SACM_Virtual_Interim_Notes_2015-01-05 Agenda *10:00 - Admin, Note Takers, Agenda Bashing *10:05 - Status (chairs) *10:10 - Endpoint ID Design Team report and discussions (David W.) *11:00 - Architecture I-D (Nancy CW) *11:15 - Requirements I-D (Nancy CW) *11:30 - GitHub presentation and demo (Aziz), followed by tracker discussion *11:50 - New milestones and way forward (chairs) Administravia Note takers - Josh Lubell and David Waltermier (short of Endpoint discussion) Status We are going to update the use case draft as part of Feb2015. (Altering "way forward" from IETF 91) Chairs are going to get together and draft a new set of milestones to propose to the group. (Action required by chairs) No further discussion on status. Endpoint ID Design Team Presentation The Endpoint ID Design Team (EIDT) has met twice since the last meeting. Several terms have been proposed within that design team, including: Identifying Attribute, Endpoint Attribute Assertion, Alias, and Label. Ira is wondering about adding "endpoint identity assertion", the specific subset of endpoint attributes that can be used to create the set. It's different from endpoint attribute assertion in that it is, in effect, authorizing those endpoint attributes that can be used as a basis for identity. He will post this to the list. There is still contention about scope in EIDT and extensibility, issues that will continue to be worked on as the EIDT continues to meet between virtual and face-to-face meetings. Dave is suggesting an IANA registry to help handle extensibility concerns, and Lisa is saying that this approach might be good enough. This came up as part of the primary/secondary goal discussion. Trouble with the term "confidence" from secondary goals. We need to simply find the term of art in, perhaps, risk management circles to drive this to a conclusion. We are concerned about "confidence" but in what exactly? EIDT meetings will continue to be organized and driven by Dave W. Architecture Draft Basically addressed nits and such. Updates focused primarily on Security Considerations. Dave W. suggested that 3.1.3 be reworded to increase clarity that a data store could be a separate component. Requirements Draft Nancy folded requirements from use cases into the information and transport sections. She tried to beef up the Security Considerations section as well. Nancy is explicitly calling for Security Considerations review (as well as the rest of the document). Dan has some comments. General comment: We have inconsistent use of capitalized keywords, which can be confusion - suggesting that this is corrected the next revision of the draft (proper capitalization is important for understandability). Dan will send Nancy a more detailed review. Section 2.3 is still talking about data models and information models at the same time, which are different things - we need to distinguish these things, or otherwise make the intent of the document clear at this point. GitHub Discussion Overview of GitHub describing different interaction clients (e.g. browsers, mobile) and features (e.g. wikis, feature requests, etc.). There are paid and free accounts. Paid can be made private. Free is public. They do host open-source projects. Git is user-centric as opposed to server-centric - it's P2P over client-server. Dan asked Aziz about fitness of GitHub for SACM's goals, where the goals are principally to manage comments, tracking, etc. Aziz believes GitHub is good for the job. It specifically allows concurrent document edits. We can track things specifically... This is easy in GitHub. Dan is mentioning that other working groups are leveraging GitHub also, so we can look into those groups to look at the archives to see how they work, etc. Chris is mentioning markdown-to-RFC. Kathleen will get a current answer from other AD's to get things right. Chris is saying that this would make a big difference. There is some concern about issue tracking, which is a somewhat different problem to solve. Dan is going to propose some questions to the list for this consideration and we'll move forward from there. Way Forward *Avoid serialization *Work to meet short term milestones -Update Use Case document (Feb 2015) -Submit Requirements to IESG (Feb 2015) -Data model broken into two sections -Security Considerations finalized -Submit Architecture to IESG (March 2015) -Security Considerations finalized -Submit Information Model to IESG (March 2015) *Set new WG milestones *EIDT will continue... *Second interim in February (probably something like 2nd/3rd week - weeks of 2/9 and 2/16) There's a bit of discussion about whether we should progress the Use Case document through IESG. There is apparently some problem with this in IESG. We are, however, referencing the Use Case document in other drafts, so having this published seems warranted. Attendees (at start): *Adam Montville *Dan Romascanu *Aziz Mohaisen *Carolin Latze *Charles Schmidt *Clifford Kahn *Danny Haynes *David Waltermire *Henk Birkholz *Ira McDonald *Jarrett Lu *Jessica Fitzgerald-McKay *Jim Bieda *Josh Lubell *Kathleen Moriarty *Lisa Lorenzin *Nancy Cam-Winget *Ron Colvin *Call-in User_6 (Carolin Latze) *Call-in User_7 (Charles Schmidt) *Call-in User_9 (Chris Inacio)