SACM virtual interim minutes # SACM Virtual Interim October 20, 2020 ## Attendees * Karen Odonoghue * Chris Inacio * Bill Munyan * Jessica Fitzgerald-McKay * Peter Yee * Adam Montville * Michael Richardson * Henk Birkholz * Roman Danyliw ## Concise Software Identification Tags * document: draft-ietf-sacm-coswid-15 * status: awaiting response to AD Review Henk: Thanks for the feedback. The document authors are working through the Roman Danyliw's AD feedback and Thomas Fossati's implementation feedback. An update is expected before the IETF 109 draft cut-off. Karen: As a process check, if changes from Thomas are really significant, does it need to brought to the WG? ** Roman: It's a judgement call based on the scope of the change. We can informally consult the WG if needed despite it being in AD review. ## Endpoint Posture Collection Profile * document: draft-ietf-sacm-epcp-01 * status: awaiting response to AD Review Jessica: I would like feedback from the WG on stopping the work based on the extensive AD review. Likewise, there continues to be ongoing discussion on what is the document and the value it provides given the long duration to get this published. * Karen: does anyone object to stopping work on this document? * Adam: EPCP seems to be a subset of the architecture document. If we stop work on the EPCP, does this complicate the text in the architecture document. * Jessica: I see no issue with pulling text from the EPCP draft and putting it in the architecture draft. The Original SCAP work that motivated this draft has moved on. * Karen: Based on what's being voiced here, there appear to be no objections to stopping work on this draft. We'll confirm this on the mailing list. * Michael: I'm trying to understanding why we are doing it - is it we are out of energy to work on it, or there is no longer need? * Jessica: It is more that there is no longer a need in the community. The process of producing the document has informed the working group. * Henk: We can note that work this document informed in the data tracker * Roman: If there is consensus on the mail list, I can send the document back to the WG and it can be marked as "WG Document: Dead" with a pointer to the mailing list explaining how the WG came to that decision. * Karen: Thank you for all of the hard work put into it. ## ROLIE * document: draft-mandm-sacm-rolie-configuration-checklist-02 Karen: There was a call for adoption and there is critical mass to adopt it as a WG document. ## SACM Architecture * document: draft-ietf-sacm-arch-07 Adam: Per the early AD review: * audience would be those implementing the SACM architecture * if it stays standards track, the details of the protocol would go there * Henk: this architecture document would have value to RATS. It provides a second domain of applicability. * Jessica: Do you think that RATS would be interesting in taking on this work? * Henk: It might be contentious to change the RATS architecture. However, it could potentially be informed by workflows? * Roman: Is the link to RATS about specific claims - the architecture, EPCP, and the SACM don't cover any of them. * Henk: * Karen: it doesn't appear to we understand the next steps * Roman: Can we bring the SACM implementors to the discussion to review and validate the architecture? What is the protocol work envisioned as the next step? * Michael: It doesn't appear to be an architecture issue, but an implementation issue. Moving it to RATS won't help. * Adam: We plan to implement it (but we are also the authors) * Karen: What would the document authors want? * Adam: More review and implementation would help * Roman: Can we separate the high-level architecture from the specification of the protocol details? ## Wrap Up Karen: We need progress on the document to use our IETF 109 time productively. Karen: We haven't gotten to next steps on the working group.