Minutes IETF110: sacm
minutes-110-sacm-00
| Meeting Minutes | Security Automation and Continuous Monitoring (sacm) WG | |
|---|---|---|
| Date and time | 2021-03-10 12:00 | |
| Title | Minutes IETF110: sacm | |
| State | Active | |
| Other versions | markdown | |
| Last updated | 2021-03-11 |
SACM Meeting Notes IETF-110
CoSWID
Henk Birkholz presented the status of CoSWID.
CoSWID draft is in AD review for submission to IESG for publication. A number of issues remain outstanding by the AD review. Dave Waltermier is handling the last bit of registry outstanding items. After looking through the list of items and the time available to the authors, they are committing to get the update with the outstanding items resolved by the end of April.
Henk and Roman(AD) worked after the meeting ended to clarify the list of outstanding items from Roman.
Chair asked if the GitHub issue asked by Lundblade issue 42 was resolved. Henk replied that the issue was resolved and CoSWID can be used for the RATS use case.
ROLIE Checklist
The draft is expired and there hasn't been meaningful effort for quite some time.
Bill Munyan spoke for the authors who confirmed that with the change of some authors engagement progress was not likely.
The draft is dropped from further consideration.
Architecture Draft
There hasn't been progress since the last meeting on the draft.
Bill Munyan has spent some time working on an implementation to explore the details of how to implement the architecture. He's currently building an implememntation based on OpenDXL. Bill's implementation is currently basic with a management and orchestration component, collection component, and the ability to register new components with an ability to describe their capabilities.
Roman (AD): why this work is SACM novel?
In order to progress the Architecture, implemetations need to be created that explore the coordination and parameters to build a continuous monitoring coordination and collection system.
Kathleen: A possiblity is how does this get used to support posture assessment and we could make this happen with the coordinated data collection. But that would take longer and expand the scope.
Milestone Conversation
Chairs presented 3 possible ways forward for the WG - noting that the current energy in the group is quite low - minimal mailing list activity, little document progress.
- Option A
- Drop all milestones that aren't CoSWID or Architecture
- Revise milestones on SACM Arch to submit to IESG by Dec 2021.
- Add milestone to close WG or re-charter if all milestones have not progressed to at least the IESG by Jan 2022.
- Option B
- Finish CoSWID and pause the WG for a year to see if contributions are forthcoming at that point
- Option C
- WG suggestions?
AD - there isn't really a "pause" mechanism for WGs.
Jessica Fitzgerald-McKay: prefers option A. Would like to see Architecture progress and would like to see SDO deconfliction with related efforts.
Adam Montville: option A but worried about participation. He and Bill have uneven participation, need help. Would like to see implementations exist. He and Bill would prefer a messaging agnostic fabric for the architecture, not tied to OpenDXL.
Henk: wants to say option A but not in the position to provide significant time to the architecture draft. As to messaging for middleware, would like to possibly see a Kafka verison.
Roman: a lot of aspiration for option A, but not sure if he sees the energy in the working group to do. If the energy is demonstrated then a re-charter to tackle proposed work in December is possible, otherwise WG should close.
Actions from meeting
- [ ] Confirm milestones and way ahead on the mailing list.
- [ ] Adam/Bill schedule time for architecture design meetings and post them to the list, all welcome to partiipate.
- [ ] chairs / support of Adam, Bill, Jessica, David(?) - work to meet with other relevant SDOs and deconflict efforts.
- [ ] chairs - schedule virtual interim meeting