Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-patnc
Andreas Steffen <andreas.steffen@strongswan.org> Tue, 01 August 2017 12:59 UTC
Return-Path: <andreas.steffen@strongswan.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82462132048 for <sacm@ietfa.amsl.com>; Tue, 1 Aug 2017 05:59:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40_m3qt-qCEc for <sacm@ietfa.amsl.com>; Tue, 1 Aug 2017 05:59:56 -0700 (PDT)
Received: from mail.strongswan.org (sitav-80046.hsr.ch [152.96.80.46]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E83213200D for <sacm@ietf.org>; Tue, 1 Aug 2017 05:59:56 -0700 (PDT)
Received: from [10.10.1.15] (46-126-238-39.dynamic.hispeed.ch [46.126.238.39]) by mail.strongswan.org (Postfix) with ESMTPSA id 177EE401A8; Tue, 1 Aug 2017 15:00:14 +0200 (CEST)
To: Adam Montville <adam.w.montville@gmail.com>, Karen O'Donoghue <odonoghue@isoc.org>, "sacm@ietf.org" <sacm@ietf.org>
References: <E40D1FEF-2408-4508-AEBC-AC3052D3AAD3@isoc.org> <CACknUNWFVWBaDuKs_sVpHU7m3jg_WmMrB3-CJy6HCJwj6AhLyQ@mail.gmail.com>
From: Andreas Steffen <andreas.steffen@strongswan.org>
Message-ID: <c17cc872-c263-5dd5-36fd-bb459a1f4509@strongswan.org>
Date: Tue, 01 Aug 2017 14:59:53 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CACknUNWFVWBaDuKs_sVpHU7m3jg_WmMrB3-CJy6HCJwj6AhLyQ@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010402060404000205060804"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/3DMGbS9m7yMI4Higbrri2_RRaIw>
Subject: Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-patnc
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 12:59:58 -0000
Hi Adam, see my inline comments On 31.07.2017 21:51, Adam Montville wrote: > > Propose renaming "SW Attribute" to "SWIMA Attribute", which seems more > accurate. Take a look a the "SW Attribute" subtypes listed in section > 5.2 to understand my motivation. Assuming "SW" expands to "software" > (which is a reasonable presumption), then SW Request is not a SW > Attribute. A SW Attribute might be a configuration item that software > contains, but not a SW Request. The SW Request attribute is used to > request software inventory related information from an endpoint, and is > thus more appropriately an attribute associated with SWIMA than with > "software". If this is acceptable, then we should update the term in > section 10.1. > A SW Request can very well be a SW Attribute. Have look at RFC5792 PA-TNC were the standard Attribute Request Attribute is defined https://tools.ietf.org/html/rfc5792#section-4.2.1 which can be used by a Posture Validator to request any number of PA-TNC attributes from a Posture Collector. > Then, we may want to consider expanding "SW" to "SWIMA" wherever > appropriate (i.e. SW Request could become SWIMA Request), which is > longer to type but also inarguably more clear. > SWIMA is the acronym for *Software Inventory Message and Attributes", i.e the I-D document is about Software Inventory Attributes being transported in PA-TNC messages of PA Subtype "SW Attributes". Since a Posture Validator can request either a SW [Identifier] Inventory Attribute or a SW [Identifier] Events Attribute, SW Request is a very good description for the request. > On Page 15 the draft states "All SW-PCs MUST at least be able to > generate Software Identifiers for the data model types specified in > Section 6 of this document." Section 6 describes data models for SWID > 2009 and SWID 2015, but nothing else. Is this really what we desire? > What about Linux distribution package managers? What about discovered > software outside typical installation patterns? And, does it make sense, > in a brokered architecture like NEA, to require redundant capabilities > in the anticipated myriad collectors?> Before the advent of SWIMA, simple software inventory information (Package Name/Package Version Number) available from a Linux Package Manager had to be sent in a standard Installed Packages Attribute accompanied by a standard Product Version Attribute (giving information about the underlying Operating System), both attributes defined in RFC5792 PA-TNC. Thus a minimalistic SWID 2015 tag of the form <SoftwareIdentity name="tar" tagId="Ubuntu_16.04-x86_64-tar-1.28-2.1ubuntu0.1" version="1.28-2.1ubuntu0.1" versionScheme="alphanumeric"> <Entity name="strongSwan Project" regid="strongswan.org" role="tagCreator"/> </SoftwareIdentity> carries about the same information and the software release can be uniquely referenced by a Software Identifier of the form strongswan.org__Ubuntu_16.04-x86_64-tar-1.28-2.1ubuntu0.1 Hopefully some time in the not too distant future Ubuntu in the role of a distributor would then release signed reference SWID 2015 tags e.g. with a Software Identifier of the form ubuntu.com__16.04-amd64-tar-1.28-2.1ubuntu0.1 retrievable from the page manager. I think for most use cases the SWID 2015 Data Model can be used. I'm not sure about the relevance of the SWID 2009 Data Model because only about a dozen of tags seem to exist in the wild. The extensibility of the Data Model via the PEN/Type mechanism is very important. I think there are shortly going to be SWID 2015 variants, e.g using a JSON or CBOR encoding of the SW record. Hope this helps Andreas ====================================================================== Andreas Steffen andreas.steffen@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions HSR University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[INS-HSR]==
- [sacm] WGLC for draft-ietf-sacm-nea-swima-patnc Karen O'Donoghue
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Andreas Steffen
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Henk Birkholz
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Ruben Oliva
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Waltermire, David A. (Fed)
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Nancy Cam-Winget (ncamwing)
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Andreas Steffen
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Nancy Cam-Winget (ncamwing)
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Karen O'Donoghue
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville