This is a continuation of an initial discussion on the Jupyter Security mailing list to evaluate the interest in a workshop focused on security in for Jupyter. Based on the response in the mailing list, it’s clear that there’s interest and the question now is how myself and one or more motivated individuals should organize one. This is also the time to broaden the participants in the discussion. (Thanks Yuvi and Brian.)
(For those of you on the security list, the content below is very similar to my original email to the list.)
Idea & Questions
An outcome of the recent Jupyter Community Workshop hosted by NERSC and BIDS is the idea to hold another workshop focused on Jupyter security, particularly best practices for deploying and managing JupyterHub. As part of my work supporting data services for ALCF projects, I can lead the organization of the workshop. To me, this would be an initial event to bring more focus on security within the Jupyter community.
To motivate us further, there is funding available for hosting and travel from the Argonne Leadership Computing Facility (ALCF) and we could look for additional funding from the Jupyter Community Workshops effort by Bloomberg. A caveat to the ALCF support is that the event would need to occur by October 1, 2019.
Another topic for this workshop is diversity. I understand this can be a challenge within IT generally, and security especially, but we will get farther putting some effort towards improving representation. So whatever we can do within the bounds of our funding guidelines, let’s try.
Here are some questions for this group to gauge the level of interest
and support for a “Jupyter Security Best Practices Community
- Does this sound meaningful and worthwhile?
- What are reasonable outcomes for this workshop?
- Who should attend?
- How long should it be?
- When are the critical attendees available?
Below are some of my thoughts based on the discussions last week.
Potential outcomes for the workshop:
- Updated Jupyter documentation on security.
- A white paper on “Jupyter Security Best Practices”, scoped to various levels like DOE supercomputing centers, campus research computing centers, and workshops.
- Summarizing Jupyter development practices that target security (e.g., code reviews, auth modules, CVE tracking, etc.).
- Submit engagement proposal to Trusted CI to improve security in the Jupyter ecosystem, including development, operation, and usage of Jupyter.
- August 27-29, 2019
- September 24-26, 2019
I appreciate any feedback and insight you all have.
University of Chicago
Argonne National Laboratory