IETF Logo Mail Archive

Re: [mile] Working group last call for ROLIE

"Schmidt, Charles M." <cmschmidt@mitre.org> Mon, 24 April 2017 19:44 UTC

Return-Path: <cmschmidt@mitre.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D78131661 for <mile@ietfa.amsl.com>; Mon, 24 Apr 2017 12:44:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MhW3KRXu45WX for <mile@ietfa.amsl.com>; Mon, 24 Apr 2017 12:44:11 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 0D8EA1314ED for <mile@ietf.org>; Mon, 24 Apr 2017 12:44:11 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 1F5B26FC005 for <mile@ietf.org>; Mon, 24 Apr 2017 15:44:21 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (imshyb01.mitre.org [129.83.29.2]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 107AC6DC00A for <mile@ietf.org>; Mon, 24 Apr 2017 15:44:21 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 24 Apr 2017 15:44:09 -0400
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Mon, 24 Apr 2017 15:44:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2KcPEyZEnn5jJN3UJpnoLVg6iS820QkzG69fIpg8zBM=; b=ed9gMFtevj6o3qd5gCUfucL7gwNPcMuiWioiqxpDRiQrDFs1WKJWKnIhPuuJQclNbzSFmlSSr8y2PtvkDXw6JT7TsuRa5pCigJLko7+upJqt0N6eb1hgHakKhIumTAi09ji1ydxkCFDcHz1d2Y+nes3UrkjEpbaTxNqSXtZuJX4=
Received: from CY1PR09MB0889.namprd09.prod.outlook.com (10.163.43.27) by CY1PR09MB0891.namprd09.prod.outlook.com (10.163.43.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.13; Mon, 24 Apr 2017 19:44:08 +0000
Received: from CY1PR09MB0889.namprd09.prod.outlook.com ([10.163.43.27]) by CY1PR09MB0889.namprd09.prod.outlook.com ([10.163.43.27]) with mapi id 15.01.1047.019; Mon, 24 Apr 2017 19:44:08 +0000
From: "Schmidt, Charles M." <cmschmidt@mitre.org>
To: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: Working group last call for ROLIE
Thread-Index: AQHSqBrX3wNPiZjeRUuG2OC1scqiSqHVDH4w
Date: Mon, 24 Apr 2017 19:44:07 +0000
Message-ID: <CY1PR09MB0889F3426B92B044A59ED793AB1F0@CY1PR09MB0889.namprd09.prod.outlook.com>
References: <CC7AB8C2-66EC-4B75-9CFA-F9A1D7A9C46D@cisco.com>
In-Reply-To: <CC7AB8C2-66EC-4B75-9CFA-F9A1D7A9C46D@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=mitre.org;
x-originating-ip: [192.160.51.89]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0891; 7:rPIiisbb4RdfNVbZ7nUs8ql2z8bTooDa44x/yuLViBKl61/3MjTJA0i2WSPR72Db2A4soVsLp6bGbbCquDkPXDxNAYg9TVXFGS+Tznf5/crETcKVyuyosN2e0DebSFh56Rj4NJ3x8TDoIQMd+wqNTlCzzjR3w20YFhXE0T5pmlnlVau0ZcmYPkfrcJ9QycaX2P/pxceVEjllpRMO/sgSX8ILoYIIZXYQdH4dfjVNu3lWS+7nzCyMAoX8hlM4LO4QLXXJtVpYZRjNSqoTWr1MDBfgcab84/9YVZ+DWD/lHDSl1s+l8Bh0q8l+phsrGUijiGzD4nvLZ/Xy5yCAqM3Guw==
x-ms-office365-filtering-correlation-id: 3bb58143-5081-434a-cf7b-08d48b4a45c4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:CY1PR09MB0891;
x-microsoft-antispam-prvs: <CY1PR09MB0891856596A27D721A337CD6AB1F0@CY1PR09MB0891.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:CY1PR09MB0891; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0891;
x-forefront-prvs: 0287BBA78D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39410400002)(39860400002)(39850400002)(39400400002)(39840400002)(13464003)(377454003)(66066001)(189998001)(2900100001)(122556002)(53546009)(53936002)(3660700001)(6306002)(6116002)(102836003)(110136004)(8676002)(1730700003)(5660300001)(2950100002)(81166006)(305945005)(6916009)(38730400002)(74316002)(5640700003)(33656002)(77096006)(55016002)(99286003)(7736002)(8936002)(25786009)(3846002)(7696004)(229853002)(6436002)(9686003)(54356999)(2351001)(2501003)(6246003)(3280700002)(6506006)(2906002)(50986999)(76176999)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR09MB0891; H:CY1PR09MB0889.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2017 19:44:07.7867 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0891
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/xsZLA8utpmO_TcikoFd7yGCsnCY>
Subject: Re: [mile] Working group last call for ROLIE
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 19:44:14 -0000

Hello,

I have only gotten as far as 5.1.2 (inclusive), but in the interest of getting this information to you sooner rather than later, my comments so far are below:

Section 1:
- "As the set of resource Collections are forward facing, the consumer may search all available content for which they are authorized to view, and request the information resources which are desired." - I wasn't sure what "forward facing" means in this case. Also, I found the wording a bit awkward. I suggest rewriting the second clause as, "the consumer may search all available content they are authorized to view, and request the desired information resources."
- Paragraph 1, second to last sentence: In the preceding sentences, you talk about a customer contacting repository and requesting data. This sounds like a point-to-point solution. This makes the penultimate sentence of the paragraph, which describes point-to-point messaging as the "old way" of doing things over which ROLIE provides an improvement, very odd sounding. I understand how ROLIE does, in fact, go beyond point-to-point relationships, but given that, thus far, only the point-to-point aspects of ROLIE have been discussed, the contrast seems off.
- Paragraph 1, second to last sentence: you point out that the "old way" of doing things involves an interaction "following a triggering event". I would argue that all automated systems follow "a triggering event" of some kind, so I think you need some more context here if you are going to contrast ROLIE with "triggering event"-driven systems.
- Paragraph 1, last sentence: You describe some disadvantages of point-to-point systems here. I don't think I agree with any of your assertions here. Specifically, HTTP is used in point-to-point solutions and I would argue that it is not inherently closed, duplicative, or hindering of automated security.

Section 2:
- Definition of Information Type: You state that this is a class of information "that can be automated". So does this mean that ROLIE will not support dissemination of security information unless that information can support automation? I think a fair amount of cyber threat intelligence (for example) remains informative in nature, but there is still a value to its dissemination.

Section 4:
- General comment: I think this section overlooks some of the real benefits of ROLIE while simultaneously making some questionable claims about it. The way I see it, the main ROLIE benefits are:
1) Open interface for virtually any type of cybersecurity information. While most existing tools focus on a specific kind of info, ROLIE seeks to be the common language.
2) Distributed model making it make new data available in an existing network and have it be found by users.
3) Stateless communication model simplifies use. (You dance around this in 4.3, but spend most of that time talking about other supposed aspects of RESTful systems and less about the state.)
I think these are important values of ROLIE and are more real than many of the other claims.

Section 4.1:
- General comment: I have read this section a few times and still do not understand what you are claiming. In first paragraph you point out the old way requires consumers to gather information and then to evaluate it. Thus (by implication), a contrasting new way would just have the data appear, and for it to be the right data even if the consumer doesn't know what they need.
By contrast, in the last paragraph you talk about more typical "search a body of data and request what you need". Again, you state how the old ways are weak, but then describe a solution that seems to use those same methods.

Section 4.2:
- Section title: I think "Knowledge *Aggregation*"  is the wrong word. Aggregation implies that many sources are being integrated into a unified set of information. What you describe in paragraph 1 is "having lots of information", paragraph 2 is "having the right information", and paragraph 3  alludes to a federated model. I'm not really sure what your main point is, but it doesn't seem to be "aggregation".

Section 4.3:
- Paragraph 2, sentence 1: "A key aspect of any RESTful Web service is the ability to provide multiple resource representations." - This is an aspect of multiple RESTful implementations (HTTP, Atom, etc.), but it is not part of any definition of the RST Model itself as far as I have found. My understanding is that REST is about the exchange more than the data. Maybe I'm looking at the wrong reference...
- Paragraph 3, sentence 1: "Finally, an important principle of the REST architectural style is the focus on hypermedia as the engine of application state (HATEOAS)." - I think this statement is a mischaracterization. HATEOAS is defined as a constraint/refinement of REST. As such, it builds on REST rather than serving as a core principle of it.

Section 5.1
- Figure: I think you need an ellipsis or some other indicator of variable numbers, or does each service contain exactly two Workspaces, each with one Collection, and each of those with one child?

Section 5.1.1
- Bullet 1: "I'm confused by this recommendation. If a Workspace contained a mix of public and private data, would it not be possible to hide the private data in that case? What about the case where you have multiple levels of access for private data - should each level have its own workspace? I'm assuming ROLIE supports highly granular access controls, so the "separate workspace for public and private data so that private data can be hidden" seems like it fails to encompass the versatility that people will want to have."

I hope this is helpful. I'll try to have comments on more of the spec soon.

Charles

> -----Original Message-----
> From: mile [mailto:mile-bounces@ietf.org] On Behalf Of Nancy Cam-Winget
> (ncamwing)
> Sent: Tuesday, March 28, 2017 6:27 PM
> To: mile@ietf.org
> Subject: [mile] Working group last call for ROLIE
> 
> Colleagues,
> 
> 
> 
> Given the significant changes made to the last draft, we are doing another
> 30day WGLC for
> 
> https://tools.ietf.org/html/draft-ietf-mile-rolie-06
> 
> 
> 
> Please provide comments before May 1st and provide your support and/ or
> raise any issue you feel are yet to be addressed.
> 
> 
> 
> Regards, Nancy

v2.23.0 | Report a Bug | By Email