IETF Logo Mail Archive

Re: [sacm] Draft updated charter for SACM

Jessica Fitzgerald-McKay <jmfmckay@gmail.com> Mon, 25 September 2017 15:37 UTC

Return-Path: <jmfmckay@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7659F132E24 for <sacm@ietfa.amsl.com>; Mon, 25 Sep 2017 08:37:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7d6jrmb13ckt for <sacm@ietfa.amsl.com>; Mon, 25 Sep 2017 08:37:55 -0700 (PDT)
Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A814D132025 for <sacm@ietf.org>; Mon, 25 Sep 2017 08:37:54 -0700 (PDT)
Received: by mail-ua0-x22e.google.com with SMTP id 97so4578054uai.6 for <sacm@ietf.org>; Mon, 25 Sep 2017 08:37:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XiDvn19JUVRSD+t03UsWgNUFuRNoRIvcGlH4NBPTw08=; b=TmpTHYrn0c2XYuIXApBmrHzsgzoC41PkvppdvvkOcb34gC031cIDZ+KNt9HOdIEh4m yo5GJt+xiTIHmEF/RKVsT0UN49cVt8Nz3prkthKW0kuob0TK9ygNt6Bj26lzql/EIwv5 QhbC0dk816QwDYrqhe9s9Zvv1+r/GhjQI8iK4lbc08Jd96O1qzNUzWXJJ3QjCXstRIUW 7dm9lLGDMXgIIGBu7kuxTFo3jC5zClQTB+BxRktEJW+j6L/EgHXq1vdUi6MsHCij/UkT 4Gyviclp7t0cA8y/UvdHWxhubgChHYV3BrVrsbTWyeLR4Mbm8fyoXwgJE1nUzcOEoGDq P24g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XiDvn19JUVRSD+t03UsWgNUFuRNoRIvcGlH4NBPTw08=; b=TohZ6XOc6qH+vxD8tzoHZ0XyecAk3/smruxbUlgOfZn092DVO2TcLFOS+opgbqEHe0 UCMpWURKtuyxHRW/HM4uGibPzfszJcoVkBesOBseVg2xam5FURj5TVZzCDyH/PDz9JwR uzI60/3WT5SYdc/IxPa15JB/qMvASbuzEzNdol3KB1LpJjEBaro15rWGb78VFCzpe+aU 8TU+3D9cJoryhRaDUlukInLhS/wO8NCX+At7x0nXmtpIzAQ4FLJgUaPbsW3sflma83o/ GJAQJWuAGZ8Bbv0vseUWVt+F0C9lZjJJnp32Lw2FsR0On/cpZusK9qokZl8d2ESWq33u /PKg==
X-Gm-Message-State: AHPjjUgg6Xm112o56zvYyScYWFsg+2CgDsrxWk3DfFBTjgVlzIU2Z5PP Mai5jxnXJJ2RKUaFnwl/S5BSKmEyifoI3x3xiNY=
X-Google-Smtp-Source: AOwi7QCFFeylW5Oqlp6Y1K4SezKWT7TTY6pVpyc8yo0xVRcm/rjtm7MLoijLNDW3ztMcZUiNIxV4xTFMIO93G6+V1rs=
X-Received: by 10.159.54.107 with SMTP id s40mr7172843uad.168.1506353873515; Mon, 25 Sep 2017 08:37:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.77.96 with HTTP; Mon, 25 Sep 2017 08:37:52 -0700 (PDT)
In-Reply-To: <CACknUNUrJ_Jn8NUzmB4qwqViv1K8xEZuA-encUsTpVyKs8xp=w@mail.gmail.com>
References: <3565E201-6E8D-4D5D-811D-E5857300601D@cisco.com> <CY4PR09MB1495C6A1CD869C070DEEF3B9F0600@CY4PR09MB1495.namprd09.prod.outlook.com> <CACknUNV9XYrN2K0DixGT1c4Gu-o4L3c2rcDS5NYGXxam4zUU8g@mail.gmail.com> <943376CB-9F33-4171-A448-1E239D5CC86C@cisco.com> <imrisdjonqv7qa6ej1tiuovb.1506089285235@email.android.com> <DM5PR09MB13073CA57A44221F4CB3B8C9F0670@DM5PR09MB1307.namprd09.prod.outlook.com> <CACknUNUrJ_Jn8NUzmB4qwqViv1K8xEZuA-encUsTpVyKs8xp=w@mail.gmail.com>
From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Date: Mon, 25 Sep 2017 11:37:52 -0400
Message-ID: <CAM+R6NXzQSnkwT5B6xJhKay2LFDH2rN=UVpfD3aikBKgbMHv_w@mail.gmail.com>
To: Adam Montville <adam.w.montville@gmail.com>
Cc: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a114698be8976ff055a0557c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/cFXjfhsEgTI5GYEqbZoXVOkBXl8>
Subject: Re: [sacm] Draft updated charter for SACM
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Sep 2017 15:37:58 -0000

I suspect the place we are all getting confused is where the draft charter
states: "Specific work items will include the following:". Presumably, what
follows is work items the group intend to complete. I think Stephen's edits
were merely an attempt to ensure that those items also included work the
group has already adopted.

We need to decide if we want this charter to include any work items at all.
If so, we should include all the work items we have adopted, at a minimum.
If folks have additional work they intend to bring to SACM, and want to
include those items in the charter, I am open to that.

If we decide that we do not want to include specific work items in the
charter text, then everything from "Specific work items will include the
following" through to the end of the charter should be struck, and we
should spend some time ensuring that adopted and proposed work items are
abstractly included in the earlier text of the charter.

+1 to Eric's proposed edits to the charter text.

Jess

On Fri, Sep 22, 2017 at 12:44 PM, Adam Montville <adam.w.montville@gmail.com
> wrote:

> Yes, what you say is technically true - the work items in the charter do
> not talk to specific drafts. But, the descriptions are detailed enough to
> draw very straight lines to specific drafts.
>
> It's up to the group what we want to do, I'm sure. To me, it matters less
> where these things go and more about whether the group has agreement. But,
> I do like the idea of abstract characteristics in the charter and specifics
> in the milestones.
>
> Adam
>
> On Fri, Sep 22, 2017 at 8:12 AM Banghart, Stephen A. (Fed) <
> stephen.banghart@nist.gov> wrote:
>
>> The draft charter as it stands does not call out any specific drafts, but
>> rather work items that the group is interested in. The version that Karen
>> sent out on the 12th included 5 such items, one for collection, one for
>> evaluation, one for messaging, one for a SACM architecture, and one for a
>> SACM information model. My edits included 4 additional items, bringing the
>> total list to 9.
>>
>>
>>
>> I agree that the milestones system would be the perfect place to call out
>> specific drafts and the timing around them.
>>
>>
>>
>> -Stephen
>>
>>
>>
>> *From:* Waltermire, David A. (Fed)
>> *Sent:* Friday, September 22, 2017 10:14 AM
>> *To:* Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>; Adam Montville <
>> adam.w.montville@gmail.com>; Banghart, Stephen A. (Fed) <
>> stephen.banghart@nist.gov>; sacm@ietf.org
>>
>>
>> *Subject:* Re: [sacm] Draft updated charter for SACM
>>
>>
>>
>> The charter should describe the work we are planning to do. The
>> milestones should reflect the timing. Given that this group has suffered
>> from a lack of agreement around what we are working on, I think it is
>> prudent to be more concrete about our work items in the charter. I know of
>> other WGs that do this when it serves their needs. I think we should keep
>> and refine the work items text to get to a consensus position on what work
>> needs to be done.
>>
>>
>>
>> All of the work listed either is being worked on or has interested
>> parties that are willing to do the work. This is another good reason to
>> move forward with these work items.
>>
>>
>>
>> Regards,
>>
>> Dave
>>
>>
>>
>> -------- Original Message --------
>> From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
>> Date: Thu, September 21, 2017 8:42 PM -0400
>> To: Adam Montville <adam.w.montville@gmail.com>, "Waltermire, David A.
>> (Fed)" <david.waltermire@nist.gov>, "Banghart, Stephen A. (Fed)" <
>> stephen.banghart@nist.gov>, sacm@ietf.org
>> Subject: Re: [sacm] Draft updated charter for SACM
>>
>> Hi Adam,
>>
>> Thanks for that reminder….and yes, that was the gist of my comments.
>> That is, the charter is to define the intent of goals vs. calling out
>> explicit drafts as those are best addressed in milestones….I am fine with
>> the first proposed set of changes posted by Karen.  In general, I felt the
>> additions are more suited for milestones.
>>
>>
>>
>>                 Nancy.
>>
>>
>>
>> *From: *Adam Montville <adam.w.montville@gmail.com>
>> *Date: *Thursday, September 21, 2017 at 3:17 PM
>> *To: *"Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "
>> ncamwing@cisco.com" <ncamwing@cisco.com>, "Banghart, Stephen A. (Fed)" <
>> stephen.banghart@nist.gov>, "sacm@ietf.org" <sacm@ietf.org>
>> *Subject: *Re: [sacm] Draft updated charter for SACM
>>
>>
>>
>> Would any of the additions/questions be addressed if we adhered to
>> Karen's initial reminder that "we plan to call out specific drafts using
>> the milestone process and not include them in the base charter"?
>>
>>
>>
>>
>>
>> On Tue, Sep 19, 2017 at 1:41 PM Waltermire, David A. (Fed) <
>> david.waltermire@nist.gov> wrote:
>>
>> Comments inline below.
>>
>> Thanks,
>> Dave
>>
>> > -----Original Message-----
>> > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Nancy Cam-
>> > Winget (ncamwing)
>> > Sent: Tuesday, September 19, 2017 2:07 PM
>> > To: Banghart, Stephen A. (Fed) <stephen.banghart@nist.gov>;
>> > sacm@ietf.org
>> > Subject: Re: [sacm] Draft updated charter for SACM
>> >
>> > Please see my comments below:
>> >
>> > On 9/18/17, 11:08 AM, "sacm on behalf of Banghart, Stephen A. (Fed)"
>> > <sacm-bounces@ietf.org on behalf of stephen.banghart@nist.gov> wrote:
>> >
>> >     All,
>> >
>> >     After discussion with a few other SACM document authors this
>> version of
>> > the new charter proposal was put together. The changes throughout are
>> > minimal; the primary change is several additions to the work items
>> section
>> > that covers other work currently being done in the WG.
>> >
>> >     Does anyone have any thoughts/comments/concerns on this proposed
>> > draft update?
>> >
>> >     Thanks,
>> >     Stephen Banghart
>> >
>> >     -----------------------------------------------------------
>> -------------------------------
>> >
>> >     SACM Charter Proposal
>> >     2017-09-12
>> >
>> >     Securing information and the systems that store, process, and
>> transmit
>> > that information is a challenging task for organizations of all sizes,
>> and many
>> > security practitioners spend much of their time on manual processes.
>> > Standardized protocols and models aiding collection and evaluation of
>> > endpoint attributes enable automation, thus freeing practitioners to
>> focus on
>> > high priority tasks .
>> >
>> >     At its core, posture assessment  consists of five basic steps,
>> which the
>> > working group desires to fulfill  in an innovative, automated manner
>> capable
>> > of avoiding ad hoc or scheduled assessments:
>> >
>> >     1. Describe target endpoints
>> >     2. Determine specific endpoint elements  to assess
>> >     3. Collect and make available specified elements' actual values
>> >     4. Compare actual element values to expected element values
>> >     5. Make results available
>> >
>> >     This working group will focus on collection, evaluation, and
>> orchestration
>> > and communication, as described herein.
>> >
>> >     A. Collection. The WG will define a standardized way to provide two
>> types
>> > of imperative guidance to collectors over varying collection mechanisms:
>> >
>> >     1) Which target endpoints to collect from, and
>> >     2) What to collect from these target endpoints.
>> >
>> >     When classified , a set of instructions (such as vulnerability
>> description
>> > data, YANG filter expressions, Windows Management Instrumentation
>> > classes, etc.) can be brokered to the appropriate collectors using the
>> control
>> > plane functions  defined by "C. Orchestration and Communication"
>> (below).
>> > Detecting and classifying desired attributes beforehand may require
>> > orchestrating functions that go beyond the set of capabilities a
>> collector can
>> > provide, and will inform the requirements and characteristics for "C.
>> > Orchestration and Communication". The working group recognizes that
>> > manual configuration of targets and corresponding collection profiles
>> will not
>> > scale and does not seem to be a viable option.
>> >
>> >     B. Evaluation. The working group will standardize a criteria
>> language
>> > enabling evaluation of actual endpoint posture information against
>> desired
>> > endpoint posture information to produce a standardized result. This
>> > extensible language will support complex Boolean statements, comparison
>> > operators, logical flow statements, and functions for string
>> manipulation.
>> > Additionally, the working group will seek to discover an approach that
>> allows
>> > data from any posture collection mechanism to be generically evaluated.
>> >
>> >     C. Orchestration and Communication. The working group will define a
>> set
>> > of control plane functions to enable the discovery and orchestration
>> > between devices that can provide the requisite information  sought by
>> > posture collectors, posture evaluators, data repositories, and other
>> SACM
>> > architectural components.
>> >
>> >     Due to the breadth of this work, the working group will address
>> enterprise
>> > use cases pertaining to the assessment of endpoint posture (using the
>> > definitions of Endpoint and Posture from RFC 5209). The working group
>> will,
>> > whenever reasonable and possible, reuse existing work.
>> > [NCW] I think we need to incorporate https://tools.ietf.org/html/
>> draft-ietf-
>> > sacm-terminology as we need to have a well understood set of definitions
>> > beyond “endpoint” and “posture”
>>
>> [daw: When you suggest incorporating sacm-terminology, are you suggesting
>> to add it as a work item? I am in favor of adding terminology as a work
>> item, but I am concerned with referencing unstable terminology in the
>> charter. We don't want the meaning of the charter to change over time.]
>>
>> >
>> >     Specific work items will include the following:
>> >
>> >     -  The WG will define a way to provide two types of imperative
>> guidance to
>> > the correct SACM collectors: 1) Which target endpoints to collect from
>> and 2)
>> > what to collect from these target endpoints. When classified, a set of
>> > instructions, such as vulnerability description data or YANG filter
>> expressions,
>> > can be brokered to the appropriate collectors. Detecting and classifying
>> > beforehand might require orchestrating functions that go beyond the set
>> of
>> > capabilities a SACM collector can provide.
>> >
>> >     -  The WG will describe a criteria language capable of being
>> evaluated
>> > against endpoint posture information to produce a standardized result.
>> The
>> > language will support complex Boolean statements, comparison operators,
>> > and functions for string manipulation; and will be extensible enough to
>> be
>> > applicable to the full range of collected posture attributes.
>> Additionally, this
>> > document will describe an approach that allows data from any posture
>> > collection mechanism to be evaluated.
>> >
>> >     - The WG will define a control plane function to enable the
>> discovery and
>> > orchestration between devices that can provide the requisite information
>> > sought by posture collectors, posture evaluators or both. As an
>> example, a
>> > document that describes an instance of such a control plane and transfer
>> > protocol for data, is through the use of XMPP and extensions as needed
>> to
>> > demonstrate XMPP’s applicability to SACM.
>> >
>> >     - A method of expressing software metadata is needed that is
>> suitable for
>> > use by constrained devices. The WG will create a standards track
>> document
>> > that defines a CBOR-based format that represents software metadata to
>> > include software identification, file hashes, and other descriptive
>> > information. This format will be derived from the ISO/IEC 19770-2
>> Software
>> > Identification (SWID) tag standard.
>> > [NCW]  I am not sure why this is called out explicitly as software
>> metadata
>> > could also be represented with the Yang model?  Perhaps the intent is to
>> > show this as one example for how it can be expressed?  That is, there
>> are
>> > other representations that the IETF is looking at that could also be
>> leveraged.
>>
>> [daw: This work item description is for the draft-ietf-sacm-coswid work,
>> which is SWID tag based. Doing this work is not mutually exclusive with
>> work on YANG-based software models. I personally believe both should be
>> worked on. By including this work item, I wanted to make sure we identified
>> an existing portion of adopted SACM work as something we plan to complete
>> under this revised charter. This does not exclude working on YANG models in
>> SACM or elsewhere that relate to software.]
>>
>> >
>> >     - To support collection of posture information from traditional
>> computing
>> > devices (e.g., servers, laptops, etc.), the WG will create standards
>> track
>> > documents describing mechanisms for the collection and delivery of
>> > information about installed software on an endpoint by extending IETF
>> NEA.
>> >
>> >     - To provide for the integration of multiple standards to support
>> posture
>> > information collection, the WG will define best practices  for the
>> collection of
>> > posture information from endpoints and its delivery to a collector, from
>> > which it can be distributed using the SACM messaging standards.
>> > [NCW] This seems to
>> >
>> >     -The WG will define standards track documents describing extensions
>> to
>> > the Resource-Oriented Lightweight Information Exchange (ROLIE) that
>> > provide IANA registrations and requirements to support the sharing of
>> > software, configuration information, and other forms of imperative
>> > guidance.
>> > [NCW] Similar to my previous comment, about CBOR/SWID,  there can be
>> > other means for providing information exchange.  For example, using Yang
>> > model and leveraging NETCONFs work for the information exchange.
>>
>> [daw: This work item addresses  draft-banghart-sacm-rolie-softwaredescriptor
>> (which has been adopted) and
>> draft-mandm-sacm-rolie-configuration-checklist. The ROLIE-based software
>> descriptor model supports vendor-to-enterprise exchange of CBOR/XML SWID
>> information (a type of imperative guidance), which can be used to provide
>> golden measurements, to construct vulnerability detection data, and other
>> security automation/assessment related use cases. Configuration setting
>> checklists expressed in a machine readable form are another example of
>> imperative guidance that can be exchanged over ROLIE with the definition of
>> a proper extension. This imperative guidance can be used to drive
>> collection and evaluation by defining what needs to be gathered and what
>> the expected state must be according to policy. ROLIE exchanges are
>> different than the exchanges supported by NETCONF and SWIMA, which are
>> focused on endpoint-to-enterprise exchanges of current state. Both the
>> vendor-to-enterprise and the endpoint-to-enterprise exchanges are needed in
>> my view, since they support different aspects of the assessment workflow.]
>>
>> >
>> >     Additionally, the working group will describe: 1) a SACM
>> Architecture
>> > including protocol requirements and their associated use cases as well
>> as a
>> > description of how SACM protocols fit together into a system, and 2) a
>> SACM
>> > Information Model.
>> >
>> >
>> >     > -----Original Message-----
>> >     > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Karen
>> >     > O'Donoghue
>> >     > Sent: Tuesday, September 12, 2017 12:48 PM
>> >     > To: sacm@ietf.org
>> >     > Subject: [sacm] Draft updated charter for SACM
>> >     >
>> >     > Folks,
>> >     >
>> >     > Below is a draft update to our charter based on discussion at the
>> last IETF
>> > and
>> >     > some subsequent private discussions. Comments welcome. Please
>> >     > remember that we plan to call out specific drafts using the
>> milestone
>> > process
>> >     > and not include them in the base charter.
>> >     >
>> >     > Regards,
>> >     > Karen
>> >     >
>> >     > ***************
>> >     >
>> >     > SACM Charter Proposal
>> >     > 2017-09-12
>> >     >
>> >     > Securing information and the systems that store, process, and
>> transmit
>> > that
>> >     > information is a challenging task for organizations of all sizes,
>> and many
>> >     > security practitioners spend much of their time on manual
>> processes.
>> >     > Standardized protocols and models aiding collection and
>> evaluation of
>> >     > endpoint attributes enable automation, thus freeing practitioners
>> to
>> > focus on
>> >     > high priority tasks.
>> >     >
>> >     > At its core, posture assessment consists of five basic steps,
>> which the
>> >     > working group desires to fulfill in an innovative, automated
>> manner
>> > capable
>> >     > of avoiding ad hoc or scheduled assessments:
>> >     >
>> >     > 1. Describe target endpoints
>> >     > 2. Determine specific endpoint elements to assess 3. Collect and
>> make
>> >     > available specified elements' actual values 4. Compare actual
>> element
>> > values
>> >     > to expected element values 5. Make results available
>> >     >
>> >     > This working group will focus on collection, evaluation, and
>> orchestration
>> > and
>> >     > communication, as described herein.
>> >     >
>> >     > A. Collection. The WG will define a standardized way to provide
>> two
>> > types of
>> >     > imperative guidance to collectors over varying collection
>> mechanisms:
>> >     >
>> >     > 1) Which target endpoints to collect from, and
>> >     > 2) What to collect from these target endpoints.
>> >     >
>> >     > When classified, a set of instructions (such as vulnerability
>> description
>> > data,
>> >     > YANG filter expressions, Windows Management Instrumentation
>> classes,
>> >     > etc.) can be brokered to the appropriate collectors using the
>> control
>> > plane
>> >     > functions defined by "C. Orchestration and Communication" (below).
>> >     > Detecting and classifying desired attributes beforehand may
>> require
>> >     > orchestrating functions that go beyond the set of capabilities a
>> collector
>> > can
>> >     > provide, and will inform the requirements and characteristics for
>> "C.
>> >     > Orchestration and Communication". The working group recognizes
>> that
>> >     > manual configuration of targets and corresponding collection
>> profiles will
>> > not
>> >     > scale and does not seem to be a viable option.
>> >     >
>> >     > B. Evaluation. The working group will standardize a criteria
>> language
>> > enabling
>> >     > evaluation of actual endpoint posture information against desired
>> > endpoint
>> >     > posture information to produce a standardized result. This
>> extensible
>> >     > language will support complex Boolean statements, comparison
>> > operators,
>> >     > logical flow statements, and functions for string manipulation.
>> > Additionally,
>> >     > the working group will seek to discover an approach that allows
>> data from
>> >     > any posture collection mechanism to be generically evaluated.
>> >     >
>> >     > C. Orchestration and Communication. The working group will define
>> a set
>> > of
>> >     > control plane functions to enable the discovery and orchestration
>> > between
>> >     > devices that can provide the requisite information sought by
>> posture
>> >     > collectors, posture evaluators, data repositories, and other SACM
>> >     > architectural components.
>> >     >
>> >     > Due to the breadth of this work, the working group will address
>> > enterprise
>> >     > use cases pertaining to the assessment of endpoint posture (using
>> the
>> >     > definitions of Endpoint and Posture from RFC 5209). The working
>> group
>> > will,
>> >     > whenever reasonable and possible, reuse existing work.
>> >     >
>> >     > Specific work items will include the following:
>> >     >
>> >     > - Collection: The WG will define a way to provide two types of
>> imperative
>> >     > guidance to the correct SACM collectors: 1) Which target
>> endpoints to
>> > collect
>> >     > from and 2) what to collect from these target endpoints. When
>> classified,
>> > a
>> >     > set of instructions, such as vulnerability description data or
>> YANG filter
>> >     > expressions, can be brokered to the appropriate collectors.
>> Detecting
>> > and
>> >     > classifying beforehand might require orchestrating functions that
>> go
>> > beyond
>> >     > the set of capabilities a SACM collector can provide.
>> >     >
>> >     > - Evaluation: The working group will describe a criteria language
>> capable
>> > of
>> >     > being evaluated against endpoint posture information to produce a
>> >     > standardized result. The language will support complex Boolean
>> > statements,
>> >     > comparison operators, and functions for string manipulation; and
>> will be
>> >     > extensible enough to be applicable to the full range of collected
>> posture
>> >     > attributes. Additionally, this document will describe an approach
>> that
>> > allows
>> >     > data from any posture collection mechanism to be evaluated.
>> >     >
>> >     > - Messaging: The WG will define a control plane function to
>> enable the
>> >     > discovery and orchestration between devices that can provide the
>> > requisite
>> >     > information sought by posture collectors, posture evaluators or
>> both. As
>> > an
>> >     > example, a document that describes an instance of such a control
>> plane
>> > and
>> >     > transfer protocol for data, is through the use of XMPP and
>> extensions as
>> >     > needed to demonstrate XMPP’s applicability to SACM.
>> >     >
>> >     > Additionally, the working group will describe: 1) a SACM
>> Architecture
>> >     > including protocol requirements and their associated use cases as
>> well as
>> > a
>> >     > description of how SACM protocols fit together into a system, and
>> 2) a
>> > SACM
>> >     > Information Model.
>> >     >
>> >     > _______________________________________________
>> >     > sacm mailing list
>> >     > sacm@ietf.org
>> >     > https://www.ietf.org/mailman/listinfo/sacm
>> >     _______________________________________________
>> >     sacm mailing list
>> >     sacm@ietf.org
>> >     https://www.ietf.org/mailman/listinfo/sacm
>> >
>> >
>> > _______________________________________________
>> > sacm mailing list
>> > sacm@ietf.org
>> > https://www.ietf.org/mailman/listinfo/sacm
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>
>

v2.23.0 | Report a Bug | By Email