Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-patnc
Adam Montville <adam.w.montville@gmail.com> Wed, 02 August 2017 10:18 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0ABE129B3A for <sacm@ietfa.amsl.com>; Wed, 2 Aug 2017 03:18:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfwDrdBN-42K for <sacm@ietfa.amsl.com>; Wed, 2 Aug 2017 03:18:25 -0700 (PDT)
Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83FAA126BF0 for <sacm@ietf.org>; Wed, 2 Aug 2017 03:18:25 -0700 (PDT)
Received: by mail-it0-x22a.google.com with SMTP id h199so21423391ith.0 for <sacm@ietf.org>; Wed, 02 Aug 2017 03:18:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=mGljuf0mj7PL8gZ+h+Ol3PCXH/qqLr8yrHJxsY6GubU=; b=haZuK29Q13QSPOes4KH26NSKF+TByT3pL8CubphpUxQxhlG1welmvgziW73mr4Y2b2 dy91hjhgyGq2XtVh2wdaaoHoJiZSxAvA7hsRuXKkHLzVdjEwHX6xfBMpoL0mK1EFXGRV 7zzmjLKO06ONL+NRT2q3nnHoPjdV2D795sxwMKjXWNELZo9n6gASvWrIXOapqaw/sNqi nzHKR0onQWYxGWpJAkRvjwRrDkKJurr2WQpT944B4wBLmh0L6K3xWdIDLTtuXOXUkySX UV5StE4n4H01I1DTlNhrZ+aHII9FCiCt8wB5KVDGbYEyFH67b5pMZSEQ9lmKj+GZFncR s5VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=mGljuf0mj7PL8gZ+h+Ol3PCXH/qqLr8yrHJxsY6GubU=; b=daCmgL1BIBz7PQsTwMxNb+LmoSMlyYR0j174JgnufueDQxCbsL+c7qWsrrou0NFXSF DTfdmUu8IEeumuhEzJPDx/ldDBt1gY9L+Kvc8GF8X74yU5/LOEmzhD0c76gSzSzn00sh IwPVZdJNuojXH56qoWZufRWKY1F2IyqJ4kjK42fhcBcIHojYdSEhUlqHvf2su348irtY kceVpG+ztzgRmiNzwJYY3jl53AgKXww1sBaV91XDalNNVIjEqfQuX8DjrElJgunG94/o +TyhuHsGKWpeCPoF/yoCAhRdlzBXkW+AyJu4pLxyzcUbJLghhXpIHuBRuJR5C30YkwUe RtbA==
X-Gm-Message-State: AIVw112EDVitvA4vnZL1B4PCgEK66mv/8oExQ7kkFVkN5BDuweIaFJij qiET9g+wCWymzc4wq/U4y+PfoDgBxajk
X-Received: by 10.36.47.144 with SMTP id j138mr5101439itj.30.1501669104896; Wed, 02 Aug 2017 03:18:24 -0700 (PDT)
MIME-Version: 1.0
References: <E40D1FEF-2408-4508-AEBC-AC3052D3AAD3@isoc.org> <CACknUNWFVWBaDuKs_sVpHU7m3jg_WmMrB3-CJy6HCJwj6AhLyQ@mail.gmail.com> <c17cc872-c263-5dd5-36fd-bb459a1f4509@strongswan.org>
In-Reply-To: <c17cc872-c263-5dd5-36fd-bb459a1f4509@strongswan.org>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Wed, 02 Aug 2017 10:18:14 +0000
Message-ID: <CACknUNX5o9+6qNdoNc5Sr=ZpxAX+pazp-07YT3CvMjQipJ8p-g@mail.gmail.com>
To: Andreas Steffen <andreas.steffen@strongswan.org>, Karen O'Donoghue <odonoghue@isoc.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a1144183c9153a30555c2955e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/pBNXSUcXpH1K0P3gyQfoHRRzTuk>
Subject: Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-patnc
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2017 10:18:27 -0000
Thanks! This does help, yes. On Tue, Aug 1, 2017 at 8:59 AM Andreas Steffen < andreas.steffen@strongswan.org> wrote: > Hi Adam, > > see my inline comments > > On 31.07.2017 21:51, Adam Montville wrote: > > > > Propose renaming "SW Attribute" to "SWIMA Attribute", which seems more > > accurate. Take a look a the "SW Attribute" subtypes listed in section > > 5.2 to understand my motivation. Assuming "SW" expands to "software" > > (which is a reasonable presumption), then SW Request is not a SW > > Attribute. A SW Attribute might be a configuration item that software > > contains, but not a SW Request. The SW Request attribute is used to > > request software inventory related information from an endpoint, and is > > thus more appropriately an attribute associated with SWIMA than with > > "software". If this is acceptable, then we should update the term in > > section 10.1. > > > A SW Request can very well be a SW Attribute. Have look at RFC5792 > PA-TNC were the standard Attribute Request Attribute is defined > > https://tools.ietf.org/html/rfc5792#section-4.2.1 > > which can be used by a Posture Validator to request any number of > PA-TNC attributes from a Posture Collector. > > > Then, we may want to consider expanding "SW" to "SWIMA" wherever > > appropriate (i.e. SW Request could become SWIMA Request), which is > > longer to type but also inarguably more clear. > > > SWIMA is the acronym for *Software Inventory Message and Attributes", > i.e the I-D document is about Software Inventory Attributes being > transported in PA-TNC messages of PA Subtype "SW Attributes". > > Since a Posture Validator can request either a SW [Identifier] Inventory > Attribute or a SW [Identifier] Events Attribute, SW Request is a > very good description for the request. > > > On Page 15 the draft states "All SW-PCs MUST at least be able to > > generate Software Identifiers for the data model types specified in > > Section 6 of this document." Section 6 describes data models for SWID > > 2009 and SWID 2015, but nothing else. Is this really what we desire? > > What about Linux distribution package managers? What about discovered > > software outside typical installation patterns? And, does it make sense, > > in a brokered architecture like NEA, to require redundant capabilities > > in the anticipated myriad collectors?> > Before the advent of SWIMA, simple software inventory information > (Package Name/Package Version Number) available from a Linux Package > Manager had to be sent in a standard Installed Packages Attribute > accompanied by a standard Product Version Attribute (giving information > about the underlying Operating System), both attributes defined in > RFC5792 PA-TNC. Thus a minimalistic SWID 2015 tag of the form > > <SoftwareIdentity name="tar" > tagId="Ubuntu_16.04-x86_64-tar-1.28-2.1ubuntu0.1" > version="1.28-2.1ubuntu0.1" versionScheme="alphanumeric"> > <Entity name="strongSwan Project" regid="strongswan.org" > role="tagCreator"/> > </SoftwareIdentity> > > carries about the same information and the software release can be > uniquely referenced by a Software Identifier of the form > > strongswan.org__Ubuntu_16.04-x86_64-tar-1.28-2.1ubuntu0.1 > > Hopefully some time in the not too distant future Ubuntu in the > role of a distributor would then release signed reference SWID 2015 > tags e.g. with a Software Identifier of the form > > ubuntu.com__16.04-amd64-tar-1.28-2.1ubuntu0.1 > > retrievable from the page manager. > > I think for most use cases the SWID 2015 Data Model can be used. I'm > not sure about the relevance of the SWID 2009 Data Model because only > about a dozen of tags seem to exist in the wild. > > The extensibility of the Data Model via the PEN/Type mechanism is > very important. I think there are shortly going to be SWID 2015 > variants, e.g using a JSON or CBOR encoding of the SW record. > > Hope this helps > > Andreas > > ====================================================================== > Andreas Steffen andreas.steffen@strongswan.org > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Networked Solutions > HSR University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[INS-HSR]== > >
- [sacm] WGLC for draft-ietf-sacm-nea-swima-patnc Karen O'Donoghue
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Andreas Steffen
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Henk Birkholz
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Ruben Oliva
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Waltermire, David A. (Fed)
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Nancy Cam-Winget (ncamwing)
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Andreas Steffen
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Nancy Cam-Winget (ncamwing)
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Schmidt, Charles M.
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Karen O'Donoghue
- Re: [sacm] WGLC for draft-ietf-sacm-nea-swima-pat… Adam Montville