Minutes for SACM at interim-2015-sacm-2

Meeting Minutes Security Automation and Continuous Monitoring (sacm) WG
Title Minutes for SACM at interim-2015-sacm-2
State Active
Other versions plain text
Last updated 2015-02-24

Meeting Minutes

SACM Virtual Interim Notes

        * All times Eastern

        10:00 - Admin, Note Takers, Agenda bashing
        10:05 - Status - chairs
        10:10 - Tracker decisions - chairs
        10:20 - Architecture I-D - Nancy
        10:30 - Requirements I-D - Nancy
        10:40 - Endpoint ID Design Team report and discussions - David
        11:50 - Next steps and way forward - chairs


Brief terminology draft discussion.  Draft will be updated before it is
scheduled to expire in six days.  Other draft authors will note new terms that
should be considered for the terminology draft. Kathleen is providing an
overview of the pending IESG decision on Use Case draft; she'll know more
tomorrow.  There has been a suggestion that new working groups will create use
cases as part of the chartering effort in the future.  For SACM, there is an
important issue with respect references from other drafts to the Use Case draft.

We're 1 year late with protocol and data format submissions, and we're still
far from making a good guess as to when this will be ready.  We are planning to
update the milestones with a proposal to be provided prior to and discussed at
IETF 92.

Dave Waltermire is asking whether there is anything stoping any submitter from
submitting drafts for data models and protocols.  Lisa Lorenzin mentioned that
the Information Model may stand in the way of that.  But, still, do we need to
wait?  No - avoid serialization.  As Kathleen has pointed out, we did have a
CFP for this purpose.  Then, if submissions are made in that spirit, we can
submit counterproposals when we feel it is necessary.  Bottom line: Let's get
the proposals in and look at them.

At this point there was a discussion about when we can reference existing work,
specifically in light of whether the reference is to work published and
maintained by a recognized SDO.  As a general rule, if the work is coming from
an organization that is obviously an SDO, then go ahead and reference it.  If
you look at a non-SDO that consists of a group of vendors, then you may want to
consider something that's more RFC-ish - bring the body of work in to the
working group over referencing.  Organizations like TCG are a bit like this,
because they're freely available when the specifications are done, but the IETF
Trust may not recognize or categorize the organization as an SDO.

Dan is suggesting that anyone who wants to bring in existing work that may be
from a non-SDO, to start a mail thread on the issue with a pointer to the work
and getting early WG "approval" to looking at the existing work.

Moving on to tracker issues.  There was a clear preference on the list to use
git.  Therefore, the chairs have called consensus on using git and propose that
the WG move on to an implementation.  The plan is to start using github from
this point forward and not to systematically populate github issues with those
already mentioned on the list.  In other words, we will not go back into the
archives on running documents, but we will work using this moving forward - if
you care about an issue you've raised, then you need to put it into github.

The floor is open for implementation proposals: Who's going to be responsible
for standing up the github repository?  Aziz Mohaisen has volunteered to
establish the initial repository and share credentials with authors (initially
at least the owners of the current drafts to be added).

We skipped over architecture and requirements, because Lisa, as a last-minute
replacement for Nancy, doesn't really have much to add at this time.  We need
to start moving these drafts toward WG last call.  There are open questions
listed in the draft (inline in the draft) and other comments are expected to be
submitted this week.

Moving into Endpoint ID Design Team review.  A few new terms have been defined.
 The design team has concluded that there are primary and secondary classes of
identifying attributes, because all endpoint attributes can be used to
establish identity, but not all attributes are well-suited for this purpose. 
The design team has been working with respect to the following scenario:
Software on an endpoint is asserting posture relating to the endpoint's
software inventory and configuration state.

Cliff is contributing to the discussion on provenance as he's been the person
digging in the most - we are looking at W3C PROV as a basis for SACM
provenance.  He did point out that we will need to refine our noted
understanding of W3C PROV (the notes as presented in the slides are a bit
different than what PROV intends).

Throughout this portion of the meeting, there were some questions raised, but
they all seemed to be sufficiently addressed.

There are remaining challenges and the Endpoint ID design team will continue
running until these challenges are answered, probably lasting up until IETF 92.

Way Forward
        Avoid serialization
        Work to meet short term milestones (framework/architecture)
        Set new WG milestones
        Submission cut-off for IETF 92 is 03/09
        Design Team
        Two meetings at IETF 92

        Dan Romascanu
        Adam Montville
        Aziz Mohaisen (Note taker)
        Chris Inacio
        David Waltermire
        Ira McDonald
        Jarrett Lu
        Jim Schaad
        Clifford Kahn
        Josh Lubell (Note taker)
        Kathleen Moriarty
        Jim Bieda
        Henk Birkholz
        Lisa Lorenzin (Call-in User_4)
        Danny Haynes
        Jessica Fitzgerald-McKay