Re: [sacm] IETF 95 Agenda on SWID world
Lisa Lorenzin <llorenzin@pulsesecure.net> Thu, 07 April 2016 12:56 UTC
Return-Path: <llorenzin@pulsesecure.net>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B72A12D64D for <sacm@ietfa.amsl.com>; Thu, 7 Apr 2016 05:56:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.132
X-Spam-Level:
X-Spam-Status: No, score=-1.132 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_WEB=0.77, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siriscapitalgroupllc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8tT3Ev37XhUf for <sacm@ietfa.amsl.com>; Thu, 7 Apr 2016 05:55:58 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0084.outbound.protection.outlook.com [207.46.100.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 367E312D811 for <sacm@ietf.org>; Thu, 7 Apr 2016 05:55:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SirisCapitalGroupLLC.onmicrosoft.com; s=selector1-pulsesecure-net; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2sUKUpvge4kC0ZcAeEgoIWmvioWC0nL/aYsCkWk5NaA=; b=H1rM1YgfMaCBhcGeVc4as6KzssWqySuPd6jU8LYV54ITEIDzb8KsUA/wpIHnS4flV8dCxuMXbn+Wwn28K8yoIWwSHoONhkVVYqbW2SPM7pt6DXS+M+uaVkMhqB2VThUTcphZ9EqdavA5ZKuuXedg1XNGv0YFtvL2hK3NiGZx8u8=
Received: from SN2PR0601MB0992.namprd06.prod.outlook.com (10.160.58.28) by SN2PR0601MB0989.namprd06.prod.outlook.com (10.160.58.156) with Microsoft SMTP Server (TLS) id 15.1.447.15; Thu, 7 Apr 2016 12:55:56 +0000
Received: from SN2PR0601MB0992.namprd06.prod.outlook.com ([10.160.58.28]) by SN2PR0601MB0992.namprd06.prod.outlook.com ([10.160.58.28]) with mapi id 15.01.0453.027; Thu, 7 Apr 2016 12:55:56 +0000
From: Lisa Lorenzin <llorenzin@pulsesecure.net>
To: "tony@yaanatech.com" <tony@yaanatech.com>, "adam.w.montville@gmail.com" <adam.w.montville@gmail.com>
Thread-Topic: [sacm] IETF 95 Agenda on SWID world
Thread-Index: AQHRkMUq0PT9RrAvJ0WBiW4BRQHZj59+eBtJ
Date: Thu, 07 Apr 2016 12:55:56 +0000
Message-ID: <000f4262.2ad8cf8730523b39@pulsesecure.net>
References: <04C2FAE9-476B-489F-81CB-48BCAAFA29D6@gmail.com> <SN2PR0601MB099226A18B2F660403AB4DC8A89A0@SN2PR0601MB0992.namprd06.prod.outlook.com> <E6535DCE-089D-4EEA-BA8F-AA1F1D5C42A5@gmail.com>, <57064BF9.4060805@yaanatech.com>
In-Reply-To: <57064BF9.4060805@yaanatech.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: yaanatech.com; dkim=none (message not signed) header.d=none;yaanatech.com; dmarc=none action=none header.from=pulsesecure.net;
x-originating-ip: [200.61.9.66]
x-ms-office365-filtering-correlation-id: f2e258c9-82a3-4b50-1156-08d35ee3f5f0
x-microsoft-exchange-diagnostics: 1; SN2PR0601MB0989; 5:RMV77YOBnyDZPyrU+EKu2tgTqlKUn8X+EdZGZ6o9WsqQxvMc6baux9+LvjcCAP5spV5i26KiWVZVzmaMPR5wft10aZrmRX/tdN0EPGmB2x2Zymq9M9dZ2jwtwPlSnbPqOu/WK8NlKOivO3GOIrvSGA==; 24:ZU8IrXG6erV3YOMmRCi6E+SE/2QbsrkjVAA9JcOD9G/xn43NtviOwl4s0Fu/ANrhfk58ix3iCmcpw6DEztL4PNJfNfghj/B6Bq7pobzKLJ0=; 20:qt53a9v53hEPt7TRzU6bNYIiegeo6KdojNhnfNAT7wv6yx+msLAoFbbGHCgW4u6FDztAfT4DOgvP4YEFleRn5CR+KnXWQ45Xw92mp61dkj0hP5jgRbck9tdAdFpiNwKZ5+2+pi1iG0KhidkYfWvaIcG7VahoWd68pIjJs4K2mo4AaiVrwowW77+LPqYKcIj5c/7IMqqreSBrfKRfSlTW+VnbS19/kg3sQMGaj8T++c4WJR/z3IXuKpzK8BK9GQ9y
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN2PR0601MB0989;
x-microsoft-antispam-prvs: <SN2PR0601MB0989E08BC2EA4D6FD5CB09AAA8900@SN2PR0601MB0989.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:SN2PR0601MB0989; BCL:0; PCL:0; RULEID:; SRVR:SN2PR0601MB0989;
x-forefront-prvs: 0905A6B2C7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(124975003)(99286002)(5008740100001)(5004730100002)(11100500001)(77096005)(4326007)(2900100001)(2501003)(2950100001)(19617315012)(5002640100001)(189998001)(87936001)(10400500002)(122556002)(1096002)(93886004)(76176999)(586003)(66066001)(1220700001)(15975445007)(36756003)(2906002)(54356999)(50986999)(16236675004)(5001770100001)(92566002)(102836003)(3280700002)(81166005)(3846002)(3660700001)(19625215002)(6116002)(19580405001)(19580395003)(33646002)(86362001)(106116001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN2PR0601MB0989; H:SN2PR0601MB0992.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_000f42622ad8cf8730523b39pulsesecurenet_"
MIME-Version: 1.0
X-OriginatorOrg: pulsesecure.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2016 12:55:56.1422 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3290a917-9dd6-43db-843b-a3e376f9f96c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR0601MB0989
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/3KVUgb8FEkzX48XNWwjANtcUV4s>
Cc: "sacm@ietf.org" <sacm@ietf.org>
Subject: Re: [sacm] IETF 95 Agenda on SWID world
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 12:56:00 -0000
Hi Tony, I'm not deeply familiar with the SWID community - I'm afraid I don't know enough about that space to unpack what you're referring to. Of the dozen other industry efforts you mention, can you suggest one or two that have the relevant properties and/or are widely deployed? Regards, Lisa Lisa Lorenzin Principal Solutions Architect, Pulse Secure 919-384-7275<tel:919-384-7275> | llorenzin@pulsesecure.net<mailto: llorenzin@pulsesecure.net> Please pardon brevity - sent from my phone ------ Original message------ From: Tony Rutkowski Date: Thu, Apr 7, 2016 09:01 To: Adam Montville; Cc: ; Subject:[sacm] IETF 95 Agenda on SWID world Hi Adam, Interesting to seem the presentations and brainstorming on materials. A few "inquiring minds" questions. For the Information Model Update presentation, slide 9 portrays two SWIDS: "SWID XML Schema" and "SWID CBOR Data Definition." It's not clear what the former represents, and the latter presumably will eventually be revealed in draft-birkholz-sacm-coswid-00. The SWID CBOR effort usefully begins to head slowly in the right direction of getting real, but it refers to ISO/IEC 19770-2:2015 as the source of SWID information structures, and combined with ISO/IEC 19770-5:2013 also referenced, sets one back $389 to take a peek at them. Maybe that's easy change for a government agency, but no one in the real world is going to spend that amount to take a peek at a specification. The problem here is compounded because NISTIR 8060 is out on the street for comment, but it references the 2009 version. To make matters worse, the NISTIR references the 2015 version as an extension schema, but the URL to get the extension schema is broken. http://csrc.nist.gov/ns/swid/2015-extensions/1.0 Not that this isn't elegant work, but it has the surreal attributes that pervaded the OSI world 30 years ago where the previous generation of some of the same government agency actors inhabited standards meetings - writing for years some of the best specifications that no one ever used. There are at least a dozen other industry SWID standards efforts out there if there was an interest in looking. They have better properties for the context, and some of those are used on a significant scale. But then again, it's kind of fun watching the deja vu of OSI getting reinvented in the IETF! --tony ps. If the authors revise the SWID CBOR draft, finding the details of X.1520 is easy. In English, it is at: <https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.1520-201401-I!!PDF-E&type=items> _______________________________________________ sacm mailing list sacm@ietf.org<mailto:sacm@ietf.org> https://www.ietf.org/mailman/listinfo/sacm
- [sacm] Updated IETF 95 Agenda Posted Adam Montville
- Re: [sacm] Updated IETF 95 Agenda Posted Lisa Lorenzin
- Re: [sacm] Updated IETF 95 Agenda Posted Adam Montville
- [sacm] IETF 95 Agenda on SWID world Tony Rutkowski
- Re: [sacm] IETF 95 Agenda on SWID world Adam Montville
- Re: [sacm] IETF 95 Agenda on SWID world Tony Rutkowski
- Re: [sacm] IETF 95 Agenda on SWID world Lisa Lorenzin
- Re: [sacm] IETF 95 Agenda on SWID world Cheikes, Brant A.
- Re: [sacm] IETF 95 Agenda on SWID world Tony Rutkowski
- Re: [sacm] IETF 95 Agenda on SWID world Tony Rutkowski