IETF Logo Mail Archive

Re: [sacm] ECP Architecture Diagram Feedback

Sherif Mansour <cherifmansour@gmail.com> Wed, 04 April 2018 13:18 UTC

Return-Path: <cherifmansour@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82E56129C70 for <sacm@ietfa.amsl.com>; Wed, 4 Apr 2018 06:18:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vMT8JskOG81k for <sacm@ietfa.amsl.com>; Wed, 4 Apr 2018 06:18:06 -0700 (PDT)
Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9694E1204DA for <sacm@ietf.org>; Wed, 4 Apr 2018 06:18:06 -0700 (PDT)
Received: by mail-ua0-x22f.google.com with SMTP id u4so13173531uaf.10 for <sacm@ietf.org>; Wed, 04 Apr 2018 06:18:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+YUjHtFaC9Pkm6id3DQr+SNyR2fGotDbjDC2TS8B9OY=; b=GQAvuQlNu4aYHsctLzrFS6lUdhV8k6QGuZi4erlfGOF1VKXcXpWLYz4f7wMtHaCdTA 9Zpvw3Wx33+F3hds6E4sGxY71Fix8SqqglrKKXB8uLk43mrY7Quh2/bbKpiBcouWE+uU Ky7BOhmTFBCbFwLGbX0ZoPaLYnf6PYYCeaHCNBZOMyobqRHsRQ11Ocka5Do9fQ4bQ1sy 4wa0jvM0K7n96zZ+awCdHgwEzXOY2QDrf98DW9yWKfcts8y+cWPk6n4FpmNlFBQGQ35A Kh7HOKneCURuhMb8n6HRllsxRFB1HSvjihRr1U6ylHFsGyEqBHYpomgl1zYuyPVjQcOt cpJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+YUjHtFaC9Pkm6id3DQr+SNyR2fGotDbjDC2TS8B9OY=; b=sWKow6In04qA9zKVHpnGSq+kcvR3uQhmBF6VzFR/bmkhlRP3pZ4ft/4sHijvyFQpSs gfL1ClVYyn+0VOk5wzfmmjKFlfcYn47t1T7Mg1m4sn4TFyH6FQ5wVHScokuNcvC8jZqy X+LMqiSiwDDq7vXPIPTAqmzyrlfEVq0JbQiv4/65tjdQpaVWEPZ5JKtAQjqgwxmV3Dog 1cw9159aVUDYNdNxV1kbPB5TOgZd9miGAsGE0ITbRbfVBXSHg+jHcntjGH7ziQEuTA3D RQ54gtv5piZs8g4hfC+ohIfP6xGsjsgfC62EroC3IM1MRlOWAd9kSldZc+gtCFIU62Oc x8cA==
X-Gm-Message-State: AElRT7HKWdebHCXO2sAFcrHtZyjLFtWSNeFDp8DHZ+Z9tI4Bz+gzF6bI e+dBmZB9PFeHg0QO740ubzQscSLrk6HvpqUz3H0=
X-Google-Smtp-Source: AIpwx48/FiPSiTv+gog3V9GBSh/0lvendtbBOhW0HzT4vakCEyPIjPgIMQnVPbxae1EyL0tUVvaB6tfj/2WPLmpXQcA=
X-Received: by 10.176.76.203 with SMTP id e11mr11133903uag.131.1522847885690; Wed, 04 Apr 2018 06:18:05 -0700 (PDT)
MIME-Version: 1.0
References: <DM5PR0901MB2197070C2CF8BA9A4283251CA5A60@DM5PR0901MB2197.namprd09.prod.outlook.com> <D0D3E5A5-2D22-4B3A-AD3E-27386CC43887@gmail.com> <DM5PR0901MB2197CA6B3C285DD17A0D1C04A5A50@DM5PR0901MB2197.namprd09.prod.outlook.com> <CAOxmg6tbzQBpqubuxn5DPFe1mcB7gjhX3hr5g8A4hMoexyki-A@mail.gmail.com> <4A75DCB1-9AFA-411D-B22D-741B067B2429@gmail.com>
In-Reply-To: <4A75DCB1-9AFA-411D-B22D-741B067B2429@gmail.com>
From: Sherif Mansour <cherifmansour@gmail.com>
Date: Wed, 04 Apr 2018 13:17:54 +0000
Message-ID: <CAOxmg6vsCnj=45=wm0Lmen_OsGgbEP4W1tJfLN8MN12w4sQqnA@mail.gmail.com>
To: Adam Montville <adam.w.montville@gmail.com>
Cc: "Haynes Jr., Dan" <dhaynes@mitre.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="f4030437a7a4460d45056905a7a5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/I61B6uJS9qQBZ_K1iFvQHarpI0o>
Subject: Re: [sacm] ECP Architecture Diagram Feedback
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 13:18:13 -0000

Its more about the path of least resistance, and a single interface for
external requests like an automated scan that als needs to pull the results
right away. It helps with “singing from a single sheet of music”.

On Wed, 4 Apr 2018 at 2:04 pm, Adam Montville <adam.w.montville@gmail.com>
wrote:

>
> On Apr 3, 2018, at 4:36 PM, Sherif Mansour <cherifmansour@gmail.com>
> wrote:
>
> Hi Danny,
>
> I would recommend that the Orchestrator sits between the posture manager
> and repository. This is for a few reasons, some tactical and some strategic:
>
>    - Strategically (Long term), it allows you to switch between posture
>    managers without having to do much (if any) changes on the repository, in
>    their all it means is it will be pulling data through the orchatrator, it
>    just happens to be from a different tool.
>    - Tactically (short term), is is because these connections currently
>    do not exist, so if you have many posture managers you need to develop
>    different integration in several areas (one connection for the orchestrator
>    & repository). By leveraging the orchastrator, you only need to create a
>    singe integration with the posture manager, it simply just needs more
>    features (i.e. the ability to pull security end point findings, both in raw
>    vendor specific data or in a uniform agreed data model).
>
> Logically, I think I could see this, but in practice it's not always
> applicable. An orchestrator should orchestrate, but not necessarily be
> responsible for data transfer.
>
> The second point is that there are a few "invisible" boxes. The first is
> reference data, a lot of the repository data would be enriched with
> information that is specific to the organization such as the team which
> owns specific assets or the context to which they are used. Now, on thing
> that is out of scope is the reporting, I am aware this is out of scope, but
> an organisation has not moved the needle in terms of security if they have
> detected security issues but not resolved them. It is therefore natural
> that there is an interface somewhere between the repository and a reporting
> system.
>
> Finally one key benefit of the orchestrator is automation and self
> service, there for an interface to allow it to work in a devops model would
> also increase its value, if the interface can (easily) integrate with
> Jenkins/Bamboo, or chef recipes / Ansible playbooks, this would go a long
> way for adoption.
>
> -Sherif
>
>
>
>
>
> On Tue, Apr 3, 2018 at 7:36 PM, Haynes Jr., Dan <dhaynes@mitre.org> wrote:
>
>> Hi Adam,
>>
>>
>>
>> I hope it was a good trip out there and that you were able to see some of
>> the sights!
>>
>>
>>
>> As far as scoping and the diagram, I think it’s worth nothing that all
>> the components in it are in scope for ECP. It is just a matter of when we
>> actually get to creating drafts for them (if that makes any sense). I think
>> what you are looking for is a diagram that shows what we are currently
>> working on? Or, maybe I am misunderstanding your comments?
>>
>>
>>
>> Thanks,
>>
>> Danny
>>
>>
>>
>> *From:* Adam Montville [mailto:adam.w.montville@gmail.com]
>> *Sent:* Monday, April 02, 2018 3:33 PM
>> *To:* Haynes Jr., Dan <dhaynes@mitre.org>
>> *Cc:* sacm@ietf.org
>> *Subject:* Re: [sacm] ECP Architecture Diagram Feedback
>>
>>
>>
>> Hi Danny,
>>
>>
>>
>> We missed you in London. I think the diagram is ok, but I do have scoping
>> questions (just sent to the list) which may suggest some modification to
>> the diagram once resolved. If the way I'm interpreting the ECP draft at
>> this point is close to accurate, then it might be a good idea to add a
>> horizontal scoping line between the left hand and the right hand of the
>> diagram, where the posture manager is the first component on the right-hand
>> side. Alternatively, an in-scope boundary box could be drawn around the
>> appropriate components.
>>
>>
>>
>> What really matters is whether the diagram accurately depicts the
>> intended scope of the draft from the authors' perspectives, and whether a
>> typical reader would see it that way.
>>
>>
>>
>> Adam
>>
>>
>>
>> On Apr 2, 2018, at 1:32 PM, Haynes Jr., Dan <dhaynes@mitre.org> wrote:
>>
>>
>>
>> Hi Everyone,
>>
>> At IETF 101, we presented an updated architecture diagram [1] that was
>> based on feedback from the September virtual interim [2][3] and was
>> included in the ECP -01 draft [4]. During the meeting, we did not receive
>> any feedback on the architecture diagram.
>>
>>
>>
>> As a result, we just wanted to follow-up on the list and see if there was
>> any feedback or objections to the updated ECP architecture diagram that was
>> proposed.
>>
>>
>>
>> Thanks,
>>
>> Danny
>>
>>
>>
>>
>>
>> [1]
>> https://datatracker.ietf.org/meeting/101/materials/slides-101-sacm-endpoint-compliance-profile-00
>>  (see slide 4)
>>
>> [2]
>> https://datatracker.ietf.org/doc/slides-interim-2017-sacm-03-sessa-ecp/00/
>>  (see slide 5)
>>
>> [3]
>> https://datatracker.ietf.org/meeting/interim-2017-sacm-03/materials/minutes-interim-2017-sacm-03-201709260900-00
>>  (see page 1 and 2)
>>
>> [4] https://datatracker.ietf.org/doc/draft-ietf-sacm-ecp/
>>
>>
>>
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>>
>>
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>>
>

v2.23.0 | Report a Bug | By Email