IETF Logo Mail Archive

Re: [mile] Working group last call for ROLIE

"Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov> Mon, 24 April 2017 21:02 UTC

Return-Path: <stephen.banghart@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B4CA129456 for <mile@ietfa.amsl.com>; Mon, 24 Apr 2017 14:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tWz7SkIIIbPJ for <mile@ietfa.amsl.com>; Mon, 24 Apr 2017 14:02:11 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0100.outbound.protection.outlook.com [23.103.200.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A2721292D0 for <mile@ietf.org>; Mon, 24 Apr 2017 14:02:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5ec5B96EBy6nUWgPn39uBZegcNsGersypjGtBGC2SjI=; b=gUFgLItcmsUiEbVocJtX4CNEowjbWq2293r2uCWyOeICPLaJvMEUDh87fjdv02XGOB8qEmAqP4KMCh7l7s3sTZF5b8Upky2jVdFf1a0jcbzuq9Imot1rw4BhCaGnluUEyMsmbBosgFDOTEwHbkCsWh+84ZmZs4h0OziS1/vTbSA=
Received: from DM5PR09MB1307.namprd09.prod.outlook.com (10.172.34.141) by DM5PR09MB1305.namprd09.prod.outlook.com (10.172.34.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.13; Mon, 24 Apr 2017 21:02:10 +0000
Received: from DM5PR09MB1307.namprd09.prod.outlook.com ([10.172.34.141]) by DM5PR09MB1307.namprd09.prod.outlook.com ([10.172.34.141]) with mapi id 15.01.1047.019; Mon, 24 Apr 2017 21:02:09 +0000
From: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
To: "Schmidt, Charles M." <cmschmidt@mitre.org>
CC: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: Working group last call for ROLIE
Thread-Index: AQHSqBrX3wNPiZjeRUuG2OC1scqiSqHVDH4wgAAQRaA=
Date: Mon, 24 Apr 2017 21:02:09 +0000
Message-ID: <DM5PR09MB1307E859ECDE8D64EC66A677F01F0@DM5PR09MB1307.namprd09.prod.outlook.com>
References: <CC7AB8C2-66EC-4B75-9CFA-F9A1D7A9C46D@cisco.com> <CY1PR09MB0889F3426B92B044A59ED793AB1F0@CY1PR09MB0889.namprd09.prod.outlook.com>
In-Reply-To: <CY1PR09MB0889F3426B92B044A59ED793AB1F0@CY1PR09MB0889.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: mitre.org; dkim=none (message not signed) header.d=none;mitre.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.227.79]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR09MB1305; 7:ADJEdz9l0UMHVbF93RqWzvlXAhCmM9GFaq4wo17otwz8ZmR+qgAbfLwTYGFPk9S5fuQdKhd2lpEa5KgbUj+bffRiAQ3qpgIOEkvD5gbl4Wy/6l3HjxFeTGm+QlZfXF3B8inhoarTfbAxDSUkZ998YhSUiBMWGN49N9CT8+DuRLe73tdoEc9rbdz7CWwWAW8cnh8D2arJGXxYdCjX0nlx9Lbdj2bYF82u4G1x9jrOIqhAU6srssJSetctphvk7hVfNojSu+yZfNlw67oxQUTYH7RGFJOMcxMxyGdmYGPqUHz+pDqLC91ffJVJDUsJPpE6JtEzNSqBHOFLtFc5ERKySA==
x-ms-office365-filtering-correlation-id: abe0f1da-84ee-43e4-25ac-08d48b552c68
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:DM5PR09MB1305;
x-microsoft-antispam-prvs: <DM5PR09MB130554F2D63125064882B805F01F0@DM5PR09MB1305.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:DM5PR09MB1305; BCL:0; PCL:0; RULEID:; SRVR:DM5PR09MB1305;
x-forefront-prvs: 0287BBA78D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39410400002)(39400400002)(39850400002)(13464003)(51914003)(377454003)(6916009)(2950100002)(4326008)(38730400002)(110136004)(305945005)(6506006)(33656002)(77096006)(54356999)(76176999)(74316002)(50986999)(25786009)(53546009)(7736002)(122556002)(229853002)(7696004)(6246003)(102836003)(5660300001)(3846002)(6116002)(2906002)(8936002)(6306002)(3660700001)(3280700002)(9686003)(99286003)(53936002)(66066001)(2900100001)(55016002)(6436002)(8676002)(86362001)(189998001)(81166006); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR09MB1305; H:DM5PR09MB1307.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2017 21:02:09.6823 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR09MB1305
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/ZgGPr7gZi5h8SBuego8L9LywyVg>
Subject: Re: [mile] Working group last call for ROLIE
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 21:02:14 -0000

Charles,

Thanks for the comments and review, I've put my responses in-line.

Several of your comments speak to some focus issues in the front matter (sections 1 and 4). In lieu of attempting to address each of these issues individually, I believe the document would benefit most from these sections being tightened and condensed to focus on the most important aspects of ROLIE. These edits would only address the front matter and have no normative impact on the specification, so I'll make those edits on the Github to be included with the rest of the incorporated feedback.

I'll inform you and the list on the status of those changes as they occur.

-Stephen Banghart

> -----Original Message-----
> From: mile [mailto:mile-bounces@ietf.org] On Behalf Of Schmidt, Charles M.
> Sent: Monday, April 24, 2017 3:44 PM
> To: mile@ietf.org
> Subject: Re: [mile] Working group last call for ROLIE
> 
> Hello,
> 
> I have only gotten as far as 5.1.2 (inclusive), but in the interest of getting this
> information to you sooner rather than later, my comments so far are below:
> 
> Section 1:
> - "As the set of resource Collections are forward facing, the consumer may
> search all available content for which they are authorized to view, and
> request the information resources which are desired." - I wasn't sure what
> "forward facing" means in this case. Also, I found the wording a bit awkward.
> I suggest rewriting the second clause as, "the consumer may search all
> available content they are authorized to view, and request the desired
> information resources."

Forward-facing was intended to note that the collections are easily visible to the user, I've changed the wording of the first clause to reflect that and accepted your change on the second clause.

> - Paragraph 1, second to last sentence: In the preceding sentences, you talk
> about a customer contacting repository and requesting data. This sounds like
> a point-to-point solution. This makes the penultimate sentence of the
> paragraph, which describes point-to-point messaging as the "old way" of
> doing things over which ROLIE provides an improvement, very odd sounding.
> I understand how ROLIE does, in fact, go beyond point-to-point relationships,
> but given that, thus far, only the point-to-point aspects of ROLIE have been
> discussed, the contrast seems off.
> - Paragraph 1, second to last sentence: you point out that the "old way" of
> doing things involves an interaction "following a triggering event". I would
> argue that all automated systems follow "a triggering event" of some kind, so
> I think you need some more context here if you are going to contrast ROLIE
> with "triggering event"-driven systems.
> - Paragraph 1, last sentence: You describe some disadvantages of point-to-
> point systems here. I don't think I agree with any of your assertions here.
> Specifically, HTTP is used in point-to-point solutions and I would argue that it
> is not inherently closed, duplicative, or hindering of automated security.
> 

See top of message.

> Section 2:
> - Definition of Information Type: You state that this is a class of information
> "that can be automated". So does this mean that ROLIE will not support
> dissemination of security information unless that information can support
> automation? I think a fair amount of cyber threat intelligence (for example)
> remains informative in nature, but there is still a value to its dissemination.

Agreed, we've changed the definition to "A class of security automation information having an associated data model. Often this information is the subject of a security process that can be automated." in order to be more inclusive of human information whilst making it clear that this is automation focused.

> Section 4:
> - General comment: I think this section overlooks some of the real benefits
> of ROLIE while simultaneously making some questionable claims about it. The
> way I see it, the main ROLIE benefits are:
> 1) Open interface for virtually any type of cybersecurity information. While
> most existing tools focus on a specific kind of info, ROLIE seeks to be the
> common language.
> 2) Distributed model making it make new data available in an existing
> network and have it be found by users.
> 3) Stateless communication model simplifies use. (You dance around this in
> 4.3, but spend most of that time talking about other supposed aspects of
> RESTful systems and less about the state.) I think these are important values
> of ROLIE and are more real than many of the other claims.
> 
> Section 4.1:
> - General comment: I have read this section a few times and still do not
> understand what you are claiming. In first paragraph you point out the old
> way requires consumers to gather information and then to evaluate it. Thus
> (by implication), a contrasting new way would just have the data appear, and
> for it to be the right data even if the consumer doesn't know what they
> need.
> By contrast, in the last paragraph you talk about more typical "search a body
> of data and request what you need". Again, you state how the old ways are
> weak, but then describe a solution that seems to use those same methods.
> 
> Section 4.2:
> - Section title: I think "Knowledge *Aggregation*"  is the wrong word.
> Aggregation implies that many sources are being integrated into a unified set
> of information. What you describe in paragraph 1 is "having lots of
> information", paragraph 2 is "having the right information", and paragraph 3
> alludes to a federated model. I'm not really sure what your main point is, but
> it doesn't seem to be "aggregation".
> 
> Section 4.3:
> - Paragraph 2, sentence 1: "A key aspect of any RESTful Web service is the
> ability to provide multiple resource representations." - This is an aspect of
> multiple RESTful implementations (HTTP, Atom, etc.), but it is not part of any
> definition of the RST Model itself as far as I have found. My understanding is
> that REST is about the exchange more than the data. Maybe I'm looking at
> the wrong reference...
> - Paragraph 3, sentence 1: "Finally, an important principle of the REST
> architectural style is the focus on hypermedia as the engine of application
> state (HATEOAS)." - I think this statement is a mischaracterization. HATEOAS
> is defined as a constraint/refinement of REST. As such, it builds on REST
> rather than serving as a core principle of it.
> 

See top of message.

> Section 5.1
> - Figure: I think you need an ellipsis or some other indicator of variable
> numbers, or does each service contain exactly two Workspaces, each with
> one Collection, and each of those with one child?
> 

Each workspace and collection can be zero to many. We'll add some notation to show that cardinality.

> Section 5.1.1
> - Bullet 1: "I'm confused by this recommendation. If a Workspace contained a
> mix of public and private data, would it not be possible to hide the private
> data in that case? What about the case where you have multiple levels of
> access for private data - should each level have its own workspace? I'm
> assuming ROLIE supports highly granular access controls, so the "separate
> workspace for public and private data so that private data can be hidden"
> seems like it fails to encompass the versatility that people will want to have."

We've provided this just as a recommendation because there are a couple way to handle the situation. You certainly could hide each collection independently, you could even hide entries individually. By moving the authentication check to the highest level available you avoid potential performance issues and reduce the attack surface.

> 
> I hope this is helpful. I'll try to have comments on more of the spec soon.
> 
> Charles
> 
> > -----Original Message-----
> > From: mile [mailto:mile-bounces@ietf.org] On Behalf Of Nancy
> > Cam-Winget
> > (ncamwing)
> > Sent: Tuesday, March 28, 2017 6:27 PM
> > To: mile@ietf.org
> > Subject: [mile] Working group last call for ROLIE
> >
> > Colleagues,
> >
> >
> >
> > Given the significant changes made to the last draft, we are doing
> > another 30day WGLC for
> >
> > https://tools.ietf.org/html/draft-ietf-mile-rolie-06
> >
> >
> >
> > Please provide comments before May 1st and provide your support and/
> > or raise any issue you feel are yet to be addressed.
> >
> >
> >
> > Regards, Nancy
> 
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile

v2.23.0 | Report a Bug | By Email