Re: [sacm] Architecture Draft

Adam Montville <adam.montville.sdo@gmail.com> Mon, 15 July 2019 11:43 UTC

Return-Path: <adam.montville.sdo@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EA7B120106 for <sacm@ietfa.amsl.com>; Mon, 15 Jul 2019 04:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3e_1lTYjKjN2 for <sacm@ietfa.amsl.com>; Mon, 15 Jul 2019 04:43:42 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3C08120018 for <sacm@ietf.org>; Mon, 15 Jul 2019 04:43:42 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id d17so16614271oth.5 for <sacm@ietf.org>; Mon, 15 Jul 2019 04:43:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=B8NTG7LRQJpNNYv9aP7a9GkGLsocKUlA0Li7RO+bwmM=; b=mDAMhpqU+7AUzD3Xcgp2l7bv8dDa/CJcO4SVxAneL+9MtRcvU89D67MlX14uYZEds7 6A/WV8qSunQhl87tSLjOIHD23KrgkHLThrwLTMpmpcNpnlsSFi8lft7bM2B/m3QGswK+ R96tYyDCvugM43qPoB10g7SI2PQEFyq+VBjjbHqnaymxzkxUZNeTKgXES5yqr+i/PJgA dddlOOL5KPww6BqlNFx9zyFusNLVHHSr/XPY+eKj53kXUETid8kJbmLA9WPrnfCmIHlp rvvsidEHFF25AZ/CqMN8/wb9+OMWq0pvQZDWwRL9B6wtSElvAKeCDU1qrUtuYsHTTEqc T82A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=B8NTG7LRQJpNNYv9aP7a9GkGLsocKUlA0Li7RO+bwmM=; b=FUJRaXgE4MjOCmve+L2UIsSN6NTw6WTt7fxDTsi38NfgTerhvKm87vYbnER6JhNlFJ FzVBpVIxv0mt35rVlh/wgvc/LLTQUxpwSsi8M5KQuhp2oGeeLYn9V6CbvBMxB7sQs6wb DXe2+vsa3ybb0NarFN4lUEo3axhVnH7ZnbtCrY8+6u3qvWDKmVZS5qkW5KPLqeaqbQyG 5NvSXiAaYgggM8hL+BzWzlPwnFqZcvVuWimhj520vuaxUH4d6P3SY7Oj2KuxHG9Umt25 EVz0R40kPPFaMkzujTLlT9V7MBTG/UVrUvLOO85BRDsL9E0Xq7/ISWdSQfLP0Z64eQtr cZzA==
X-Gm-Message-State: APjAAAVZei/BuitTXwDcKcOGtALIvwFIupnAH/qh0t2JM1ASyT2V90FH 8m6RgtBaB9ap7WKAbB88CrM=
X-Google-Smtp-Source: APXvYqxFosjzY688fE9ItfVtKlzwkKjpZQO51a/hDj6uP6IxmETZXe1ONlpiJsxkGUQ/Oxs92dWD8g==
X-Received: by 2002:a9d:67cf:: with SMTP id c15mr16011554otn.326.1563191022033; Mon, 15 Jul 2019 04:43:42 -0700 (PDT)
Received: from imac.lan (cpe-70-121-86-117.austin.res.rr.com. [70.121.86.117]) by smtp.gmail.com with ESMTPSA id g73sm6326490otg.30.2019.07.15.04.43.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Jul 2019 04:43:41 -0700 (PDT)
From: Adam Montville <adam.montville.sdo@gmail.com>
Message-Id: <9F37E60C-A427-46E0-A847-C31BAEADEFC1@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5347AF63-EC05-4380-B6EB-DED647C1C93B"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 15 Jul 2019 06:43:40 -0500
In-Reply-To: <CAHbuEH5Q+4E34mOUXo4yPUgPAoE3y5eAH4mBQQQJdMiz71v8GA@mail.gmail.com>
Cc: "<sacm@ietf.org>" <sacm@ietf.org>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
References: <8F0550DE-D31D-4C6A-BB97-6CEEF589E617@gmail.com> <CAHbuEH5Q+4E34mOUXo4yPUgPAoE3y5eAH4mBQQQJdMiz71v8GA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/DAT_19AlMT4VD3E7m1gQIHoIHYA>
Subject: Re: [sacm] Architecture Draft
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 11:43:45 -0000

Hi Kathleen,

Thank you for your questions.

I’ll start with EPCP, which is depicted in Figure 3 of the current draft as a collection subsystem (using the language from the draft). Addressing EPCP in this way covers NEA, as EPCP is based on NEA, and it covers SWIMA in that SWIMA is used within that collection subsystem. In this sense EPCP describes a type of collection subsystem relative to the proposed SACM architecture. The SACM architecture then has the freedom to rely on other collection subsystems where needed.

Similarly, ROLIE would be a type of repository. While not explicitly referenced, see Figure 1, where ROLIE would be a repository connected to the messaging system, and see Figure 3, where ROLIE could be the Policy Repository.

As far as SCAP 2.0 is concerned, I think we both align and diverge. We align in that we are attempting to solve the same problems. Both architectures have collection, repositories (of various types, including CMDB), and downstream components (i.e. analysis and reporting). We diverge in a couple of ways. First, SCAP 2.0 appears to rely exclusively on EPCP as a collection subsystem (at least presently). The SACM architecture explicitly recognizes a need for multiple collection subsystems to be supported. Second, SCAP 2.0 appears to rely on point-to-point component communication, where the components of the architecture have direct awareness of other components. The SACM architecture allows not only point-to-point connections, but also supports things like pub/sub. (NOTE: I have not spent hours studying SCAP 2.0.)

The SACM architecture is focused on defining components, their capabilities and interfaces, and the workflows they explicitly support. We started with three common workflow domains (IT asset management, vulnerability management, configuration management), and we explicitly recognize that there are multiple ways to collect data necessary in these domains. We anticipate that there will always be multiple ways to collect information, and further believe that we cannot rely on one particular collection subsystem to cover the whole of an enterprise, which must consider cloud-native and hybrid environments equally with traditional endpoint-centric approaches). 

Does this help?

Kind regards,

Adam



> On Jul 13, 2019, at 9:16 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
> 
> Hi Adam,
> 
> Thanks for raising the question to the list.  I just skimmed (and sorry if I missed it) and am wondering how does ROLIE, SWIMA, and NEA fit into the architecture?  Does this align with the SCAP 2.0 vision or does it diverge (we don't have to follow NIST obviously, but it would be good to understand the picture and if they do align, could or should.
> 
> Since the ECP draft has a reliance on NEA (and I think SWIMA, but will be reading the ECP draft again this week), they are all part of the overall architecture, right?  Having this picture of how these pieces fit and if there are identified gaps would be very helpful to me, likely others as well.
> 
> Thank you!
> Kathleen
> 
> On Fri, Jul 12, 2019 at 2:09 PM Adam Montville <adam.montville.sdo@gmail.com <mailto:adam.montville.sdo@gmail.com>> wrote:
> Greetings all:
> 
> During the last virtual interim we talked about some of the next things we wanted to work on, and one of those is the current architecture draft. Per the notes, we would like this to be an item to discuss during our session in Montreal, and it seems like a good idea to have some discussion points ready before then. Our goal (again, as stated in the notes) is to drive the direction of the draft to conclusion.
> 
> What needs to be done with the draft to get there?
> 
> Kind regards,
> 
> Adam
> 
> 2019-06-25 VI Notes: https://datatracker.ietf.org/doc/minutes-interim-2019-sacm-02-201906251300/ <https://datatracker.ietf.org/doc/minutes-interim-2019-sacm-02-201906251300/> 
> 
> SACM Architecture 01: https://datatracker.ietf.org/doc/draft-ietf-sacm-arch/ <https://datatracker.ietf.org/doc/draft-ietf-sacm-arch/> 
> _______________________________________________
> sacm mailing list
> sacm@ietf.org <mailto:sacm@ietf.org>
> https://www.ietf.org/mailman/listinfo/sacm <https://www.ietf.org/mailman/listinfo/sacm>
> 
> 
> -- 
> 
> Best regards,
> Kathleen