SACM Virtual Interim Notes 2015-02-09 ========================== Agenda ====== * All times Eastern 10:00 - Admin, Note Takers, Agenda bashing 10:05 - Status - chairs 10:10 - Tracker decisions - chairs 10:20 - Architecture I-D - Nancy 10:30 - Requirements I-D - Nancy 10:40 - Endpoint ID Design Team report and discussions - David 11:50 - Next steps and way forward - chairs Notes ===== Brief terminology draft discussion. Draft will be updated before it is scheduled to expire in six days. Other draft authors will note new terms that should be considered for the terminology draft. Kathleen is providing an overview of the pending IESG decision on Use Case draft; she'll know more tomorrow. There has been a suggestion that new working groups will create use cases as part of the chartering effort in the future. For SACM, there is an important issue with respect references from other drafts to the Use Case draft. We're 1 year late with protocol and data format submissions, and we're still far from making a good guess as to when this will be ready. We are planning to update the milestones with a proposal to be provided prior to and discussed at IETF 92. Dave Waltermire is asking whether there is anything stoping any submitter from submitting drafts for data models and protocols. Lisa Lorenzin mentioned that the Information Model may stand in the way of that. But, still, do we need to wait? No - avoid serialization. As Kathleen has pointed out, we did have a CFP for this purpose. Then, if submissions are made in that spirit, we can submit counterproposals when we feel it is necessary. Bottom line: Let's get the proposals in and look at them. At this point there was a discussion about when we can reference existing work, specifically in light of whether the reference is to work published and maintained by a recognized SDO. As a general rule, if the work is coming from an organization that is obviously an SDO, then go ahead and reference it. If you look at a non-SDO that consists of a group of vendors, then you may want to consider something that's more RFC-ish - bring the body of work in to the working group over referencing. Organizations like TCG are a bit like this, because they're freely available when the specifications are done, but the IETF Trust may not recognize or categorize the organization as an SDO. Dan is suggesting that anyone who wants to bring in existing work that may be from a non-SDO, to start a mail thread on the issue with a pointer to the work and getting early WG "approval" to looking at the existing work. Moving on to tracker issues. There was a clear preference on the list to use git. Therefore, the chairs have called consensus on using git and propose that the WG move on to an implementation. The plan is to start using github from this point forward and not to systematically populate github issues with those already mentioned on the list. In other words, we will not go back into the archives on running documents, but we will work using this moving forward - if you care about an issue you've raised, then you need to put it into github. The floor is open for implementation proposals: Who's going to be responsible for standing up the github repository? Aziz Mohaisen has volunteered to establish the initial repository and share credentials with authors (initially at least the owners of the current drafts to be added). We skipped over architecture and requirements, because Lisa, as a last-minute replacement for Nancy, doesn't really have much to add at this time. We need to start moving these drafts toward WG last call. There are open questions listed in the draft (inline in the draft) and other comments are expected to be submitted this week. Moving into Endpoint ID Design Team review. A few new terms have been defined. The design team has concluded that there are primary and secondary classes of identifying attributes, because all endpoint attributes can be used to establish identity, but not all attributes are well-suited for this purpose. The design team has been working with respect to the following scenario: Software on an endpoint is asserting posture relating to the endpoint's software inventory and configuration state. Cliff is contributing to the discussion on provenance as he's been the person digging in the most - we are looking at W3C PROV as a basis for SACM provenance. He did point out that we will need to refine our noted understanding of W3C PROV (the notes as presented in the slides are a bit different than what PROV intends). Throughout this portion of the meeting, there were some questions raised, but they all seemed to be sufficiently addressed. There are remaining challenges and the Endpoint ID design team will continue running until these challenges are answered, probably lasting up until IETF 92. Way Forward =========== Avoid serialization Work to meet short term milestones (framework/architecture) Set new WG milestones Submission cut-off for IETF 92 is 03/09 Design Team Two meetings at IETF 92 Attendees ========= Dan Romascanu Adam Montville Aziz Mohaisen (Note taker) Chris Inacio David Waltermire Ira McDonald Jarrett Lu Jim Schaad Clifford Kahn Josh Lubell (Note taker) Kathleen Moriarty Jim Bieda Henk Birkholz Lisa Lorenzin (Call-in User_4) Danny Haynes Jessica Fitzgerald-McKay