IETF Logo Mail Archive

Re: [sacm] Question regarding Figure 2 in the SACM Architecture -00

"Schmidt, Charles M." <cmschmidt@mitre.org> Tue, 18 September 2018 15:24 UTC

Return-Path: <cmschmidt@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC6AD130EF2 for <sacm@ietfa.amsl.com>; Tue, 18 Sep 2018 08:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com header.b=sNRR8JSf; dkim=pass (1024-bit key) header.d=mitre.org header.b=b0fAY+Pv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xtY2XXIBxSLl for <sacm@ietfa.amsl.com>; Tue, 18 Sep 2018 08:24:01 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E889F130E68 for <sacm@ietf.org>; Tue, 18 Sep 2018 08:24:00 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 882136C0058; Tue, 18 Sep 2018 11:23:59 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (unknown [129.83.29.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtpvmsrv1.mitre.org (Postfix) with ESMTPS id 77B346C0055; Tue, 18 Sep 2018 11:23:59 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 18 Sep 2018 11:23:58 -0400
Received: from GCC01-DM2-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Tue, 18 Sep 2018 11:23:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aLhy74EzgsEyVoC8C/ZlDxCsn3eadeE3CBYaW41HMWI=; b=sNRR8JSfzpnh08irYzzJiv6YjbJTXxEYeWSURuDRgmJDO9ZWg0lY0oYu3TzDTG+rHFLQC87gtKPlwwSztEqMYCYLfE8PTtRwHpUSD2IIsShCgChYjwTgWWuuaw3czDVRn6xtH+cPZJO7KR1JFqMlLnqXVvXjuSlXAxkRs70zxhY=
Received: from BN7PR09MB2913.namprd09.prod.outlook.com (52.135.244.19) by BN7PR09MB2916.namprd09.prod.outlook.com (52.135.244.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1143.15; Tue, 18 Sep 2018 15:23:57 +0000
Received: from BN7PR09MB2913.namprd09.prod.outlook.com ([fe80::d84:1674:6ab0:a74f]) by BN7PR09MB2913.namprd09.prod.outlook.com ([fe80::d84:1674:6ab0:a74f%3]) with mapi id 15.20.1143.017; Tue, 18 Sep 2018 15:23:57 +0000
From: "Schmidt, Charles M." <cmschmidt@mitre.org>
To: Bill Munyan <bill.munyan.ietf@gmail.com>
CC: "<sacm@ietf.org>" <sacm@ietf.org>
Thread-Topic: [sacm] Question regarding Figure 2 in the SACM Architecture -00
Thread-Index: AdRKCUBA0L5HJid1RMSztgMsjTulfgAlu+sAAS9MGjA=
Date: Tue, 18 Sep 2018 15:23:57 +0000
Message-ID: <BN7PR09MB29139C103B8431204FC9DFA8AB1D0@BN7PR09MB2913.namprd09.prod.outlook.com>
References: <BN7PR09MB2913B4791EE81204562DBE96AB040@BN7PR09MB2913.namprd09.prod.outlook.com> <CAKUOEQyFVaKctsAdidUxAArbE+Nw3RvBODgrN5PAqjHh4DsPTg@mail.gmail.com>
In-Reply-To: <CAKUOEQyFVaKctsAdidUxAArbE+Nw3RvBODgrN5PAqjHh4DsPTg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cmschmidt@mitre.org;
x-originating-ip: [192.160.51.87]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN7PR09MB2916; 6:x7BOZGdMiS198RrTLzxFLf6EDTerHmOByYF6eKHORvgEXdNGk1v+QzB91NrpoDO7Ec+CQ5IJJxd0gvrZ68rwl8Y+jfkhkyxxjIChjkUkO5FBB6MeLK18Grz7wZwMJ0TRtlYygcAORavlUZgFYLooTpoiG+KcmqKHdycLuE4utAIoRiLt9tLnt6Hbi79hgqVyoy2SZzvnflJ8Racf1ksumxL3rVV3F5jkHJ2c6F7DXsPIrRSKDsi051U1kqtrji5fqp3Q/TLXW/GRm/w0rYmLqtSpLBsWHG9lZD+y0f+S2W3BaMEXkn1zH5s1FVCFa6G140O9A30GNgUQV87iYu6YL6BBxF2HvlUZSxpLSf644GcqyhyiZ0WqYWXbY/+JvcZdNnE83CD0LMVC68Ov/3RZtYjW7UqXOyzOxE5j/+7G8UV9MQp4avKQ70Av+FrFAWSbWD92GwqvXjTU/oXZjPxDWQ==; 5:8yNzIOAt/XZH3MRBqJ4YB0QwbZ6QObRnJMWrfCvzya3YsvCK5n8CK5pMw2xD71cBK9jwgI0FK84bAFDMDngvlKWvoOO7CFkWTyKuS4MrFkLMNbU/i6fx2vGu8hJCljpnzvGxFRxynhh6YJLVWRZRr+oDhHA/qdVebWcXPrYnyKo=; 7:KouZD2OqA3U4BbENcPSIP6TBxUKnyb9xACJeLz8Y8+Cp/Mr85sHVbFMyGsMj7XSNS56BdpO5n+jFqMeHDOEgjgHXHFLllzusnLARqGknkNtpFLZs4wBVaaMQesOLU9hNGJZ4hZx8w9kX2ZUf22MCl8A0tOlribCzX2tkBpJzSVXfrL4XnsWUxp/rppId/+dcKsw7323Q+BqF5rkW7O7bLkKLm/RShDd4h5Ms73ohe09GuESgX71GYLwTiweHmZQ9
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 13fcfb61-df95-45d1-539f-08d61d7ac0e6
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:BN7PR09MB2916;
x-ms-traffictypediagnostic: BN7PR09MB2916:
x-microsoft-antispam-prvs: <BN7PR09MB2916B8BF3C2CCE4D669795ECAB1D0@BN7PR09MB2916.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(85827821059158)(100405760836317);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231355)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201708071742011)(7699050); SRVR:BN7PR09MB2916; BCL:0; PCL:0; RULEID:; SRVR:BN7PR09MB2916;
x-forefront-prvs: 0799B1B2D7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(366004)(396003)(39860400002)(376002)(189003)(199004)(13464003)(40764003)(51914003)(14454004)(11346002)(33656002)(5660300001)(5250100002)(97736004)(2906002)(476003)(6246003)(39060400002)(6436002)(99286004)(446003)(186003)(102836004)(6506007)(53546011)(68736007)(486006)(105586002)(316002)(229853002)(106356001)(4326008)(26005)(6916009)(55016002)(256004)(25786009)(7696005)(53936002)(76176011)(478600001)(8936002)(8676002)(3846002)(6306002)(2900100001)(9686003)(6116002)(966005)(66066001)(81166006)(81156014)(305945005)(74316002)(86362001)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR09MB2916; H:BN7PR09MB2913.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 7E2EJAMCs62E4hEQuGVh17+ME7XQA9k/PSQPRkln1ZajxEb16QcBFEdJwzF+22fFhy5cCWw2f5pfHh9VVwOGRM9Oa/z8wh8FBoPiJUJo4FD4erpDaO4gDbA2hliLuMvy9EfStazjq3EUnied+PWxG+cwL1hvh6ne/wKntxkp+kc6oapkPOv9hZh3eA3g7aDfhbFHtzMCuvwW5OVbky7amdmQ1QpZwW6WA+ylvV0bWYNC3m/27v68F4CHe0LZpzu29udiyOv97ewg0tqHgRxg/Qhax0ezY9DUGRFyH1ZTyybQKO8auJpgMlePlT99078ya8TqoO5YtnL4bcTT9n7tJuCwBhiSwZS6HvRxc+EC6nw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 13fcfb61-df95-45d1-539f-08d61d7ac0e6
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2018 15:23:57.6297 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR09MB2916
X-OriginatorOrg: mitre.org
X-MITRE: 8GQsMWxq66rxk57w
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.org; h=from:to:cc:subject:date:message-id:references:in-reply-to:content-type:content-transfer-encoding:mime-version; s=selector1; bh=aLhy74EzgsEyVoC8C/ZlDxCsn3eadeE3CBYaW41HMWI=; b=b0fAY+PvfsusSUm2VxZf/MzH0lkFGcY9c0Mu0S4XQ9w/W7Bs1Dl4/7VSY3L8CghEaUOMonENUtMZgOW3QRk0zGNyd1/ZYHu1B9h4dkBQiG8e7n9etjyAMg4fdGG27ztGKF4aXksHMKtYtwUto5xxdUhhcuwq8Wkz5hHfeQudrOY=
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/eQpaYRRm7SsOISAul_PtlWlPyzk>
Subject: Re: [sacm] Question regarding Figure 2 in the SACM Architecture -00
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Sep 2018 15:24:10 -0000

Hi Bill,

Thanks for the clarification (and sorry about my delay in responding).

Your goal for figure 2 makes sense, and I appreciate that you are including. My confusion came from the multi-component nature of both SWIMA and EPCP. There are some parts of those standards where it would make complete sense to integrate with an XMPP-Grid Connector (namely the NEA servers), but other parts where this makes less sense (SWIMA PCs and PVs, or individual endpoints). I was a bit concerned that by lumping everything together under "SWIMA", there might be some confusion.

That said, in reviewing the figure again, "Datastream", "YANG Push", and "IPFIX" are also pretty general terms, so I suspect I was reading too much into the diagram. Given a better look at the context and your explanation, I think my concerns are allayed. 

Thanks for your help.

Charles

-----Original Message-----
From: Bill Munyan <bill.munyan.ietf@gmail.com> 
Sent: Wednesday, September 12, 2018 8:55 AM
To: Schmidt, Charles M. <cmschmidt@mitre.org>
Cc: <sacm@ietf.org> <sacm@ietf.org>
Subject: Re: [sacm] Question regarding Figure 2 in the SACM Architecture -00

Charles, 
Thanks for the question.  I think the intent of figure 2 is to provide notional examples of the fact that there could be many different endpoint attribute collection systems representing various types of posture collection, such as asset inventory, configuration and vulnerability management.  EPCP is one such collection system (and is diagrammed as a pointer to asset inventory) and the box for that in the diagram should represent an entire EPCP implementation, as per that spec (including posture collection manager, posture collectors, posture validators, etc).  Another example, labeled "datastream" is meant to represent those collectors able to interpret SCAP datastreams, collect system characteristics, etc.  The idea is that many disparate collection systems may collect endpoint posture attributes in their own way, and would thus need a set of interfaces (the "XMPP Grid Connector") to publish that information to the message transfer system (XMPP with Pub/Sub for example).

If the labeling is off or misleading, we'd be happy to get consensus on what would be the clearest label.

Cheers, 
-Bill M.


On Tue, Sep 11, 2018 at 3:59 PM Schmidt, Charles M. <cmschmidt@mitre.org <mailto:cmschmidt@mitre.org> > wrote:


	Hello,

	 

	A quick question regarding Figure 2 in the SACM Architecture -00 draft: It looks like there is a connection between “SWIMA” and an XMPP-Grid connector. By “SWIMA” do you mean a “NEA Server”? I could certainly see a NEA server interacting with an XMPP Grid Connector. I’m less convinced of there being a SWIMA PV or a SWIMA PC having a direct connection to a Connector.

	 

	For that matter, NEA Server might be an appropriate word to use for the ECP as well, since ECP is also multi-component, and some of those components probably don’t need direct interactions with Connectors.

	 

	Thoughts?

	 

	Charles

	_______________________________________________
	sacm mailing list
	sacm@ietf.org <mailto:sacm@ietf.org> 
	https://www.ietf.org/mailman/listinfo/sacm

v2.23.0 | Report a Bug | By Email