Note: This ballot was opened for revision 02-00 and is now closed.
Ballot question: "Is this charter ready for external review?"
Thanks for resolving my earlier comments. This version looks better. The last paragraph of section A. seems to have a cut-and-paste error in the first sentence.
The charter is very generic and broad: model, collection, evaluation, orchestration and communication, control plane, a criteria language. I provided feedback to SACM a few times. I trust the responsible AD to do the right thing. I wonder why you impose CBOR in the charter. Can we get the milestones please. Regards, Benoit.
"IETF NEA" probably needs a reference to somebody not familiar with the field.
This seems fine to me. Some editorial nits below > Securing information and the systems that store, process, and transmit > that information is a challenging task for enterprises of all sizes, and many > security practitioners spend much of their time on manual processes. > Standardized protocols and models aiding collection and evaluation of endpoint > attributes enables automation, thus freeing practitioners to focus on high Nit: models .... enable > priority tasks. Due to the breadth of this work, the working group will address > enterprise use cases pertaining to the assessment of endpoint posture (using > the definitions of Endpoint and Posture from RFC 5209). In alignment with RFC > 5209, a network device is an endpoint. > > At its core, posture assessment consists of five basic steps, which the working > group desires to fulfill in an innovative, automated manner capable of avoiding You're rechartering, so maybe it's less innovative than it was last time :) > ad hoc or scheduled assessments: > > 1. Identify and characterize target endpoints > 2. Determine specific endpoint elements to assess > 3. Collect and make available specified elements' actual values > 4. Compare actual element values to policy compliant element values > 5. Make results available > > This working group will focus on collection, evaluation, and orchestration and > communication, as described herein. > > A. Collection. The WG will define a standardized way to provide two types of > imperative guidance to collectors over varying collection mechanisms: I'm not sure what "imperative guidance" means in this context.
Given the charter has changed substantially and I am not familiar with the current state of work of the group, I'm afraid I can't provide any valuable input about the recharting and will therefore abstain.