Re: [sacm] Architecture Draft
Adam Montville <adam.montville.sdo@gmail.com> Mon, 15 July 2019 13:44 UTC
Return-Path: <adam.montville.sdo@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 087B812012A for <sacm@ietfa.amsl.com>; Mon, 15 Jul 2019 06:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0vbYQkOO0_v for <sacm@ietfa.amsl.com>; Mon, 15 Jul 2019 06:44:53 -0700 (PDT)
Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 523C8120090 for <sacm@ietf.org>; Mon, 15 Jul 2019 06:44:53 -0700 (PDT)
Received: by mail-oi1-x233.google.com with SMTP id w79so12654648oif.10 for <sacm@ietf.org>; Mon, 15 Jul 2019 06:44:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=vKg637Am/ImcyS0LloqvlpiILNP8OdaR7WqNc9TcTiE=; b=CQi7gxuGKcjwLDYIFezHKJYat1KvxlMArjKVcYuYgVYsakIHs96oFRF7bmUOPJ6QeX mICuEz0tY7kw9vOHY2hGQsqqCK5Xc+1jQd9bdnSOnavrbapNiQDUW3rHjSqw3vLtHwRv tiP/IToT2Ubc8jahSw8EJlFur3f6VYSpoA8LSn31L9p5rmx3yfcyiCmugUndBqy2tp2e JZWqdn+k4zxP1LY9pLvjGk/E/RU1h3EvID3TxEcWMiNbHcsv1WmkOKVI2GK9Ok9Utbpn Nnz3xBULgQ+C1UccbEvSFr6yAniBb/+8QhLoNdtkZxPgflK4qHJ6cmMVwav9BEyBAfsD Mszg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=vKg637Am/ImcyS0LloqvlpiILNP8OdaR7WqNc9TcTiE=; b=oEXvh6qyGkLjzZ0XBm6Jv2pvAhQlp4KY6ip7vKaby7SsbpgzZM7joCvkIQH1nXBlm6 JjmfhMzAS5PAjfbKTSu/81v8PLj63vp7/IR+NBIZgW2BR6A2dD/GmXAJ9S9zCsRZDzdr RH+d7aCgygvkxmK6NbTIt7SX8vdlElll8aMhDFou1KKu7mt1lekiDTaihgc0GJ3hB76C n2Sm0n0WaZfQP5YtMNSuBaHvfc7qeOfJxS9/23TTobS6VqnQwztT8gMYfkpNtt2dj4tr ph0klaVLzhnPc2qwEqFS+IkzIlFdPKWGtVns1/vv/8KVRIklU9EB6mxddgjGPrzyrRtK kQaA==
X-Gm-Message-State: APjAAAUtyxf2IV9Wre88GKbNUrQ4TUZNcD6/4CN5RBBZYGRWkIoOSaSi j9uh0AU6HiZ86NVXGsMsVqQ=
X-Google-Smtp-Source: APXvYqyFlNecbFVdJuGdiIgK55FyzIgon2fIpB+cp41lDLbh5IbDLhOHn/CWcBjpc3Zl9Ks3JvHZhw==
X-Received: by 2002:aca:4d8:: with SMTP id 207mr13733912oie.88.1563198292677; Mon, 15 Jul 2019 06:44:52 -0700 (PDT)
Received: from imac-2043-amontville.lan (cpe-70-121-86-117.austin.res.rr.com. [70.121.86.117]) by smtp.gmail.com with ESMTPSA id u139sm6259337oie.55.2019.07.15.06.44.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Jul 2019 06:44:51 -0700 (PDT)
From: Adam Montville <adam.montville.sdo@gmail.com>
Message-Id: <E7FFFAE4-659B-42E0-8CC5-0856631D523A@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B64280F7-B99D-443D-8832-FF4C90BD7E5E"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 15 Jul 2019 08:44:50 -0500
In-Reply-To: <CAHbuEH4ZfnfN+35njaEnN6mk3yfkX9f8=BFuztX17wbpg25hVw@mail.gmail.com>
Cc: "<sacm@ietf.org>" <sacm@ietf.org>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
References: <8F0550DE-D31D-4C6A-BB97-6CEEF589E617@gmail.com> <CAHbuEH5Q+4E34mOUXo4yPUgPAoE3y5eAH4mBQQQJdMiz71v8GA@mail.gmail.com> <9F37E60C-A427-46E0-A847-C31BAEADEFC1@gmail.com> <CAHbuEH4ZfnfN+35njaEnN6mk3yfkX9f8=BFuztX17wbpg25hVw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/JkY8ZUl7Q-Ob_j8MKJWPlToJeE8>
Subject: Re: [sacm] Architecture Draft
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 13:44:55 -0000
> On Jul 15, 2019, at 7:45 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > > > On Mon, Jul 15, 2019 at 7:43 AM Adam Montville <adam.montville.sdo@gmail.com <mailto:adam.montville.sdo@gmail.com>> wrote: > Hi Kathleen, > > Thank you for your questions. > > I’ll start with EPCP, which is depicted in Figure 3 of the current draft as a collection subsystem (using the language from the draft). Addressing EPCP in this way covers NEA, as EPCP is based on NEA, and it covers SWIMA in that SWIMA is used within that collection subsystem. In this sense EPCP describes a type of collection subsystem relative to the proposed SACM architecture. The SACM architecture then has the freedom to rely on other collection subsystems where needed. > > Similarly, ROLIE would be a type of repository. While not explicitly referenced, see Figure 1, where ROLIE would be a repository connected to the messaging system, and see Figure 3, where ROLIE could be the Policy Repository. > > As far as SCAP 2.0 is concerned, I think we both align and diverge. We align in that we are attempting to solve the same problems. Both architectures have collection, repositories (of various types, including CMDB), and downstream components (i.e. analysis and reporting). We diverge in a couple of ways. First, SCAP 2.0 appears to rely exclusively on EPCP as a collection subsystem (at least presently). The SACM architecture explicitly recognizes a need for multiple collection subsystems to be supported. Second, SCAP 2.0 appears to rely on point-to-point component communication, where the components of the architecture have direct awareness of other components. The SACM architecture allows not only point-to-point connections, but also supports things like pub/sub. (NOTE: I have not spent hours studying SCAP 2.0.) > > The SACM architecture is focused on defining components, their capabilities and interfaces, and the workflows they explicitly support. We started with three common workflow domains (IT asset management, vulnerability management, configuration management), and we explicitly recognize that there are multiple ways to collect data necessary in these domains. We anticipate that there will always be multiple ways to collect information, and further believe that we cannot rely on one particular collection subsystem to cover the whole of an enterprise, which must consider cloud-native and hybrid environments equally with traditional endpoint-centric approaches). > > Does this help? > > Thank you, Adam. Yes, it does. I may come back with more questions after reading the ECP draft in last call. Excellent, thank you - questions are good :-) > > Best regards, > Kathleen > > Kind regards, > > Adam > > > >> On Jul 13, 2019, at 9:16 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com <mailto:kathleen.moriarty.ietf@gmail.com>> wrote: >> >> Hi Adam, >> >> Thanks for raising the question to the list. I just skimmed (and sorry if I missed it) and am wondering how does ROLIE, SWIMA, and NEA fit into the architecture? Does this align with the SCAP 2.0 vision or does it diverge (we don't have to follow NIST obviously, but it would be good to understand the picture and if they do align, could or should. >> >> Since the ECP draft has a reliance on NEA (and I think SWIMA, but will be reading the ECP draft again this week), they are all part of the overall architecture, right? Having this picture of how these pieces fit and if there are identified gaps would be very helpful to me, likely others as well. >> >> Thank you! >> Kathleen >> >> On Fri, Jul 12, 2019 at 2:09 PM Adam Montville <adam.montville.sdo@gmail.com <mailto:adam.montville.sdo@gmail.com>> wrote: >> Greetings all: >> >> During the last virtual interim we talked about some of the next things we wanted to work on, and one of those is the current architecture draft. Per the notes, we would like this to be an item to discuss during our session in Montreal, and it seems like a good idea to have some discussion points ready before then. Our goal (again, as stated in the notes) is to drive the direction of the draft to conclusion. >> >> What needs to be done with the draft to get there? >> >> Kind regards, >> >> Adam >> >> 2019-06-25 VI Notes: https://datatracker.ietf.org/doc/minutes-interim-2019-sacm-02-201906251300/ <https://datatracker.ietf.org/doc/minutes-interim-2019-sacm-02-201906251300/> >> >> SACM Architecture 01: https://datatracker.ietf.org/doc/draft-ietf-sacm-arch/ <https://datatracker.ietf.org/doc/draft-ietf-sacm-arch/> >> _______________________________________________ >> sacm mailing list >> sacm@ietf.org <mailto:sacm@ietf.org> >> https://www.ietf.org/mailman/listinfo/sacm <https://www.ietf.org/mailman/listinfo/sacm> >> >> >> -- >> >> Best regards, >> Kathleen > > > > -- > > Best regards, > Kathleen
- [sacm] Architecture Draft Adam Montville
- Re: [sacm] Architecture Draft Kathleen Moriarty
- Re: [sacm] Architecture Draft Adam Montville
- Re: [sacm] Architecture Draft Kathleen Moriarty
- Re: [sacm] Architecture Draft Adam Montville