25d", "created-at": "2020-02-03T13:48:54.758Z" } #+end_src PATCH #+begin_src js { "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-EU", "idb-amp": "AMP-EU" }, "default-value": "AMP-EU", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-EU", "idb-amp": "AMP-EU" }, "default-value": "AMP-EU", "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ]} #+end_src ***** APJC Become master: user-id: b19d5dea-5aa4-4265-b42d-9acc1e913f01 done. ****** Client client-3e55e6a3-4561-4733-b380-ffbd94733ba1 #+begin_src js { "scopes": [ "integration", "private-intel", "admin", "profile", "inspect", "iroh-master", "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel", "collect", "response", "ui-settings", "openid", "ao" ], "description": "PROD APJC Environment for Security Services Exchange Admin Console", "approved?": true, "redirects": [ "https://admin.apj.sse.itd.cisco.com/*/*", "https://admin.apj.sse.itd.cisco.com/*/*/*", "https://admin.apj.sse.itd.cisco.com/*", "https://admin.apj.sse.itd.cisco.com/*/*/*/*", "https://devops.apj.sse.itd.cisco.com/*/*", "https://devops.apj.sse.itd.cisco.com/*/*/*", "https://devops.apj.sse.itd.cisco.com/*", "https://devops.apj.sse.itd.cisco.com/*/*/*/*", "https://devops.apj.sse.itd.cisco.com" ], "availability": "everyone", "access-token-lifetime-in-sec": 86400, "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-APJ", "idb-amp": "AMP-APJ" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ], "password": "$s0$f0801$yjznqcXJR2qIloN/JFc4LQ==$FPuIlE/C5Pk/vVG+VVJeTos5UtV5HPhDveM3T/m4wAg=", "id-token-lifetime-in-sec": 86400, "name": "sse-ui-prod-apjc-client", "org-id": "576c9ad4-7820-44ca-9d5e-6ca678eadcd1", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-3e55e6a3-4561-4733-b380-ffbd94733ba1", "approval-status": "approved", "owner-id": "d697511a-9164-49d0-8c7b-a5c1a11fb25d", "created-at": "2020-02-03T13:48:54.758Z" } #+end_src PATCH #+begin_src js { "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-APJ", "idb-amp": "AMP-APJ" }, "default-value": "AMP-APJ", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-APJ", "idb-amp": "AMP-APJ" }, "default-value": "AMP-APJ", "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ] } #+end_src ****** Client client-92258bc0-196a-4f6c-a0b5-fe105de5f505 #+begin_src js { "scopes": [ "integration", "private-intel", "admin", "profile", "inspect", "iroh-master", "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel", "collect", "response", "ui-settings", "openid", "ao" ], "description": "PROD APJC Environment for Security Services Exchange Admin Console", "approved?": true, "redirects": [ "http://localhost:*/*", "https://localhost:*/*/*/*", "https://localhost:*/*/*", "https://admin.apj.sse.itd.cisco.com/*/*", "https://admin.apj.sse.itd.cisco.com/*/*/*", "https://admin.apj.sse.itd.cisco.com/*", "https://admin.apj.sse.itd.cisco.com/*/*/*/*", "https://localhost:*", "http://localhost:*/*/*/*", "https://localhost:*/*", "http://localhost:*/*/*", "http://localhost:*" ], "availability": "everyone", "access-token-lifetime-in-sec": 86400, "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "companyId", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin" }, "default-value": "admin", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ], "password": "$s0$f0801$1oB9uodlfkUpACx2HNnVcQ==$eLNMiORI5R4jCWZp40fGyQvU59bqigGtwoYr8f7cVzU=", "id-token-lifetime-in-sec": 86400, "name": "sse-ui-dev-client", "org-id": "63489cf9-561c-4958-a13d-6d84b7ef09d4", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-92258bc0-196a-4f6c-a0b5-fe105de5f505", "approval-status": "approved", "owner-id": "6ee52ee9-2e3a-4e1b-977d-961facb5fd84", "created-at": "2020-02-03T13:48:54.758Z" } #+end_src PATCH #+begin_src js { "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "default-value": "AMP", "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin" }, "default-value": "admin", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ]} #+end_src **** DONE CSA Migration: merge user by email :work: :LOGBOOK: CLOCK: [2021-02-16 Tue 09:07]--[2021-02-16 Tue 15:22] => 6:15 :END: [2021-02-16 Tue 09:07] *** 2021-02-17 Wednesday **** IN-PROGRESS clients SSE :work: :LOGBOOK: CLOCK: [2021-02-17 Wed 17:25]--[2021-02-18 Thu 09:18] => 15:53 :END: [2021-02-17 Wed 17:25] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*TEST][TEST]] **** MEETING weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2021-02-17 Wed 16:02]--[2021-02-17 Wed 17:25] => 1:23 :END: [2021-02-17 Wed 16:02] - ref :: **** IN-PROGRESS Update SSE client 2nd pass :work: :LOGBOOK: CLOCK: [2021-02-17 Wed 14:52]--[2021-02-17 Wed 16:02] => 1:10 :END: [2021-02-17 Wed 14:52] *** 2021-02-18 Thursday **** IN-PROGRESS debug claim aliases :work: :LOGBOOK: CLOCK: [2021-02-18 Thu 09:18]--[2021-02-18 Thu 10:38] => 1:20 :END: [2021-02-18 Thu 09:18] - ref :: [[file:~/dev/iroh/services/iroh-auth/src/iroh_auth/oauth2_service/schemas.clj::{:claim-to-alias s/Str]] *** 2021-02-19 Friday **** IN-PROGRESS Device Grant analysis :work: [2021-02-19 Fri 15:41] ** 2021-W08 *** 2021-02-22 Monday **** MEETING Core Team: SecureX Account Activation Optimization :work:meeting: :LOGBOOK: CLOCK: [2021-02-22 Mon 16:02]--[2021-02-23 Tue 08:47] => 16:45 :END: [2021-02-22 Mon 16:02] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*revision chaudiere][revision chaudiere]] #+begin_quote Meeting Agenda: * Discussion to drive forward SecureX Account Activation Optimization Q3 efforts * Account Creation Workflow * CSA Migration (has it own dedicated work stream – but is there anything impacting the overall initiative?) * Firepower Onboarding (has it own dedicated work stream – but is there anything impacting the overall initiative?) * Workflow * Role Based Access * Module Addition/Health Workflow * Status of action items from last core team call * What help is needed (decisions, clarity, etc.) * Any blockers or issues? #+end_quote - http://github.com/threatgrid/response/issues/567 Doing in Q3. Most conversation is good. Agenda: @Jyoti, this is a huge item. Audience in this meeting is too big. Where to track. Some github issue are dead. Namrata: focus on first 3 items. Martin: item named workflow, don't know what that is. Module Addition. *** 2021-02-23 Tuesday **** CHAT webex morning routine :work:chat: :LOGBOOK: CLOCK: [2021-02-23 Tue 08:47]--[2021-02-23 Tue 09:47] => 1:00 :END: [2021-02-23 Tue 08:47] ***** CSA Migration - https://jira-eng-rtp3.cisco.com/jira/browse/VOL-3882 ***** DONE Houman SCHEDULED: <2021-02-23 Tue 16:00> @Houman Hi Yann - something for tomorrow, none of the QA orgs in TEST or INT are showing the registered devices in SSE. When I cross launch to SSE, I am able to see the devices, but in SecureX there is no device. Both are AMP orgs and already migrated. Here are the org IDs: #+begin_src c395f3c8-723b-4d15-b8b7-e17bec459c6b cc6a35bc-1739-4fcd-a285-aa95adbd5e41 #+end_src Could you please take a look and unblock QA orgs? ****** Investigation INT org #+begin_src js { "id": "c395f3c8-723b-4d15-b8b7-e17bec459c6b", "name": "adminctrqa", "enabled?": true, "created-at": "2019-04-04T20:33:53.033Z", "idp-mapping": { "idp": "idb-amp-staging", "enabled?": true, "organization-id": "c395f3c8-723b-4d15-b8b7-e17bec459c6b" }, "scim-status": "activated", "additional-scopes": [ "iroh-admin", "iroh-master", "iroh-auth", "sse", "cisco" ] } #+end_src Contains =idp-mapping=. Logs during OIDC does not contain it: The client claim-aliases looks ok: #+begin_src "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "claim-to-alias": "idp-mapping-idp" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "claim-to-alias": "old-idp-mapping-idp" }, #+end_src *** 2021-02-24 Wednesday **** MEETING Fix SSE client :work:meeting: :LOGBOOK: CLOCK: [2021-02-24 Wed 18:33]--[2021-02-25 Thu 18:07] => 23:34 :END: [2021-02-24 Wed 18:33] client PATCH TEST: #+begin_src js {"id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "threatgrid":"TG", "idb-amp": "AMP", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "threatgrid":"TG", "idb-amp": "AMP", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "claim-to-alias": "idp-mapping-idp" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "threatgrid":"TG", "idb-amp": "AMP", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "idp-mapping-organization-id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ]} #+end_src **** IN-PROGRESS continue the day :work: :LOGBOOK: CLOCK: [2021-02-24 Wed 17:04]--[2021-02-24 Wed 18:33] => 1:29 :END: [2021-02-24 Wed 17:04] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Notes][Notes]] **** MEETING dev weekly :work:meeting: :LOGBOOK: CLOCK: [2021-02-24 Wed 15:55]--[2021-02-24 Wed 17:04] => 1:09 :END: [2021-02-24 Wed 15:55] ***** Weekly status ****** commits IROH: - Provisioning: organization-id added to idp-mapping (#4855) - Use entities in DB during SSE id-token generation (#4844) … - Added tests to verify #4808 (#4817) … - Hide provisioning API routes (#4835) - OAuth2 client availabilty restriction for non admin (#4820) … - Prevent user merge by email for some IdP (#4819) … Tenzin-config: Provisioning API in PROD (#375) Mark some IdP as safe for email (#374) ****** Reviews - Extract `user->identity` helper - RFC Problem Statement: Managing transitive dependencies for "test" jars - Add schema validation for `gen-jwt` - Use EmailService in iroh-feedback - RFC: Prevent dependency confusion attack on our code base - Add a `svc-helper` for `iroh-int.test-helpers.auth` ****** Issues - [ ] Write tests for #4844 - [ ] Update SSE Clients - [X] SSE wrong org object passed to id_token generation - [X] Prevent merge user by email for TG accounts - [X] Claim aliases bug fix - [X] Prevent non-admin users to create client with availability "Org" ****** Webex ***** Notes - Yann: + CSA Migration, Talk about SSE, and release. - Guillaume: + CSA Migration + Status API route + FMC - Rob: + discussion about Ben Greenbaum and Umbrella module (409 hit) - Ag: + Bundle assets - Ambrose: + Fixed the cron-job + finished email service + research work about problem statement Real Work™ discussion. ** 2021-W09 *** 2021-03-02 Tuesday **** MEETING Account Activation Optimization :work:meeting: :LOGBOOK: CLOCK: [2021-03-02 Tue 16:01]--[2021-03-02 Tue 17:21] => 1:20 :END: [2021-03-02 Tue 16:01] - ref :: [[file:~/dev/iroh/lib/log-helper/src/log_helper/testutils.clj][file:~/dev/iroh/lib/log-helper/src/log_helper/testutils.clj]] Centralize tools from different groups. One stop shop. Account Activation/Firepower. Epics/issues. https://github.com/threatgrid/response/issues/577 https://github.com/threatgrid/response/issues/565 https://github.com/threatgrid/response/issues/562 *** 2021-03-03 Wednesday **** MEETING PosaaS :work:meeting: :LOGBOOK: CLOCK: [2021-03-03 Wed 18:37]--[2021-03-03 Wed 19:45] => 1:08 :END: [2021-03-03 Wed 18:37] Posaas: Posture as a Service - Actionable items - cross launch *** 2021-03-04 Thursday **** IN-PROGRESS NGFW improvements :work: :LOGBOOK: CLOCK: [2021-03-04 Thu 10:25]--[2021-03-05 Fri 20:36] => 34:11 :END: [2021-03-04 Thu 10:25] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Account Activation Optimization][Account Activation Optimization]] **** IN-PROGRESS discussions TD :work: :LOGBOOK: CLOCK: [2021-03-04 Thu 10:25]--[2021-03-04 Thu 10:25] => 0:00 :END: [2021-03-04 Thu 07:25] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Account Activation Optimization][Account Activation Optimization]] ** 2021-W10 *** 2021-03-08 Monday **** MEETING IROH Token & Posture :work:meeting: :LOGBOOK: CLOCK: [2021-03-08 Mon 19:00]--[2021-03-08 Mon 20:32] => 1:32 :END: [2021-03-08 Mon 18:59] Experience we're trying to reach with Posture. Martin should feel like a Platform. Selectively select product. Onboard AMP only once for everything. J: Posture should abide IROH-Auth OIDC to prevent discrepencies Didi: I would like to separate that. @Didi: 3 types of UX. 1. New user and want to start SecureX. Onboard all modules. 2. I am existing user, I have all enabled. I want to turn on Postule and modules inside the suite right now. 3. I want to be able to kill my Posture collection. I want to revoke access. 4. Monitor the situation of what is happening in my system. Elias: - org managing. We're not gonna have Posture to have a separate org management. Didi: Back from session. Hacks Millards IROH-Auth is the authorize source of orgs. Basically session manager able to get identity token. Some org-hint in Okta. How to integrate Posture in SecureX. Elias: Real concern is about webhook integration. *** 2021-03-09 Tuesday **** MEETING CSA Migration check :work:meeting: :LOGBOOK: CLOCK: [2021-03-09 Tue 06:05]--[2021-03-09 Tue 07:05] => 1:00 :END: [2021-03-09 Tue 06:04] - ref :: *** 2021-03-10 Wednesday **** IN-PROGRESS weekly :work: :LOGBOOK: CLOCK: [2021-03-10 Wed 15:23]--[2021-03-10 Wed 17:07] => 1:44 :END: [2021-03-10 Wed 15:22] ***** Done ****** CSA Migration **Meetings**: - bug fixing due to provisioning API call in PROD - fix the bug in v1.67; disable provisioning API. - prevent the provisioning API de delete idp-mappings - generic discusion about the goals for the Auth for SecureX - discussion about moving the org/user management to Okta (I think). **Code**: - Prevent duplicate user creation via the provisioning API (#4930) - Improve idp-filter message. (#4921) - Display Org's idp in account selection (#4909) - provisioning API further protections (#4919) - Prevent destructive change via Provisioning API (#4900) ****** Account Activation Optimization - Relax scopes for non activated accounts (#4891) ****** Tooling - Easy fix for a faster test (#4936) - Delete obsolete files. (#4907) - Destroy tokyo (#4880) ****** Bug fixes - Fix reported status due to missing scope. (#4886) ***** Working - Improve Selection Page https://github.com/threatgrid/iroh/issues/4918 - IROH-Auth Session: https://github.com/threatgrid/iroh/issues/4323 - Add/delete cookies during Authentication workflow; https://github.com/threatgrid/iroh/issues/4911 - Checking diff between =uberjar= profile and =test= dependencies version *** 2021-03-11 Thursday **** MEETING weekly with Al! :work:meeting: :LOGBOOK: CLOCK: [2021-03-11 Thu 18:11]--[2021-03-11 Thu 19:06] => 0:55 :END: [2021-03-11 Thu 18:11] CSA migration stress Al It works very very well. It sells more products. Push the hole portofolio. Hard for people to enter into the system. It because more complex. CSA Migration should be fixed. Firewall migration is important. Production issues. Pressure on the system. Dates comes from you. ***** Ops ***** Release report from Houman ***** Demos ** 2021-W11 *** 2021-03-16 Tuesday **** MEETING DUO QA :work:meeting: :LOGBOOK: CLOCK: [2021-03-16 Tue 18:29]--[2021-03-16 Tue 19:23] => 0:54 :END: [2021-03-16 Tue 18:29] - ref :: [[file:~/dev/iroh/services/iroh-auth/src/iroh_auth/iroh_auth_service/account_selection.clj::\[:span.org-idp (hiccup/h (org-created-via-idp idps account))\]\]]] Automation with Environment. What to do and what not to do. Recap your position Didi. @Didi: think outside of the box. Our concerns from the other side. Houman conversation. Single Sign On is tested in a specific way. We have CI environment. Display the profile page and display the dashboard that replace the Okta dashboard. And provide Okta services. Template for email and UI. And rather not have touching these things in production. So our dev go in the CI env. Flow user creation, webhooks, etc... That env is different than previous env. If you need a CI env. We recommend people to have their own Okta instance. Can have as many Okta instances as we want. 2 instances: - okta preview meant for developers and code integration. IDE with that. CI, Preview, don't use CDN. Willing to accept pen testing, etc... - staging production environment. Preview env, is stable at code level. There is a level of testing between okta preview and prod. 3 options of testing. 1. Manually 2. Set of existing users, we give you a DUO bypass code. We need MFA otherwise fake users creation. 3. Provide MFA in a self-hosted Okta instance. Personal MFA to be automated. We plan on enabled Google and not just DUO. @Houman Google would help because we could bypass the MFA section. That would be enough for the automatisation part. We can create/delete users automatically. If Google Auth is not a reason. Our concern is not the number of users. We cannot have an env without MFA. ** 2021-W12 *** 2021-03-24 Wednesday **** MEETING Demo CSA Migration :work:meeting: :LOGBOOK: CLOCK: [2021-03-24 Wed 15:29]--[2021-03-24 Wed 16:49] => 1:20 :END: [2021-03-24 Wed 15:29] ***** Andy Goal: - Resolving Problems and Plan to our Beta i ***** Demo April Luk ****** Demo 1 1. Login through CSA 2. Click on Migrate Later 3. Login into SecureX, in Manage Users see use CSA 4. Logout 5. Login through CSA 6. Migrate => Test Login 7. Create a SecureX Account 8. Wait for email, click on the link, activate the account 9. Make the DUO danse 10. Click on Finish (in SXSO after DUO) end up in "Migrate Later" / "Migrate Now" 11. Error to SXSO idp-filter, link goes to CTR, need to Logout, and back to SecureX ****** Demo 2 1 -> 9 idem Ping April Luk Send a demo video Open issues on the conference page. SSO conf, beta blocker page. *** 2021-03-25 Thursday **** MEETING weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2021-03-25 Thu 16:03]--[2021-03-25 Thu 17:23] => 1:20 :END: [2021-03-25 Thu 16:03] ** 2021-W13 *** 2021-03-29 Monday **** MEETING Meeting Talk about SSE tokens :work:meeting: :LOGBOOK: CLOCK: [2021-03-29 Mon 20:28]--[2021-03-29 Mon 22:49] => 2:21 :END: [2021-03-29 Mon 20:28] Cold weather at Didi's place. Doron: CDO Doing things with SSE and SecureX. Device Manager, OIDC. We look at the user, tenant in SSE, etc... The flow sometimes break, etc... Sometimes in the CDO part. SSE guys told me I need to talk to you to change the flow. *** 2021-03-30 Tuesday **** IN-PROGRESS Learn about sessions between different domains :work: :LOGBOOK: CLOCK: [2021-03-30 Tue 10:10]--[2021-04-01 Thu 11:30] => 49:20 :END: [2021-03-30 Tue 10:10] *** 2021-04-02 Friday **** MEETING CSA Meeting :work:meeting: :LOGBOOK: CLOCK: [2021-04-02 Fri 16:30]--[2021-04-02 Fri 17:50] => 1:20 :END: [2021-04-02 Fri 16:30] - ref :: [[file:~/.doom.d/config.el::(<= 10 hour 16) 'doom-oceanic-next]] Notice form my last update. Most issue marked as resolved. Andy: **** DONE response explanation about Clients :work: :LOGBOOK: CLOCK: [2021-04-02 Fri 15:50]--[2021-04-02 Fri 15:58] => 0:08 :END: [2021-04-02 Fri 15:50] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*Update SSE Clients][Update SSE Clients]] The most important. Our Client model is not public like it is with Github. So Clients of IROH-Auth are not public by default like this is the case for Github. Every OAuth2 Auth Code client that would like to be used by people outside the org of its owner MUST ask for an approval from a SecureX Administrator. More precisely: 1. No client can be created that could be used outside of the org without a Cisco SecureX administrator manually approving that client. So nobody from any org X could create a client with a fake Application name and use it outside of their own Org. Also the client would be updated, it would still need another approval from us. 2. No client can have the auto-approval feature which is extremely restricted to only a bunch of trusted clients. The list of client with auto-approval is put in a separate table only accessible via Cisco SecureX administrators (us). 2. A lot of existing clients were created before we had the current Data User structure. So for example, the Organization name will probably be something no meaningful. 3. Also many other teams inside Cisco did not create the client themselves and we created the client for them and we handled them the client credentials. So would we add the Org name to this page it would mean that we need a lot of administrative work on the 5 deployed environments to change the owner of many clients manually. 4. The SecureX/CTR Orgs are not public, they do not have a public profile any user could check. We could at most give the name of the org. I think at most we could show a few data about the Client's owner. For example it's user name, (email ?), etc... So unlike with github we cannot give a link to an Org profile webpage. 5. Orgs do not have avatars. ** 2021-W14 *** 2021-04-06 Tuesday *** 2021-04-08 Thursday **** MEETING weekly :work:meeting: :LOGBOOK: CLOCK: [2021-04-08 Thu 18:10]--[2021-04-08 Thu 19:30] => 1:20 :END: [2021-04-08 Thu 18:36] **** MEETING Weekly services meeting :work:meeting: :LOGBOOK: CLOCK: [2021-04-08 Thu 17:00]--[2021-04-08 Thu 17:53] => 0:53 :END: [2021-04-08 Thu 17:13] - ref :: **** DONE Check security open issues ***** Markdown security related: close https://github.com/threatgrid/iroh/issues/2921 close https://github.com/threatgrid/iroh/issues/3399 close https://github.com/threatgrid/iroh/issues/3377 ***** Deprecarted/Don't care/Probably fixed/Not a bug, it's a feature probably fixed: https://github.com/threatgrid/iroh/issues/4277 close https://github.com/threatgrid/iroh/issues/4276 close https://github.com/threatgrid/iroh/issues/4278 close https://github.com/threatgrid/iroh/issues/4507 ***** Possible break/surprising UX/etc... Potentially break dev/integration with other teams due to improved security: discuss with Orbital about https://github.com/threatgrid/iroh/issues/5121 discuss with SWC about https://github.com/threatgrid/iroh/issues/4387 For v1.71: Merge https://github.com/threatgrid/iroh/pull/4947 Merge https://github.com/threatgrid/iroh/pull/5106 ***** Need design work https://github.com/threatgrid/iroh/issues/4507 *** 2021-04-09 Friday **** EMAIL work email tour :work:email: :LOGBOOK: CLOCK: [2021-04-09 Fri 11:28]--[2021-04-09 Fri 17:31] => 6:03 :END: [2021-04-09 Fri 11:28] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Ecrire projet de vie][Ecrire projet de vie]] **** REVIEW Morning gh routine :work:review: :LOGBOOK: CLOCK: [2021-04-09 Fri 10:55]--[2021-04-09 Fri 11:28] => 0:33 :END: [2021-04-09 Fri 10:55] :refer \[can-create? can-delete? can-read? can-write?\]\]]] **** CHAT chat tour :work:chat: :LOGBOOK: CLOCK: [2021-04-09 Fri 10:05]--[2021-04-09 Fri 10:55] => 0:50 :END: [2021-04-09 Fri 10:55] ** 2021-W15 *** 2021-04-12 Monday **** IN-PROGRESS IROH-Auth Session :work: :LOGBOOK: CLOCK: [2021-04-12 Mon 16:29]--[2021-04-12 Mon 17:29] => 1:00 :END: [2021-04-12 Mon 16:28] - ref :: https://blog.theodo.com/2016/10/how-to-track-your-users-over-several-domains/ - ref :: https://stackoverflow.com/questions/3342140/cross-domain-cookies - ref :: https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript/19546680#19546680 Seems clear that whatever solution, cross-domain cookies will be more and more difficult to work as browser vendor will make their best to prevent user tracking. So the best solution would be to keep a IROH-Auth local session. If a user come on the IROH-Auth login page. We could have put a set of cookies (if we want cross domain but intra security.cisco.com one) or use localStorage. 1. We should ensure that once the user is logged sucessfully we save the JWT *** 2021-04-14 Wednesday **** MEETING interview :work:meeting: :LOGBOOK: CLOCK: [2021-04-14 Wed 18:28]--[2021-04-15 Thu 10:36] => 16:08 :END: [2021-04-14 Wed 18:28] - ref :: [[file:~/dev/iroh-admin-ui/assets/l33t.css::text-align: left;]] **** IN-PROGRESS Presentation IROH-Auth :work: :LOGBOOK: CLOCK: [2021-04-14 Wed 09:20]--[2021-04-14 Wed 18:28] => 9:08 :END: [2021-04-14 Wed 09:20] ***** History 1. Login using AMP SAML (generate JWT) 2. OAuth2 Provider (Grants) 3. Login using OpenID Connect with TG (client of OpenID Connect) 4. Users/Orgs in DB!!! 5. Account Activation 6. Become an OpenID Connect provider 7. OIDC with SSE ***** Internal User Structure ***** Cisco specificity *** 2021-04-15 Thursday **** IN-PROGRESS presentation IROH-Auth :work: :LOGBOOK: CLOCK: [2021-04-15 Thu 10:36]--[2021-04-15 Thu 11:06] => 0:30 :END: [2021-04-15 Thu 10:36] *** 2021-04-16 Friday **** IN-PROGRESS Presentation :work: :LOGBOOK: CLOCK: [2021-04-16 Fri 11:56]--[2021-04-16 Fri 12:56] => 1:00 :END: [2021-04-16 Fri 11:56] ** 2021-W16 *** 2021-04-23 Friday **** MEETING SSE device + smart accounts :work:meeting: :LOGBOOK: CLOCK: [2021-04-23 Fri 17:19]--[2021-04-23 Fri 18:23] => 1:04 :END: [2021-04-23 Fri 17:19] : ** 2021-W17 *** 2021-04-26 Monday **** IN-PROGRESS Device Flow :work: :LOGBOOK: CLOCK: [2021-04-26 Mon 10:40]--[2021-04-26 Mon 12:00] => 1:20 :END: [2021-04-26 Mon 10:40] - ref :: **** CHAT Yana redirects :work:chat: :LOGBOOK: CLOCK: [2021-04-26 Mon 10:03]--[2021-04-26 Mon 10:06] => 0:03 :END: [2021-04-26 Mon 10:03] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-04-26 Monday][2021-04-26 Monday]] *** 2021-04-30 Friday **** IN-PROGRESS Cognitive :work: :LOGBOOK: CLOCK: [2021-04-30 Fri 19:06]--[2021-05-02 Sun 08:10] => 37:04 :END: [2021-04-30 Fri 19:05] - ref :: [[file:~/dev/iroh/services/iroh-auth/src/iroh_auth/provisioning/routes.clj:::return \[PlatformUser\]]] Clients NAM: client-cd34f85d-1c5f-4e93-856c-4cd7c07b847d EU: client-c24bcbe6-ea0b-49cd-9aa8-6e7b3b744412 APJC: client-72111422-86be-4a0e-a5ce-0a25e55304a2 Request for new org name: Global Threat Alerts Integrations - NAM Global Threat Alerts Integrations - EU Global Threat Alerts Integrations - APJC Users mistanke@cisco.com mvelk@cisco.com jpradac@cisco.com pjisl@cisco.com mafanta@cisco.com bdimitri@cisco.com dastrupl@cisco.com PATCH: #+begin_src js {"org-id": "827f573c-1c08-44a6-9d08-4b8ae03a50a0", "owner-id": "25de35b8-3069-4e5c-a1b4-506cfb82b6d5"} #+end_src ***** NAM client: client-cd34f85d-1c5f-4e93-856c-4cd7c07b847d User Martin Fanta user-id: 25de35b8-3069-4e5c-a1b4-506cfb82b6d5 #+begin_src js { "role": "admin", "scopes": [ "vault/configs:read", "integration", "private-intel", "admin", "profile", "inspect", "feedback", "sse", "registry", "users", "invite", "casebook", "vault/config/metadata:read", "orbital", "enrich", "oauth", "collect", "response", "ui-settings", "telemetry:write", "openid", "notification", "global-intel:read", "webhook", "vault/config/posture:read", "ao" ], "updated-at": "2021-04-30T14:46:57.763Z", "idp-mappings": [ { "idp": "sxso", "enabled?": true, "user-identity-id": "00u4ti78a4BXlZSFQ357" } ], "user-email": "mafanta@cisco.com", "user-name": "Martin Fanta", "org-id": "827f573c-1c08-44a6-9d08-4b8ae03a50a0", "user-id": "25de35b8-3069-4e5c-a1b4-506cfb82b6d5", "enabled?": true, "last-logged-at": [ "2021-04-30T14:47:33.023Z", "2021-04-30T14:47:14.157Z", "2021-04-30T14:47:00.478Z", "2021-04-13T13:48:03.320Z", "2021-03-18T13:14:51.114Z" ], "created-at": "2021-03-18T13:14:24.604Z", "user-nick": "Martin Fanta" } #+end_src Org: =827f573c-1c08-44a6-9d08-4b8ae03a50a0= #+begin_src js { "id": "827f573c-1c08-44a6-9d08-4b8ae03a50a0", "name": "Global Threat Alerts Integrations - NAM", "address": { "city": "", "street1": "", "street2": "", "department": "", "postal-code": "", "country-iso-code": "CZ" }, "enabled?": true, "created-at": "2021-03-18T13:14:24.597Z", "scim-status": "activated" } #+end_src ***** EU client: client-c24bcbe6-ea0b-49cd-9aa8-6e7b3b744412 User Martin Fanta user-id: 25de35b8-3069-4e5c-a1b4-506cfb82b6d5 #+begin_src js { "role": "admin", "scopes": [ "vault/configs:read", "integration", "private-intel", "admin", "profile", "inspect", "feedback", "sse", "registry", "users", "invite", "casebook", "vault/config/metadata:read", "orbital", "enrich", "oauth", "collect", "response", "ui-settings", "telemetry:write", "openid", "notification", "global-intel:read", "webhook", "vault/config/posture:read", "ao" ], "updated-at": "2021-04-30T14:46:57.763Z", "idp-mappings": [ { "idp": "sxso", "enabled?": true, "user-identity-id": "00u4ti78a4BXlZSFQ357" } ], "user-email": "mafanta@cisco.com", "user-name": "Martin Fanta", "org-id": "827f573c-1c08-44a6-9d08-4b8ae03a50a0", "user-id": "25de35b8-3069-4e5c-a1b4-506cfb82b6d5", "enabled?": true, "last-logged-at": [ "2021-04-30T14:47:33.023Z", "2021-04-30T14:47:14.157Z", "2021-04-30T14:47:00.478Z", "2021-04-13T13:48:03.320Z", "2021-03-18T13:14:51.114Z" ], "created-at": "2021-03-18T13:14:24.604Z", "user-nick": "Martin Fanta" } #+end_src Org: =827f573c-1c08-44a6-9d08-4b8ae03a50a0= #+begin_src js { "id": "827f573c-1c08-44a6-9d08-4b8ae03a50a0", "name": "Global Threat Alerts Integrations - NAM", "address": { "city": "", "street1": "", "street2": "", "department": "", "postal-code": "", "country-iso-code": "CZ" }, "enabled?": true, "created-at": "2021-03-18T13:14:24.597Z", "scim-status": "activated" } #+end_src ***** APJC User Martin Fanta user-id: 25de35b8-3069-4e5c-a1b4-506cfb82b6d5 #+begin_src js { "role": "admin", "scopes": [ "vault/configs:read", "integration", "private-intel", "admin", "profile", "inspect", "feedback", "sse", "registry", "users", "invite", "casebook", "vault/config/metadata:read", "orbital", "enrich", "oauth", "collect", "response", "ui-settings", "telemetry:write", "openid", "notification", "global-intel:read", "webhook", "vault/config/posture:read", "ao" ], "updated-at": "2021-04-30T14:46:57.763Z", "idp-mappings": [ { "idp": "sxso", "enabled?": true, "user-identity-id": "00u4ti78a4BXlZSFQ357" } ], "user-email": "mafanta@cisco.com", "user-name": "Martin Fanta", "org-id": "827f573c-1c08-44a6-9d08-4b8ae03a50a0", "user-id": "25de35b8-3069-4e5c-a1b4-506cfb82b6d5", "enabled?": true, "last-logged-at": [ "2021-04-30T14:47:33.023Z", "2021-04-30T14:47:14.157Z", "2021-04-30T14:47:00.478Z", "2021-04-13T13:48:03.320Z", "2021-03-18T13:14:51.114Z" ], "created-at": "2021-03-18T13:14:24.604Z", "user-nick": "Martin Fanta" } #+end_src ** 2021-W18 *** 2021-05-03 Monday **** CHAT Neel chat :work:chat: :LOGBOOK: CLOCK: [2021-05-03 Mon 15:35]--[2021-05-03 Mon 22:14] => 6:39 :END: [2021-05-03 Mon 15:35] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-03 Monday][2021-05-03 Monday]] **** IN-PROGRESS Check Provisioning API issue :work: :LOGBOOK: CLOCK: [2021-05-03 Mon 08:19]--[2021-05-03 Mon 11:43] => 3:24 :END: [2021-05-03 Mon 08:19] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*commander les légumes et les fruits][commander les légumes et les fruits]] *** 2021-05-04 Tuesday **** MEETING Town Hall :work:meeting: :LOGBOOK: CLOCK: [2021-05-04 Tue 13:02]--[2021-05-04 Tue 22:53] => 9:51 :END: [2021-05-04 Tue 13:01] - ref :: Mougin Office Decision par: Business Unit Engineering (Securite) et Sales supportent aussi. Râlage, ... Remise en cause des chiffres WPR par Luc. Explication: 5 sites Regus au lieu d'un seul. Alexandra Viennot; HR Country Manager. *** 2021-05-05 Wednesday **** CHAT Fix client in APJC :work:chat: :LOGBOOK: CLOCK: [2021-05-05 Wed 17:32]--[2021-05-05 Wed 18:49] => 1:17 :END: [2021-05-05 Wed 17:32] client-94325fbf-986f-4f0d-ae1d-c1696d1825f0 **** CHAT Tritan York question :work:chat: :LOGBOOK: CLOCK: [2021-05-05 Wed 14:50]--[2021-05-05 Wed 17:32] => 2:42 :END: [2021-05-05 Wed 14:50] **** IN-PROGRESS Admin UI :work: :LOGBOOK: CLOCK: [2021-05-05 Wed 14:40]--[2021-05-05 Wed 14:50] => 0:10 :END: [2021-05-05 Wed 14:40] **** CHAT April Luk testing :work:chat:interruption: :LOGBOOK: CLOCK: [2021-05-05 Wed 14:30]--[2021-05-05 Wed 14:40] => 0:10 :END: [2021-05-05 Wed 14:30] - ref :: **** REVIEW PR reviewing :work:review: :LOGBOOK: CLOCK: [2021-05-05 Wed 09:01]--[2021-05-05 Wed 10:18] => 1:17 :END: [2021-05-05 Wed 10:01] - ref :: *** 2021-05-06 Thursday **** MEETING Weekly :work:meeting: :LOGBOOK: CLOCK: [2021-05-06 Thu 17:03]--[2021-05-07 Fri 00:22] => 7:19 :END: [2021-05-06 Thu 17:03] ***** Standup ****** Yann - Fixed a bug related to CSA Migration and follow up - Device Code Flow . ****** Ereteo ****** Matt Module types Question for Jyoti. - n AMP -> 1 secure X . ****** Ambrose - merged the 2nd/3 of Status API yesterday - fixed 1.72 deploy due to rate-limiting => moving to actions ****** Rob Trent suggested a solution New UI idea underway. Change the data on the ESA module side. Horizontal segment, total of the segment and part of the total. Jyoti: we want the product involved (ESA team) Paul Infantino. Tangling SMA. Confusing myself. Jyoti to Guillaume: On the UI side applinks. Dar implementing it. And he fetches it, and uses the bookmark Okta. Guillaume: we gave you. ****** Victor Module Type Patch API. ****** Mark Delete AO Setup workflow. Really good test on that. ****** Ag This one pretty close to be done. I used generative test. Generate ****** Jyoti Meeting CSA Migration. ** 2021-W19 *** 2021-05-10 Monday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-05-10 Mon 18:33] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------------+---------------------------------------+--------+---+------+------| | | | *Total time* | *4:40* | | | | |------------------------+--------------------+---------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-10 Monday][2021-05-10 Monday]] | | | 4:40 | | | [2021-05-10 Mon 15:36] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*add .bit domains][add .bit domains]] | | | | 2:57 | | [2021-05-10 Mon 14:38] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*notifs github][notifs github]] | | | | 0:50 | | <2021-05-10 Mon 14:00> | interruption, work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Resubmit Concur Home Internet][Resubmit Concur Home Internet]] | | | | 0:05 | | [2021-05-10 Mon 10:01] | work, email | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*comment on user-name update][comment on user-name update]] | | | | 0:14 | | [2021-05-10 Mon 09:46] | work, email | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Answer Andy Trapani][Answer Andy Trapani]] | | | | 0:15 | | [2021-05-10 Mon 09:00] | work, email | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Answer to Jyoti email][Answer to Jyoti email]] | | | | 0:19 | #+END: **** IN-PROGRESS add .bit domains :work: :LOGBOOK: CLOCK: [2021-05-10 Mon 15:36]--[2021-05-10 Mon 18:33] => 2:57 :END: [2021-05-10 Mon 15:36] - ref :: https://github.com/threatgrid/response/issues/136 **** DONE payer amie Krystelle :interruption:famille: :LOGBOOK: CLOCK: [2021-05-10 Mon 15:10]--[2021-05-10 Mon 15:10] => 0:00 :END: [2021-05-10 Mon 15:10] - ref :: [[file:~/dev/iroh/services/iroh-auth/src/iroh_auth/org_service/core.clj::\[java-time :as jt\]]] **** IN-PROGRESS notifs github :work: :LOGBOOK: CLOCK: [2021-05-10 Mon 15:18]--[2021-05-10 Mon 15:36] => 0:18 CLOCK: [2021-05-10 Mon 14:38]--[2021-05-10 Mon 15:10] => 0:32 :END: [2021-05-10 Mon 14:38] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Resubmit Concur Home Internet][Resubmit Concur Home Internet]] **** DONE Resubmit Concur Home Internet :interruption:work: SCHEDULED: <2021-05-10 Mon 14:00> :LOGBOOK: CLOCK: [2021-05-10 Mon 14:30]--[2021-05-10 Mon 14:34] => 0:04 CLOCK: [2021-05-10 Mon 11:02]--[2021-05-10 Mon 11:03] => 0:01 :END: [2021-05-10 Mon 11:02] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-10 Monday][2021-05-10 Monday]] **** DONE videoconf docteur Anna :interruption:anna: :LOGBOOK: CLOCK: [2021-05-10 Mon 10:15]--[2021-05-10 Mon 10:29] => 0:14 :END: [2021-05-10 Mon 10:15] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Answer Andy Trapani][Answer Andy Trapani]] **** EMAIL comment on user-name update :work:email: :LOGBOOK: CLOCK: [2021-05-10 Mon 10:01]--[2021-05-10 Mon 10:15] => 0:14 :END: [2021-05-10 Mon 10:01] - ref :: https://jira-eng-rtp3.cisco.com/jira/browse/VOL-4064#add-comment **** EMAIL Answer Andy Trapani :work:email: :LOGBOOK: CLOCK: [2021-05-10 Mon 09:46]--[2021-05-10 Mon 10:01] => 0:15 :END: [2021-05-10 Mon 09:46] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Appel Anna videoconf Mme Verdier][Appel Anna videoconf Mme Verdier]] **** DONE Appel Anna videoconf Mme Verdier :interruption:anna: :LOGBOOK: CLOCK: [2021-05-10 Mon 09:04]--[2021-05-10 Mon 09:28] => 0:24 :END: [2021-05-10 Mon 09:04] **** EMAIL Answer to Jyoti email :work:email: :LOGBOOK: CLOCK: [2021-05-10 Mon 09:28]--[2021-05-10 Mon 09:46] => 0:18 CLOCK: [2021-05-10 Mon 09:03]--[2021-05-10 Mon 09:04] => 0:01 CLOCK: [2021-05-10 Mon 09:00]--[2021-05-10 Mon 09:00] => 0:00 :END: [2021-05-10 Mon 09:00] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-10 Monday][2021-05-10 Monday]] *** 2021-05-11 Tuesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-05-12 Wed 08:35] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-----------------------------+--------+---+------+------| | | | *Total time* | *2:05* | | | | |------------------------+------+-----------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-11 Tuesday][2021-05-11 Tuesday]] | | | 2:05 | | | [2021-05-11 Tue 08:57] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*fix scopes check PR][fix scopes check PR]] | | | | 2:05 | #+END: **** DONE fix scopes check PR :work: :LOGBOOK: CLOCK: [2021-05-11 Tue 08:57]--[2021-05-11 Tue 11:02] => 2:05 :END: [2021-05-11 Tue 08:57] - ref :: *** 2021-05-12 Wednesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-05-12 Wed 19:03] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------------+----------------------------------------+--------+---+------+------| | | | *Total time* | *5:03* | | | | |------------------------+--------------------+----------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-12 Wednesday][2021-05-12 Wednesday]] | | | 5:03 | | | [2021-05-12 Wed 14:59] | interruption, work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*update org name][update org name]] | | | | 0:05 | | [2021-05-12 Wed 14:59] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*clj-kondo cleanup low level concentration task][clj-kondo cleanup low level...]] | | | | 4:47 | | [2021-05-12 Wed 08:58] | work, email | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Morning email tour][Morning email tour]] | | | | 0:01 | | [2021-05-12 Wed 08:43] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*github notifs morning tour][github notifs morning tour]] | | | | 0:01 | | [2021-05-12 Wed 08:34] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Webex morning routine tour][Webex morning routine tour]] | | | | 0:09 | #+END: **** DONE update org name :interruption:work: :LOGBOOK: CLOCK: [2021-05-12 Wed 14:54]--[2021-05-12 Wed 14:59] => 0:05 :END: [2021-05-12 Wed 14:59] - ref :: https://github.com/threatgrid/response/issues/701 **** DONE clj-kondo cleanup low level concentration task :work: :LOGBOOK: CLOCK: [2021-05-12 Wed 15:00]--[2021-05-12 Wed 19:03] => 4:03 CLOCK: [2021-05-12 Wed 14:10]--[2021-05-12 Wed 14:54] => 0:44 :END: [2021-05-12 Wed 14:59] **** EMAIL Morning email tour :work:email: :LOGBOOK: CLOCK: [2021-05-12 Wed 08:58]--[2021-05-12 Wed 08:59] => 0:01 :END: [2021-05-12 Wed 08:58] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Webex morning routine tour][Webex morning routine tour]] **** DONE github notifs morning tour :work: :LOGBOOK: CLOCK: [2021-05-12 Wed 08:43]--[2021-05-12 Wed 08:44] => 0:01 :END: [2021-05-12 Wed 08:43] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Webex morning routine tour][Webex morning routine tour]] **** DONE Webex morning routine tour :work: :LOGBOOK: CLOCK: [2021-05-12 Wed 08:34]--[2021-05-12 Wed 08:43] => 0:09 :END: [2021-05-12 Wed 08:34] ** 2021-W20 #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-05-20 Thu 17:09] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------+-------------------------------+---------+-------+------+------| | | | *Total time* | *16:21* | | | | |------------------------+---------------+-------------------------------+---------+-------+------+------| | | | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W20][2021-W20]] | | 16:21 | | | | | | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-17 Monday][2021-05-17 Monday]] | | | 2:31 | | | [2021-05-17 Mon 10:36] | work | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*reviews][reviews]] | | | | 2:31 | | [2021-05-19 Wed 09:20] | | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-19 Wednesday][2021-05-19 Wednesday]] | | | 6:01 | | | [2021-05-19 Wed 16:26] | work, meeting | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA working group analysis/automation][CSA working group...]] | | | | 5:37 | | [2021-05-19 Wed 08:59] | work, email | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration support][CSA Migration support]] | | | | 0:03 | | [2021-05-19 Wed 08:56] | work, email | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning checks][morning checks]] | | | | 0:21 | | | | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-20 Thursday][2021-05-20 Thursday]] | | | 7:49 | | | [2021-05-20 Thu 10:37] | work | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Code Device Grant][Code Device Grant]] | | | | 5:20 | | [2021-05-20 Thu 08:08] | work | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning tour][morning tour]] | | | | 2:29 | #+END: *** 2021-05-17 Monday **** IN-PROGRESS reviews :work: :LOGBOOK: CLOCK: [2021-05-17 Mon 10:37]--[2021-05-17 Mon 12:07] => 1:30 CLOCK: [2021-05-17 Mon 09:36]--[2021-05-17 Mon 10:37] => 1:01 :END: [2021-05-17 Mon 10:36] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Memory][Memory]] *** 2021-05-19 Wednesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-05-19 Wed 09:20] | Timestamp | Tags | Headline | Time | | | | |------------------------+-------------+-------------------------------+--------+---+------+------| | | | *Total time* | *0:24* | | | | |------------------------+-------------+-------------------------------+--------+---+------+------| | | | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-19 Wednesday][2021-05-19 Wednesday]] | | | 0:24 | | | [2021-05-19 Wed 08:59] | work, email | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration support][CSA Migration support]] | | | | 0:03 | | [2021-05-19 Wed 08:56] | work, email | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning checks][morning checks]] | | | | 0:21 | #+END: **** MEETING CSA working group analysis/automation :work:meeting: :LOGBOOK: CLOCK: [2021-05-19 Wed 16:26]--[2021-05-19 Wed 22:03] => 5:37 :END: [2021-05-19 Wed 16:26] - ref :: Purpose perform analysis on our user base. Check more tests to check to extended beta. What could we automate. - less than 20 customers we're gonna hand call to the transition. I am wondering if I am useful to be part of this working group. I can only change how the user will use SecureX. The stats are handled by Ira Piva. I don't think I am relevant to help this group. **** DONE CSA Migration support :work:email: :LOGBOOK: CLOCK: [2021-05-19 Wed 08:59]--[2021-05-19 Wed 09:02] => 0:03 :END: [2021-05-19 Wed 08:59] - ref :: https://jira-eng-rtp3.cisco.com/jira/browse/VOL-4069 Voltron VOL-4069 **** EMAIL morning checks :work:email: :LOGBOOK: CLOCK: [2021-05-19 Wed 09:02]--[2021-05-19 Wed 09:20] => 0:18 CLOCK: [2021-05-19 Wed 08:56]--[2021-05-19 Wed 08:59] => 0:03 :END: [2021-05-19 Wed 08:56] - ref :: *** 2021-05-20 Thursday **** MEETING weekly :work:meeting: :LOGBOOK: CLOCK: [2021-05-20 Thu 17:09]--[2021-05-20 Thu 22:26] => 5:17 :END: [2021-05-20 Thu 17:09] - Matt module type patch - GB frontend - Ag; working on defaulting field for search (field selection for search) - Y; Device Flow, CSA Mig, Org disable - Rob; **** IN-PROGRESS Code Device Grant :work: :LOGBOOK: CLOCK: [2021-05-20 Thu 13:16]--[2021-05-20 Thu 17:09] => 3:53 CLOCK: [2021-05-20 Thu 10:37]--[2021-05-20 Thu 12:04] => 1:27 :END: [2021-05-20 Thu 10:37] - ref :: **** DONE morning tour :work: :LOGBOOK: CLOCK: [2021-05-20 Thu 08:08]--[2021-05-20 Thu 10:37] => 2:29 :END: [2021-05-20 Thu 08:08] - ref :: *** 2021-05-21 Friday **** CHAT Discussion CESv2 :work:chat: :LOGBOOK: CLOCK: [2021-05-21 Fri 14:41]--[2021-05-21 Fri 15:41] => 1:00 :END: [2021-05-21 Fri 14:41] ** 2021-W21 *** 2021-05-25 Tuesday **** IN-PROGRESS Show Invite during Creation page prompt :work: :LOGBOOK: CLOCK: [2021-05-25 Tue 11:02]--[2021-05-26 Wed 17:43] => 30:41 :END: [2021-05-25 Tue 11:02] - ref :: *** 2021-05-26 Wednesday **** MEETING Wanderson Ferreira :work:meeting: :LOGBOOK: CLOCK: [2021-05-26 Wed 17:43]--[2021-05-26 Wed 19:13] => 1:30 :END: [2021-05-26 Wed 17:43] ***** Presentation Wanderson Traditional background into science, started a PhD. Then doing real work. Algorithm, deep learning. Development for 7/8 years. Best effort in frontend show. 5 to 6 years work in Clojure. ***** Demo time Screen share. Prepare questions: - testing - core/async - succeed/fail rop improve organization; using =let= syntax because binding (>>=) expect a name (do notation) ***** Questions from Wanderson TZ pb *** 2021-05-27 Thursday **** CHAT Jyoti Posture/Yana :work:chat: :LOGBOOK: CLOCK: [2021-05-27 Thu 08:40]--[2021-05-27 Thu 09:21] => 0:41 :END: [2021-05-27 Thu 09:08] **** IN-PROGRESS Irina 1-1 prep :work: :LOGBOOK: CLOCK: [2021-05-27 Thu 09:21]--[2021-05-27 Thu 10:51] => 1:30 CLOCK: [2021-05-27 Thu 08:46]--[2021-05-27 Thu 08:40] => 0:22 :END: [2021-05-27 Thu 08:46] - ref :: ***** What to talk about? 1. My personal history with Cisco (presentation) personality/env, etc... 2. when/where I will be the more helpful to you 3. generic welcome advices (the team, SecureX/CTRl, SBG, Cisco) 4. what my day-to-day work looks like 5. what am I relevant for, when should you reach out? 6. the team spirit/ambiance 7. The expected work 8. Work organisation/schedule - Know more about my work: There is a 1h30 pres from previous week where I presented IROH-Auth to the larger team. ***** Presentation (History first mine then the Team and the Product) 1. Ph.D. Machine Learning 2. Post Ph.D. Machine Learning 3. Work for Airfrace (Perl/scripts/web/) 4. Join Vigiglobe via Guillaume (our wives worked together) a. Social Media Analytics, hire Matt, then G2 b. lot of pressure, fullstack dev + machine learning c. rewrite in Clojure (lot of pressure) d. bad management (SCRUM hell), wrong decisions, lot of pressure 5. Guillaume join Cisco in January, and I join in April. 6. Recruited by Craig & Dean. Craig is the mastermind a. small team of 8 people, go to Calgary we are the center of attention (the future!). Meet Al Huger. b. first year work on CTIA (CTIM) c. Cisco Threat Response (CTR); names IROH/Visibility/CTR work on new abstractions / tk-store, inspect, modules, iroh-auth, admin interface, scripts, help ops. d. IROH-Auth: => login via AMP (SAML with Guillaume) (no user in DB) e. IROH-Auth: => login via Threatgrid (OpenId Connect client) f. IROH-Auth: => become OAuth2 provider (grants: client credentials, authorization code, implicit) **User** in DB g. Huge amount of support to help other team integrate with OAuth2. h. make implicit grant deprecated i. SSE Integration (big deal, difficult with many teams) House made integration (user auth hooks, pass tokens by side channels) Matthieu implication j. Orbital (they use our JWT) k. IROH-Auth: => become an OIDC provider (IROH-Auth can be used as an IdP) l. **SecureX** (previously called Platform, ...) Very deep change in IROH-Auth underlying architecture/business logic. 8 month of intense work. Main change, user have only one =idp-mapping= and now have multiple =idp-mappings=. Mainly you can login via different login buttons and different identities into the same user inside SecureX. m. Ambrose then Victor join the team n. Craig & Dean resign both; this is *huge*, reorg even though it was prepared for one year. So, Jyoti is put on top of Guillaume, her team (Rob, Ag, Mark) merge with our team. Namrata / Elias replace Dean/Craig. ***** Advices 1. *Evaluation*: Your main evaluation dimension will be *added user value*. - Cisco promote and encourage their employees, if you are useful you will be rewarded. - If you are helpful to other Cisco employees, this will also be visible - If you help to make the internal system work, this will be more difficult to sell to your manager. So my advice, have a 80/20 maximum about; 80% working on visible to your manager stuff, 20% on the necessary/fun stuff. 2. Use Cisco resources, ask for it (I have an iMac for example, which is completely out of the normal things to get), do not be afraid to reach other people at Cisco. Note, I am not the best one to follow on this one ;) 3. Try to use start-page, more and more people use it, I think this is a pretty good starting point (mothership/work.html). The frequency at which you will use these links (in 1 year from now) will be a good way to evaluate if you are on the right track. 4. Do not fear to reach out to other people in other room/teams everyone will be friendly and helpful, this is in fact one of the most important hidden skill at Cisco. 5. Try to be aware about the CoC (chain of command), because it is not clearly enforced does not mean it doesn't exists. 6. If you have any issue/problem technical/human/HR anything don't wait, be vocal about it 7. If you would like to work on something don't let your manager(s) guess for your ask them. 8. Depending on your tasks you could be overwhelmed by communication channels (chat, mail, webexes), be prepared to handle this and have ***** Day to Day 1. Open emacs, check my todo list 2. Morning tours: - open webex teams, chat morning tour (from 10min to 8h, generally 30min) I frenquently have messages in the morning from Jyoti and other team from India, East Europe. - open mails (from 5min to 30min) - check the agenda webex invitations - Check my PRs (if someone has made some review, work on it) - Check opened PR for review (from 5min to 8h, generally I try to stay under 2h/day) - check chat in "the Frenchies" (we try to avoid it more and more) 3. After the tour, check the updated agenda, the new todos, organize the day/priorities work on it (if I can). Number of chat interuption from 10h-16h is generally about 4 notifications. 4. During my afternoon (>16h, the US wakes up) - If no chat interruption continue the work until 18h/19h and stop my day. - Frequently one to three meetings, frequently during release weeks impromptu webex/chat with QA team. - If chat interruption, stop my work (unless my work is both urgent and need deep concentration) and focus on the chat. Generally from 16->19h30. Sometime a bit exceptionnally, work from 08:30pm->01:00am ***** What am I relevant about, when should you reach out? - **IROH-Auth**: login, OAuth2, OpenID connect, OAuth2 clients, User/Org/Client management, **scopes** - **API Security**: **scopes**, how to use them, organize, etc... - **TK-Store**: access different DB with interfaces. Has been butchered a bit by Matthieu with its cache interface, he is aware about it. - **Inspect**: extract observables (IP, url, hashes, etc...) from raw text - **Response**: in Module system (iroh-int); now it is more Matthieu - **Admin interface**: hidden but *very important* - **Structured logs** (via Riemann/ES): helped get data for management: now should be moved to G2 (but I am still relevant for kibana access, how to log in our code, still missing structured log, but we are close) - **Code architecture**: - first decided to use lein-monolith (terrible but best from other terrible choices), then removed it recently. Take a look at =CONTRIBUTING.md=. Made =tk-tests= see rationale, etc... - =let-either= in =iroh-int= (monads, etc..) - =tk-store= is structured with the flaws from stores in CTIA - =defwebservice= to centralize how our webservices work ***** TODO Team spirit ***** TODO Expected work ***** TODO Work organization/schedule *** 2021-05-28 Friday **** IN-PROGRESS enable/disable orgs :work: :LOGBOOK: CLOCK: [2021-05-28 Fri 18:39]--[2021-05-31 Mon 11:06] => 64:27 :END: [2021-05-28 Fri 18:39] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Why Feature Teams][Why Feature Teams]] **** MEETING Weekly Engineering :work:meeting: :LOGBOOK: CLOCK: [2021-05-28 Fri 17:03]--[2021-05-28 Fri 18:39] => 1:36 :END: [2021-05-28 Fri 17:03] CI of the feature team. Security Training with multiple levels. ***** Namrata CDF Continuous Delivery Framework / Feature Teams ****** Scale Grow in term of capacity, structure to manage. Cross-functional feature teams. ****** Planning Framework 1. Cross functional planning 2. Alignment to strategy 3. Objective prioritization 4. Deliver deep business-value ****** CDF Quaterly / 12 Weeks / 3 Month Month 1: Commited Month 2: Probable Month 3: Stretch - Continuous Planning - Coninuous Execution - Prodcut Strategic Initiatives - Technology Investments - Maintenance ****** Cross-Functional Feature Teams having representation for all the functions. Developers of all kinds (backend/UI/UX/ops/etc...) They all need to be involved from planning all the way to delivery. ****** Why Feature Teams *decentralized*, sense of ownership. Deeper business value, limiting WIP. **** IN-PROGRESS PR to fix scope= :work: :LOGBOOK: CLOCK: [2021-05-28 Fri 10:11]--[2021-05-28 Fri 17:03] => 6:52 :END: [2021-05-28 Fri 10:11] - ref :: **** IN-PROGRESS fix redirect url contstruction :work: :LOGBOOK: CLOCK: [2021-05-28 Fri 07:39]--[2021-05-28 Fri 10:11] => 2:32 :END: [2021-05-28 Fri 07:39] ** 2021-W22 #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 20! :match "work" #+CAPTION: Clock summary at [2021-06-04 Fri 18:57] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------------+------------------------------+---------+-------+------+------| | | | *Total time* | *27:25* | | | | |------------------------+---------------------+------------------------------+---------+-------+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W22][2021-W22]] | | 27:25 | | | | [2021-06-02 Wed 09:20] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-31 Monday][2021-05-31 Monday]] | | | 4:45 | | | [2021-05-31 Mon 15:18] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*check assert/always-validate status][check...]] | | | | 1:46 | | [2021-05-31 Mon 15:08] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*tac related route issue update branch][tac related route...]] | | | | 0:10 | | [2021-05-31 Mon 14:45] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Invite into create account manual testing][Invite into...]] | | | | 0:23 | | [2021-05-31 Mon 14:35] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*TAC org-disable admin routes PR][TAC org-disable...]] | | | | 0:10 | | [2021-05-31 Mon 11:09] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*reviews][reviews]] | | | | 2:16 | | [2021-06-02 Wed 09:19] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-01 Tuesday][2021-06-01 Tuesday]] | | | 6:23 | | | [2021-06-01 Tue 16:30] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Device Posture][Device Posture]] | | | | 2:12 | | [2021-06-01 Tue 16:00] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*FMC][FMC]] | | | | 0:30 | | [2021-06-01 Tue 14:29] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*back to work][back to work]] | | | | 1:31 | | [2021-06-01 Tue 12:07] | work, support | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CESv2 clients][CESv2 clients]] | | | | 0:06 | | [2021-06-01 Tue 11:07] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*back to work][back to work]] | | | | 1:00 | | [2021-06-01 Tue 09:58] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*g2 502][g2 502]] | | | | 0:17 | | [2021-06-01 Tue 09:18] | work, chat, support | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CESv2 client creation][CESv2 client...]] | | | | 0:46 | | [2021-06-01 Tue 09:17] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] | | | | 0:01 | | [2021-06-03 Thu 20:27] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-02 Wednesday][2021-06-02 Wednesday]] | | | 2:47 | | | [2021-06-02 Wed 10:35] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Discussion Posture][Discussion Posture]] | | | | 1:31 | | [2021-06-02 Wed 09:19] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning routine][morning routine]] | | | | 1:16 | | [2021-06-03 Thu 20:27] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-03 Thursday][2021-06-03 Thursday]] | | | 7:13 | | | [2021-06-03 Thu 19:28] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*DI/Posture 3 options][DI/Posture 3 options]] | | | | 0:59 | | [2021-06-03 Thu 17:02] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*weekly Service][weekly Service]] | | | | 1:22 | | [2021-06-03 Thu 14:10] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Device Flow][Device Flow]] | | | | 2:52 | | [2021-06-03 Thu 12:05] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] | | | | 2:00 | | [2021-06-04 Fri 18:57] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-04 Friday][2021-06-04 Friday]] | | | 6:17 | | | [2021-06-04 Fri 16:59] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*FirstHealth][FirstHealth]] | | | | 0:10 | | [2021-06-04 Fri 15:35] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*device grant clean PR][device grant...]] | | | | 3:12 | | [2021-06-04 Fri 11:21] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Device flow][Device flow]] | | | | 1:08 | | [2021-06-04 Fri 11:14] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat & review][morning chat &...]] | | | | 1:47 | #+END: *** 2021-05-31 Monday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-06-02 Wed 09:20] | Timestamp | Tags | Headline | Time | | | | |------------------------+------------+----------------------------------------------+--------+---+------+------| | | | *Total time* | *4:45* | | | | |------------------------+------------+----------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-05-31 Monday][2021-05-31 Monday]] | | | 4:45 | | | [2021-05-31 Mon 15:18] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*check assert/always-validate status][check assert/always-validate status]] | | | | 1:46 | | [2021-05-31 Mon 15:08] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*tac related route issue update branch][tac related route issue update...]] | | | | 0:10 | | [2021-05-31 Mon 14:45] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Invite into create account manual testing][Invite into create account manual...]] | | | | 0:23 | | [2021-05-31 Mon 14:35] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*TAC org-disable admin routes PR][TAC org-disable admin routes PR]] | | | | 0:10 | | [2021-05-31 Mon 11:09] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*reviews][reviews]] | | | | 2:16 | #+END: **** CHAT check assert/always-validate status :work:chat: :LOGBOOK: CLOCK: [2021-05-31 Mon 15:18]--[2021-05-31 Mon 17:04] => 1:46 :END: [2021-05-31 Mon 15:18] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Invite into create account manual testing][Invite into create account manual testing]] **** IN-PROGRESS tac related route issue update branch :work: :LOGBOOK: CLOCK: [2021-05-31 Mon 15:08]--[2021-05-31 Mon 15:18] => 0:10 :END: [2021-05-31 Mon 15:08] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Invite into create account manual testing][Invite into create account manual testing]] **** DONE Invite into create account manual testing :work: :LOGBOOK: CLOCK: [2021-05-31 Mon 14:45]--[2021-05-31 Mon 15:08] => 0:23 :END: [2021-05-31 Mon 14:45] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*reviews][reviews]] **** DONE TAC org-disable admin routes PR :work: :LOGBOOK: CLOCK: [2021-05-31 Mon 14:35]--[2021-05-31 Mon 14:45] => 0:10 :END: [2021-05-31 Mon 14:35] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*reviews][reviews]] **** DONE reviews :work: :LOGBOOK: CLOCK: [2021-05-31 Mon 10:09]--[2021-05-31 Mon 12:25] => 2:16 :END: [2021-05-31 Mon 11:09] *** 2021-06-01 Tuesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-06-02 Wed 09:19] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------------+-------------------------------+--------+---+------+------| | | | *Total time* | *6:23* | | | | |------------------------+---------------------+-------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-01 Tuesday][2021-06-01 Tuesday]] | | | 6:23 | | | [2021-06-01 Tue 16:30] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Device Posture][Device Posture]] | | | | 2:12 | | [2021-06-01 Tue 16:00] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*FMC][FMC]] | | | | 0:30 | | [2021-06-01 Tue 14:29] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*back to work][back to work]] | | | | 1:31 | | [2021-06-01 Tue 12:07] | work, support | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CESv2 clients][CESv2 clients]] | | | | 0:06 | | [2021-06-01 Tue 11:07] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*back to work][back to work]] | | | | 1:00 | | [2021-06-01 Tue 09:58] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*g2 502][g2 502]] | | | | 0:17 | | [2021-06-01 Tue 09:18] | work, chat, support | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CESv2 client creation][CESv2 client creation]] | | | | 0:46 | | [2021-06-01 Tue 09:17] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] | | | | 0:01 | #+END: UK TV Show **** MEETING Device Posture :work:meeting: :LOGBOOK: CLOCK: [2021-06-01 Tue 16:30]--[2021-06-01 Tue 18:42] => 2:12 :END: [2021-06-01 Tue 16:30] Integration, device insight and SecureX. Client to access. **** MEETING FMC :work:meeting: :LOGBOOK: CLOCK: [2021-06-01 Tue 16:00]--[2021-06-01 Tue 16:30] => 0:30 :END: [2021-06-01 Tue 16:00] Say 2 weeks late. **** IN-PROGRESS back to work :work: :LOGBOOK: CLOCK: [2021-06-01 Tue 14:29]--[2021-06-01 Tue 16:00] => 1:31 :END: [2021-06-01 Tue 14:29] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CESv2 clients][CESv2 clients]] **** IN-PROGRESS CESv2 clients :work:support: :LOGBOOK: CLOCK: [2021-06-01 Tue 12:07]--[2021-06-01 Tue 12:13] => 0:06 :END: [2021-06-01 Tue 12:07] Tarun Dhiraj: Could you please change the access token time to 1800 for client id client-6cd9d654-179d-46bd-a03a-ae408bf75d87? Tarun Dhiraj 11:28 Okay..we would stick to 600 secs for the PROD. So could you please make it 600 then? for POC I had configured it to different value.. **** IN-PROGRESS back to work :work: :LOGBOOK: CLOCK: [2021-06-01 Tue 11:07]--[2021-06-01 Tue 12:07] => 1:00 :END: [2021-06-01 Tue 11:07] - ref :: **** CHAT g2 502 :work:chat: :LOGBOOK: CLOCK: [2021-06-01 Tue 10:03]--[2021-06-01 Tue 10:16] => 0:13 CLOCK: [2021-06-01 Tue 09:58]--[2021-06-01 Tue 10:02] => 0:04 :END: [2021-06-01 Tue 09:58] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CESv2 client creation][CESv2 client creation]] **** CHAT CESv2 client creation :work:chat:support: :LOGBOOK: CLOCK: [2021-06-01 Tue 09:17]--[2021-06-01 Tue 10:03] => 0:46 :END: [2021-06-01 Tue 09:18] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] **** IN-PROGRESS morning chat :work: :LOGBOOK: CLOCK: [2021-06-01 Tue 09:17]--[2021-06-01 Tue 09:18] => 0:01 :END: [2021-06-01 Tue 09:17] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*TAC org-disable admin routes PR][TAC org-disable admin routes PR]] *** 2021-06-02 Wednesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-06-03 Thu 20:27] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+----------------------------+--------+---+------+------| | | | *Total time* | *2:47* | | | | |------------------------+------+----------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-02 Wednesday][2021-06-02 Wednesday]] | | | 2:47 | | | [2021-06-02 Wed 10:35] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Discussion Posture][Discussion Posture]] | | | | 1:31 | | [2021-06-02 Wed 09:19] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning routine][morning routine]] | | | | 1:16 | #+END: **** DONE Discussion Posture :work: :LOGBOOK: CLOCK: [2021-06-02 Wed 10:35]--[2021-06-02 Wed 12:06] => 1:31 :END: [2021-06-02 Wed 10:35] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning routine][morning routine]] **** DONE morning routine :work: :LOGBOOK: CLOCK: [2021-06-02 Wed 09:19]--[2021-06-02 Wed 10:35] => 1:16 :END: [2021-06-02 Wed 09:19] - ref :: *** 2021-06-03 Thursday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-06-03 Thu 20:27] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------+------------------------------+--------+---+------+------| | | | *Total time* | *7:13* | | | | |------------------------+---------------+------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-03 Thursday][2021-06-03 Thursday]] | | | 7:13 | | | [2021-06-03 Thu 19:28] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*DI/Posture 3 options][DI/Posture 3 options]] | | | | 0:59 | | [2021-06-03 Thu 17:02] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*weekly Service][weekly Service]] | | | | 1:22 | | [2021-06-03 Thu 14:10] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Device Flow][Device Flow]] | | | | 2:52 | | [2021-06-03 Thu 12:05] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] | | | | 2:00 | #+END: **** MEETING DI/Posture 3 options :work:meeting: :LOGBOOK: CLOCK: [2021-06-03 Thu 19:28]--[2021-06-03 Thu 20:27] => 0:59 :END: [2021-06-03 Thu 19:28] **** MEETING weekly Service :work:meeting: :LOGBOOK: CLOCK: [2021-06-03 Thu 17:02]--[2021-06-03 Thu 18:24] => 1:22 :END: [2021-06-03 Thu 17:02] You can sort by name. **** IN-PROGRESS Device Flow :work: :LOGBOOK: CLOCK: [2021-06-03 Thu 14:10]--[2021-06-03 Thu 17:02] => 2:52 :END: [2021-06-03 Thu 14:10] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat 2nd pass][morning chat 2nd pass]] **** CHAT morning chat :work:chat: :LOGBOOK: CLOCK: [2021-06-03 Thu 10:05]--[2021-06-03 Thu 11:00] => 0:55 CLOCK: [2021-06-03 Thu 08:05]--[2021-06-03 Thu 09:10] => 1:05 :END: [2021-06-03 Thu 12:05] *** 2021-06-04 Friday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-06-04 Fri 18:57] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------+-------------------------------+--------+---+------+------| | | | *Total time* | *6:17* | | | | |------------------------+---------------+-------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-04 Friday][2021-06-04 Friday]] | | | 6:17 | | | [2021-06-04 Fri 16:59] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*FirstHealth][FirstHealth]] | | | | 0:10 | | [2021-06-04 Fri 15:35] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*device grant clean PR][device grant clean PR]] | | | | 3:12 | | [2021-06-04 Fri 11:21] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Device flow][Device flow]] | | | | 1:08 | | [2021-06-04 Fri 11:14] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat & review][morning chat & review]] | | | | 1:47 | #+END: **** MEETING FirstHealth :work:meeting: :LOGBOOK: CLOCK: [2021-06-04 Fri 16:59]--[2021-06-04 Fri 17:09] => 0:10 :END: [2021-06-04 Fri 16:59] **** IN-PROGRESS device grant clean PR :work: :LOGBOOK: CLOCK: [2021-06-04 Fri 17:09]--[2021-06-04 Fri 18:57] => 1:48 CLOCK: [2021-06-04 Fri 15:35]--[2021-06-04 Fri 16:59] => 1:24 :END: [2021-06-04 Fri 15:35] - ref :: **** IN-PROGRESS Device flow :work: :LOGBOOK: CLOCK: [2021-06-04 Fri 11:21]--[2021-06-04 Fri 12:29] => 1:08 :END: [2021-06-04 Fri 11:21] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat & review][morning chat & review]] **** CHAT morning chat & review :work:chat: :LOGBOOK: CLOCK: [2021-06-04 Fri 09:34]--[2021-06-04 Fri 11:21] => 1:47 :END: [2021-06-04 Fri 11:14] ** 2021-W23 #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-06-08 Tue 15:10] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-------------------------+--------+------+------+------| | | | *Total time* | *5:58* | | | | |------------------------+------+-------------------------+--------+------+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W23][2021-W23]] | | 5:58 | | | | [2021-06-08 Tue 15:10] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-07 Monday][2021-06-07 Monday]] | | | 5:58 | | | [2021-06-07 Mon 10:09] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*device-grant][device-grant]] | | | | 5:26 | | [2021-06-07 Mon 09:57] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning routine][morning routine]] | | | | 0:32 | #+END: *** 2021-06-07 Monday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-06-08 Tue 15:10] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-------------------------+--------+---+------+------| | | | *Total time* | *5:58* | | | | |------------------------+------+-------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-06-07 Monday][2021-06-07 Monday]] | | | 5:58 | | | [2021-06-07 Mon 10:09] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*device-grant][device-grant]] | | | | 5:26 | | [2021-06-07 Mon 09:57] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning routine][morning routine]] | | | | 0:32 | #+END: **** IN-PROGRESS device-grant :work: :LOGBOOK: CLOCK: [2021-06-08 Tue 14:19]--[2021-06-08 Tue 15:09] => 0:50 CLOCK: [2021-06-07 Mon 10:09]--[2021-06-07 Mon 14:45] => 4:36 :END: [2021-06-07 Mon 10:09] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning routine][morning routine]] **** DONE morning routine :work: :LOGBOOK: CLOCK: [2021-06-07 Mon 09:59]--[2021-06-07 Mon 10:09] => 0:10 CLOCK: [2021-06-07 Mon 09:37]--[2021-06-07 Mon 09:59] => 0:22 :END: [2021-06-07 Mon 09:57] - ref :: *** 2021-06-08 Tuesday **** MEETING deliberation Daniel :work:meeting: :LOGBOOK: CLOCK: [2021-06-08 Tue 18:59]--[2021-06-14 Mon 14:52] => 139:53 :END: [2021-06-08 Tue 18:59] ***** Irina - Don't have strong positive feeling. - Mindset - risk of lack of focus No ***** Ambrose I don't feel very engaged. Don't know if it's me or the interview. He wants to learn more. 0 ***** Mark not excited. Didn't feel that. Late night active session. Didn't work at the last minute. Doesn't feel he has a strong opinion. 0 ***** G2 not excited. yes (maybe) ***** Y - pros: - technically ok. - cons: - afraid about if he would like to work in a quite closed environment. - not asked much questions, so I'm afraid about a risk of lack of motivation in the long run. XXX: Do you think he is better than you? What will he bring to the team? ***** Ag - no test **** MEETING Interview ; Daniel Petranek :work:meeting: :LOGBOOK: CLOCK: [2021-06-08 Tue 16:59]--[2021-06-08 Tue 18:59] => 2:00 :END: [2021-06-08 Tue 16:59] ***** Team Presentations - Y - Robert Levy - Matt - Irina - G2 - Ambrose - Ag - Mark ***** Daniel Came to Clojure, International Economic. Data + emacs for note taking. Emacs => Clojure as 1st programming lang. 1st purely functional Scala shop. Strongly typed camp. Mass notification soft, and ton of Clojure. Cloud service, and scaling, performance, feature stuff. Text to speach. DB performance. Rate limiting. ***** Demo datalog databases fullstack demo. Use juxt.clip same like integrant ***** Questions from Daniel ****** Do you pair program? Process? ****** Use mac or Linux? ***** Questions ****** TODO static type system related. Which feature do you prefer or do not like in Clojure. ****** Would you feel at ease working on an old code base? In our current environment many code architecture choices are already made. Also within a lot of existing common abstractions: - application lifecycle abstraction - configuration abstraction - store abstraction - user and most resources data structure - identity/route declaration - testing strategies - logging (not 100% finished to have structured logs, but very close to completion) - CI/REPL tooling Choice are not completely frozen, far from it, but a lot as already been tried so adding a new one can be difficult and thus it is a bit hard to "play" with the existing system. Also, the code is in PROD and must be very stable, so any change impacting all component is generally observed as risky. ****** Documentations? How much, how are you documenting. Do you feel at ease to work completely async without any chat just via comments/PR reviews on documents? ****** You mentionned CQRS API, what do you mean by that? ****** You used =defmulti=. Isn't there a contradiction with pure functional programming? ****** Maali schemas bunch of informations to generate datalog schema. Have you heard about Haskell's servant. They wrote a book about how they choose to organize this "Pattern" about having the data driving different attributes of a code (generate servers, clients, swagger-ui, documentation, etc...)? For example you haven't used the route definitions to generate the frontend clients (see =v2-routes=) ****** Macros What would you call a good useful macros vs a macro that could have negative impact on the code quality/productivity. When does a macro is preferable than an emacs yasnippet? **** IN-PROGRESS Irina 1-1 prep (bis) :work: :LOGBOOK: CLOCK: [2021-06-08 Tue 15:12]--[2021-06-08 Tue 16:59] => 1:47 :END: [2021-05-27 Thu 08:46] - ref :: ***** What to talk about? 1. My personal history with Cisco (presentation) personality/env, etc... 2. when/where I will be the more helpful to you 3. generic welcome advices (the team, SecureX/CTRl, SBG, Cisco) 4. what my day-to-day work looks like 5. what am I relevant for, when should you reach out? 6. the team spirit/ambiance 7. The expected work 8. Work organisation/schedule - Know more about my work: There is a 1h30 pres from previous week where I presented IROH-Auth to the larger team. ***** Presentation (History first mine then the Team and the Product) 1. Ph.D. Machine Learning 2. Post Ph.D. Machine Learning 3. Work for Airfrace (Perl/scripts/web/) 4. Join Vigiglobe via Guillaume (our wives worked together) a. Social Media Analytics, hire Matt, then G2 b. lot of pressure, fullstack dev + machine learning c. rewrite in Clojure (lot of pressure) d. bad management (SCRUM hell), wrong decisions, lot of pressure 5. Guillaume join Cisco in January, and I join in April. 6. Recruited by Craig & Dean. Craig is the mastermind a. small team of 8 people, go to Calgary we are the center of attention (the future!). Meet Al Huger. b. first year work on CTIA (CTIM) c. Cisco Threat Response (CTR); names IROH/Visibility/CTR work on new abstractions / tk-store, inspect, modules, iroh-auth, admin interface, scripts, help ops. d. IROH-Auth: => login via AMP (SAML with Guillaume) (no user in DB) e. IROH-Auth: => login via Threatgrid (OpenId Connect client) f. IROH-Auth: => become OAuth2 provider (grants: client credentials, authorization code, implicit) **User** in DB g. Huge amount of support to help other team integrate with OAuth2. h. make implicit grant deprecated i. SSE Integration (big deal, difficult with many teams) House made integration (user auth hooks, pass tokens by side channels) Matthieu implication j. Orbital (they use our JWT) k. IROH-Auth: => become an OIDC provider (IROH-Auth can be used as an IdP) l. **SecureX** (previously called Platform, ...) Very deep change in IROH-Auth underlying architecture/business logic. 8 month of intense work. Main change, user have only one =idp-mapping= and now have multiple =idp-mappings=. Mainly you can login via different login buttons and different identities into the same user inside SecureX. m. Ambrose then Victor join the team n. Craig & Dean resign both; this is *huge*, reorg even though it was prepared for one year. So, Jyoti is put on top of Guillaume, her team (Rob, Ag, Mark) merge with our team. Namrata / Elias replace Dean/Craig. ***** Advices 1. *Evaluation*: Your main evaluation dimension will be *added user value*. - Cisco promote and encourage their employees, if you are useful you will be rewarded. - If you are helpful to other Cisco employees, this will also be visible - If you help to make the internal system work, this will be more difficult to sell to your manager. So my advice, have a 80/20 maximum about; 80% working on visible to your manager stuff, 20% on the necessary/fun stuff. 2. Use Cisco resources, ask for it (I have an iMac for example, which is completely out of the normal things to get), do not be afraid to reach other people at Cisco. Note, I am not the best one to follow on this one ;) 3. Try to use start-page, more and more people use it, I think this is a pretty good starting point (mothership/work.html). The frequency at which you will use these links (in 1 year from now) will be a good way to evaluate if you are on the right track. 4. Do not fear to reach out to other people in other room/teams everyone will be friendly and helpful, this is in fact one of the most important hidden skill at Cisco. 5. Try to be aware about the CoC (chain of command), because it is not clearly enforced does not mean it doesn't exists. 6. If you have any issue/problem technical/human/HR anything don't wait, be vocal about it 7. If you would like to work on something don't let your manager(s) guess for your ask them. 8. Depending on your tasks you could be overwhelmed by communication channels (chat, mail, webexes), be prepared to handle this and have ***** Day to Day 1. Open emacs, check my todo list 2. Morning tours: - open webex teams, chat morning tour (from 10min to 8h, generally 30min) I frenquently have messages in the morning from Jyoti and other team from India, East Europe. - open mails (from 5min to 30min) - check the agenda webex invitations - Check my PRs (if someone has made some review, work on it) - Check opened PR for review (from 5min to 8h, generally I try to stay under 2h/day) - check chat in "the Frenchies" (we try to avoid it more and more) 3. After the tour, check the updated agenda, the new todos, organize the day/priorities work on it (if I can). Number of chat interuption from 10h-16h is generally about 4 notifications. 4. During my afternoon (>16h, the US wakes up) - If no chat interruption continue the work until 18h/19h and stop my day. - Frequently one to three meetings, frequently during release weeks impromptu webex/chat with QA team. - If chat interruption, stop my work (unless my work is both urgent and need deep concentration) and focus on the chat. Generally from 16->19h30. Sometime a bit exceptionnally, work from 08:30pm->01:00am ***** What am I relevant about, when should you reach out? - **IROH-Auth**: login, OAuth2, OpenID connect, OAuth2 clients, User/Org/Client management, **scopes** - **API Security**: **scopes**, how to use them, organize, etc... - **TK-Store**: access different DB with interfaces. Has been butchered a bit by Matthieu with its cache interface, he is aware about it. - **Inspect**: extract observables (IP, url, hashes, etc...) from raw text - **Response**: in Module system (iroh-int); now it is more Matthieu - **Admin interface**: hidden but *very important* - **Structured logs** (via Riemann/ES): helped get data for management: now should be moved to G2 (but I am still relevant for kibana access, how to log in our code, still missing structured log, but we are close) - **Code architecture**: - first decided to use lein-monolith (terrible but best from other terrible choices), then removed it recently. Take a look at =CONTRIBUTING.md=. Made =tk-tests= see rationale, etc... - =let-either= in =iroh-int= (monads, etc..) - =tk-store= is structured with the flaws from stores in CTIA - =defwebservice= to centralize how our webservices work ***** TODO Team spirit ***** TODO Expected work ***** TODO Work organization/schedule **** IN-PROGRESS review GH Action :work: :LOGBOOK: CLOCK: [2021-06-08 Tue 09:45]--[2021-06-08 Tue 12:25] => 2:40 :END: [2021-06-08 Tue 15:09] **** IN-PROGRESS device flow :LOGBOOK: CLOCK: [2021-06-08 Tue 14:11]--[2021-06-08 Tue 15:11] => 1:00 :END: ** 2021-W24 *** 2021-06-14 Monday **** MEETING Irina 1-1 prep (bis) :work: :LOGBOOK: CLOCK: [2021-07-19 Mon 11:02] CLOCK: [2021-06-14 Mon 16:04]--[2021-06-14 Mon 17:44] => 1:40 :END: [2021-05-27 Thu 08:46] - ref :: ***** What to talk about? 1. My personal history with Cisco (presentation) personality/env, etc... 2. when/where I will be the more helpful to you 3. generic welcome advices (the team, SecureX/CTRl, SBG, Cisco) 4. what my day-to-day work looks like 5. what am I relevant for, when should you reach out? 6. the team spirit/ambiance 7. The expected work 8. Work organisation/schedule - Know more about my work: There is a 1h30 pres from previous week where I presented IROH-Auth to the larger team. ***** Presentation (History first mine then the Team and the Product) 1. Ph.D. Machine Learning 2. Post Ph.D. Machine Learning 3. Work for Airfrace (Perl/scripts/web/) 4. Join Vigiglobe via Guillaume (our wives worked together) a. Social Media Analytics, hire Matt, then G2 b. lot of pressure, fullstack dev + machine learning c. rewrite in Clojure (lot of pressure) d. bad management (SCRUM hell), wrong decisions, lot of pressure 5. Guillaume join Cisco in January, and I join in April. 6. Recruited by Craig & Dean. Craig is the mastermind a. small team of 8 people, go to Calgary we are the center of attention (the future!). Meet Al Huger. b. first year work on CTIA (CTIM) c. Cisco Threat Response (CTR); names IROH/Visibility/CTR work on new abstractions / tk-store, inspect, modules, iroh-auth, admin interface, scripts, help ops. d. IROH-Auth: => login via AMP (SAML with Guillaume) (no user in DB) e. IROH-Auth: => login via Threatgrid (OpenId Connect client) f. IROH-Auth: => become OAuth2 provider (grants: client credentials, authorization code, implicit) **User** in DB g. Huge amount of support to help other team integrate with OAuth2. h. make implicit grant deprecated i. SSE Integration (big deal, difficult with many teams) House made integration (user auth hooks, pass tokens by side channels) Matthieu implication j. Orbital (they use our JWT) k. IROH-Auth: => become an OIDC provider (IROH-Auth can be used as an IdP) l. **SecureX** (previously called Platform, ...) Very deep change in IROH-Auth underlying architecture/business logic. 8 month of intense work. Main change, user have only one =idp-mapping= and now have multiple =idp-mappings=. Mainly you can login via different login buttons and different identities into the same user inside SecureX. m. Ambrose then Victor join the team n. Craig & Dean resign both; this is *huge*, reorg even though it was prepared for one year. So, Jyoti is put on top of Guillaume, her team (Rob, Ag, Mark) merge with our team. Namrata / Elias replace Dean/Craig. ***** Advices 1. *Evaluation*: Your main evaluation dimension will be *added user value*. - Cisco promote and encourage their employees, if you are useful you will be rewarded. - If you are helpful to other Cisco employees, this will also be visible - If you help to make the internal system work, this will be more difficult to sell to your manager. So my advice, have a 80/20 maximum about; 80% working on visible to your manager stuff, 20% on the necessary/fun stuff. 2. Use Cisco resources, ask for it (I have an iMac for example, which is completely out of the normal things to get), do not be afraid to reach other people at Cisco. Note, I am not the best one to follow on this one ;) 3. Try to use start-page, more and more people use it, I think this is a pretty good starting point (mothership/work.html). The frequency at which you will use these links (in 1 year from now) will be a good way to evaluate if you are on the right track. 4. Do not fear to reach out to other people in other room/teams everyone will be friendly and helpful, this is in fact one of the most important hidden skill at Cisco. 5. Try to be aware about the CoC (chain of command), because it is not clearly enforced does not mean it doesn't exists. 6. If you have any issue/problem technical/human/HR anything don't wait, be vocal about it 7. If you would like to work on something don't let your manager(s) guess for your ask them. 8. Depending on your tasks you could be overwhelmed by communication channels (chat, mail, webexes), be prepared to handle this and have ***** Day to Day 1. Open emacs, check my todo list 2. Morning tours: - open webex teams, chat morning tour (from 10min to 8h, generally 30min) I frenquently have messages in the morning from Jyoti and other team from India, East Europe. - open mails (from 5min to 30min) - check the agenda webex invitations - Check my PRs (if someone has made some review, work on it) - Check opened PR for review (from 5min to 8h, generally I try to stay under 2h/day) - check chat in "the Frenchies" (we try to avoid it more and more) 3. After the tour, check the updated agenda, the new todos, organize the day/priorities work on it (if I can). Number of chat interuption from 10h-16h is generally about 4 notifications. 4. During my afternoon (>16h, the US wakes up) - If no chat interruption continue the work until 18h/19h and stop my day. - Frequently one to three meetings, frequently during release weeks impromptu webex/chat with QA team. - If chat interruption, stop my work (unless my work is both urgent and need deep concentration) and focus on the chat. Generally from 16->19h30. Sometime a bit exceptionnally, work from 08:30pm->01:00am ***** What am I relevant about, when should you reach out? - **IROH-Auth**: login, OAuth2, OpenID connect, OAuth2 clients, User/Org/Client management, **scopes** - **API Security**: **scopes**, how to use them, organize, etc... - **TK-Store**: access different DB with interfaces. Has been butchered a bit by Matthieu with its cache interface, he is aware about it. - **Inspect**: extract observables (IP, url, hashes, etc...) from raw text - **Response**: in Module system (iroh-int); now it is more Matthieu - **Admin interface**: hidden but *very important* - **Structured logs** (via Riemann/ES): helped get data for management: now should be moved to G2 (but I am still relevant for kibana access, how to log in our code, still missing structured log, but we are close) - **Code architecture**: - first decided to use lein-monolith (terrible but best from other terrible choices), then removed it recently. Take a look at =CONTRIBUTING.md=. Made =tk-tests= see rationale, etc... - =let-either= in =iroh-int= (monads, etc..) - =tk-store= is structured with the flaws from stores in CTIA - =defwebservice= to centralize how our webservices work ***** TODO Team spirit ***** TODO Expected work ***** TODO Work organization/schedule **** MEETING IROH-Auth and SSO :work:meeting: :LOGBOOK: CLOCK: [2021-06-14 Mon 14:52]--[2021-06-14 Mon 16:03] => 1:11 :END: [2021-06-14 Mon 14:52] ***** Session depends on URL - SXSO has a single URL for the world - IROH-Auth share the same URL as Cisco Threat Response (could be changed to SecureX URL with we expect the default Application to be SecureX) 3 URLs (one per zone NAM/EU/APJC) The SecureX tenancy is in IROH-Auth (driven by Cisco business logic) ***** Easiest way to have a shared Session accross product All product should probably use IROH-Auth as IdP (which will still continue to use SXSO as main IdP) *** 2021-06-17 Thursday **** DONE Presentation Jason Chambers :work:meeting: :LOGBOOK: CLOCK: [2021-06-17 Thu 15:02]--[2021-06-17 Thu 16:40] => 1:38 :END: [2021-06-17 Thu 15:02] - ref :: ** 2021-W25 *** 2021-06-23 Wednesday **** IN-PROGRESS DI doc :work: :LOGBOOK: CLOCK: [2021-06-23 Wed 10:10]--[2021-06-23 Wed 11:40] => 1:30 :END: [2021-06-23 Wed 10:10] Given a session token (JWT) this is how to retrieve refresh token for a client bypassing any user interaction or browser redirection. Given a classical OAuth2 Auth code client with: - client_id: localtest - client_password: localpass - scopes: inspect - redirect_uris: [ http://localhost:9001/callback ] Make the following HTTP call: 1. call csrf endpoint => retrieve a CSRF token 2. authorize the client (use the CSRF token) => retrieve a CODE token 3. call /token with client secret and the CODE token => retrieve access/refresh tokens In more detail: #+begin_src ❯ IROH_URL="https://visibility.amp.cisco.com" curl -X POST "$IROH_URL/iroh/oauth2/csrf-token" \ -H "accept: application/json" \ -H "authorization: Bearer $JWT" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=localtest&scope=inspect" {"csrf":"eyJhGc..."} ❯ CSRF="eyJhGc..." curl -X POST "$IROH_URL/iroh/oauth2/authorize" \ -H "accept: application/json" \ -H "authorization: Bearer $JWT" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=localtest&scope=inspect&csrf=$CSRF&redirect_uri=http://localhost:9001/callback&response_type=code&state=" {"url":"http://localhost:9001/callback?code=eyJhGc..."} ❯ CODE="eyJhGc..." curl -X POST "$IROH_URL/iroh/oauth2/token" \ -H "accept: application/json" \ -u localtest:localpass \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "scope=inspect&code=$CODE&redirect_uri=http://localhost:9001/callback&grant_type=authorization_code&" {"access_token":"eyJhGc...","scope":"inspect","token_type":"bearer","expires_in":600,"refresh_token":"eyJhGc..."} #+end_src *** 2021-06-25 Friday **** IN-PROGRESS Security School :work: :LOGBOOK: CLOCK: [2021-06-25 Fri 10:20]--[2021-06-25 Fri 11:23] => 1:03 :END: [2021-06-25 Fri 10:20] What it mean to be a Trusted company 1. Trust is important and changed (erosion of trust) 2. Why should I should pay for premium; built on trust. 3. key point, start with a good point on the reputation 4. Shifting landscape, no more satisfy with implicit trusting. 5. Lack of trust create a huge gap, stop digitizing - 71% threat hinder innovation - 39% halted mission critical initiative to digitalize due to cybersecurity concern 6. How much cisco is a trusting company BPI (Brand Performance Index) score 22% - 8% -> is an honest ethical company - 4% -> company I admire ... 7. Trust Landscape - Increasing number of data breaches and cyberattacks - halting digital projects due to lack of trust - transition from implicit to explicit trust "Prove it" - US based IT companies are under increased scrutinity, particularly outside of the US. Distance between Cisco and US government. 8. Cisco BPI: 50% (MS 65%) 9. Trustworthy - active measire to safeguard - commited to securing our customers and data - adhere a secure development lifecycle in the dev of products and services - we protect security of our supply chain 10. Transparent - access to security vulnerabilities - timely actionable breach notifications to impacted parties - publish data regarding requests from law enforcement - drive and follow open global standards and make deccisions to develope and implement new tech based on customers current and anticipated 11. Accountable - commited to verify and validate our trustworthiness - we admit we make mistakes that impact the security of our customers and partners and we work to make things right with those customers and partners 12. Calls to action ***** Security Vocabulary 1. CIA: Security triangle (of device, service or data) *Is it Secure?* - Confidentiality - Integrity - Availability 2. Confidentiality (who can access ) 3. Integrity (information is not unexpectedly modified) 4. Availability (information or resourcces are available when needed) 5. Non-Repudiation & Authenticity Non-repudiation: Prove you did or didn't do something Authenticity: Assurance that a message or other exchange of information is from source it claims to be from 6. Vulnerability: - a weekness, design or coding error, lack of protection in a product that enable an attack - Vulnerability can result from Design, Programming, or Operational flaws. 7. Threats - Threat: a potential danger that could cause harm to information or a system - Threat Agent: an entity that exploits a threat (a hacker) 8. Exploits and Attacks - exploits: pratical method to take advantage of a vuln - Attack: use an exploit against and actual vuln - Attack Vector: theoretical application of an exploit - Zero-Day Attack: an attack that exploits a previously unknown vuln for which there is not yet a defense 9. Exposure 1. probability and severity of an attack using a specific exploit 2. time between the announcement of vuln and a suitable patch 3. any info leak that facilitate attack 10. Mitigation What can we do? Strategy for reducing or eliminating the severity of a security issue. 11. Attack Surface - Reality collection of all entry point that could potentially be used to attack the product. Any code or hardware that an attacker could potentially access and exploit. ***** Protecting data and privacy ****** DATA - data = content + context . ****** Data is proccessed by each of us Engineer, Sales, HR ****** Data must be protected at each stage - classify it as personal data and/or confidential - determine what controls to embed per stage using Cisco Data Policies Lifecycle 1. Collection or Creation 2. Usage 3. Sharing 4. Curating 5. Retention 6. Destruction Data sensitivity ****** Cisco Data Policies . Cisco Data Quality Policy . Cisco Data Protection Policy . Cisco Data Privacy Policy require secure up-to-date data processing with purpose - Can be found in Policy Central - Updated at least once a year - Cover changing global regulations, marke/customer requirements, and Cisco's changes in code of business ****** Embeding Data Controls Quality / Protection / Privacy Details ccan be found in Product Seure Baseline Requirements for CSDL. - Quality: refresh, retention management, destroy when done - Protection: encryption, confidential/sensitive, role based access, 3rd party contracts - Privacy: minimized processing, notice/purpose, legal basis/consent, individual rights