IETF Logo Mail Archive

Re: [sacm] FOR REVIEW: IM Merge - Abstract and Introduction

"Haynes, Dan" <dhaynes@mitre.org> Tue, 26 April 2016 20:21 UTC

Return-Path: <dhaynes@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B75612D56C for <sacm@ietfa.amsl.com>; Tue, 26 Apr 2016 13:21:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.195
X-Spam-Level:
X-Spam-Status: No, score=-5.195 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZfGZtMJ1b7x for <sacm@ietfa.amsl.com>; Tue, 26 Apr 2016 13:21:31 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 133CA12D0B4 for <sacm@ietf.org>; Tue, 26 Apr 2016 13:21:31 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 93ED88BC04B; Tue, 26 Apr 2016 16:21:30 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (imshyb02.mitre.org [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 7EB2B8BC040; Tue, 26 Apr 2016 16:21:30 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (129.83.29.3) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 26 Apr 2016 16:21:30 -0400
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Tue, 26 Apr 2016 16:21:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dphrKIbUm7jq0/v+QChE4mtrFICyrNU7FHHYMJF4gSo=; b=U0b98I+B/DaQ+fewVuepwGCOr97phPVtPFPYVTsk8v4Z/DHJ7aZ1f4seM34NUGg7+LmB/zghEe/8cdhJYBY6ERC1ZtZOaE5OYRnE/Up0OF6n/xpDIzA7R+MXXmO25tNjqXHKyoM1S4oqetjJ+wSJW6Fauwk8Z2WBufPPjNUtQvM=
Received: from BY2PR09MB1078.namprd09.prod.outlook.com (10.166.116.10) by BY2PR09MB1078.namprd09.prod.outlook.com (10.166.116.10) with Microsoft SMTP Server (TLS) id 15.1.477.8; Tue, 26 Apr 2016 20:21:28 +0000
Received: from BY2PR09MB1078.namprd09.prod.outlook.com ([10.166.116.10]) by BY2PR09MB1078.namprd09.prod.outlook.com ([10.166.116.10]) with mapi id 15.01.0477.012; Tue, 26 Apr 2016 20:21:28 +0000
From: "Haynes, Dan" <dhaynes@mitre.org>
To: Adam Montville <adam.w.montville@gmail.com>
Thread-Topic: [sacm] FOR REVIEW: IM Merge - Abstract and Introduction
Thread-Index: AdGRtTFLDfDzg/VSSmG9wKXdvd34NAALJWIAA38xciA=
Date: Tue, 26 Apr 2016 20:21:28 +0000
Message-ID: <BY2PR09MB1078AB571027DE7B81698A71A5630@BY2PR09MB1078.namprd09.prod.outlook.com>
References: <CY1PR09MB09395A854600F4B57DC7E2CCA5910@CY1PR09MB0939.namprd09.prod.outlook.com> <59A54637-9AAB-4F65-8AA1-DDCB80255968@gmail.com>
In-Reply-To: <59A54637-9AAB-4F65-8AA1-DDCB80255968@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=mitre.org;
x-originating-ip: [192.160.51.88]
x-ms-office365-filtering-correlation-id: cd5cef27-f036-443d-d075-08d36e105913
x-microsoft-exchange-diagnostics: 1; BY2PR09MB1078; 5:h8celghnLI+NZY07m1sCoW+nZ0BE89dQbP7OyZZW9FyyO1uA0akL3UeX6XRkvln/DhQmIZNDUT5O2ZsGzjRh97Ew6AACUIOKqZJfLBoN+Skit+rBTKOyYCUT2KGIwtNBK89RCN1MEUmDZrZCMneYXA==; 24:Gq8bOUkp7l4+wBxcwV8ctPrTsjDqp3+jytoBVTGT22dUk3Xthf9eFeWLTbtgFe64sEHUOOOhVro6YcEP407Yyv8h9NWItEGmcKlzmGDs/40=; 7:jaHCy9qWfoVhZyHD4SwbRF9AreBASASqA3i0aAWTjF6c2NvX8d2gCJHzT84gP2T6/2I/AxDueg2s9j58D17ymAH6rcGVpCIXwhhuoks1Rip8XpC/l3TIHcBm5QxXUU58D0o2rlZ+7FCOrmFZu+tQV9B0C9b2Olmv8l6HgqbXHvsKZt+OirOnZIm+3ZL//6lf
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR09MB1078;
x-microsoft-antispam-prvs: <BY2PR09MB107872903270CB1A667D5E9CA5630@BY2PR09MB1078.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521072)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BY2PR09MB1078; BCL:0; PCL:0; RULEID:; SRVR:BY2PR09MB1078;
x-forefront-prvs: 0924C6A0D5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(377454003)(71364002)(24454002)(74316001)(77096005)(19300405004)(99286002)(15975445007)(2900100001)(2950100001)(19580405001)(122556002)(19580395003)(1096002)(76576001)(92566002)(81166005)(1220700001)(6116002)(87936001)(66066001)(586003)(790700001)(3280700002)(11100500001)(2906002)(33656002)(10400500002)(9686002)(19625215002)(102836003)(16236675004)(9326002)(4326007)(3660700001)(5002640100001)(5004730100002)(86362001)(189998001)(76176999)(110136002)(5008740100001)(54356999)(5003600100002)(50986999); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR09MB1078; H:BY2PR09MB1078.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR09MB1078AB571027DE7B81698A71A5630BY2PR09MB1078namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2016 20:21:28.0968 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR09MB1078
X-OriginatorOrg: mitre.org
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/rywfxOgb2dcJksgWmut-TKNRy8U>
Cc: "sacm@ietf.org" <sacm@ietf.org>
Subject: Re: [sacm] FOR REVIEW: IM Merge - Abstract and Introduction
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 20:21:33 -0000

Hi Adam,

A few comments inline below.

Thanks,

Danny

From: Adam Montville [mailto:adam.w.montville@gmail.com]
Sent: Friday, April 08, 2016 5:58 PM
To: Haynes, Dan <dhaynes@mitre.org>
Cc: sacm@ietf.org
Subject: Re: [sacm] FOR REVIEW: IM Merge - Abstract and Introduction


On Apr 8, 2016, at 1:53 PM, Haynes, Dan <dhaynes@mitre.org<mailto:dhaynes@mitre.org>> wrote:

With that said, can the “Abstract” and “1. Introduction” of [3] replace the “Abstract” and “1. Introduction” of WG IM [2]?

As contributor.

I think the abstract replacement is sane.  Some clarification on why we care only about data in motion and not as much about data at rest might be required.  I’m fine with focusing on data in motion, provided the expectation that any data at rest does not violate the relationships between information as established by the information model.  This might be handled well by slightly altering the last sentence in the first paragraph of the introduction to something like: “It is expected that information elements, and the relationships between them, expressed in this document are retained when fit into data models for data at rest.”  (Or something like that.)

[danny]: I see. I think  the main point with respect to data in motion vs. data at rest is that we primarily care about getting information from one SACM Component to another.  How it is stored in a Repository could be left for an implementer to decide.  With that said, you are right.  Things like relationships need to be retained somehow or at least re-constructible in the event that data including relationships must be provided in response to a query to the Repository.  Do you think it is worth calling out that the relationships can either be preserved directly in the data model or in some other way that allows them to be reconstructed at a later time (which may provide more flexibility)?  If both of these are covered by “retained” or this flexibility is not needed, I am fine with just using what you have proposed.

The changes in the introduction seem significant, and I like the brevity of the proposed replacement.  It appears that you’ve dropped the “Problem Statement”, “Referring to An Endpoint”, and “Dealing with Uncertainty” subsections of the introduction.  Was this done because these topics are treated elsewhere?

[danny]: When merging the text from the IMs, we were focused on making the WG IM as clear and concise as possible.  That is, what is the minimal text necessary to: (1) allow readers to understand what types of information we are trying to model, (2) what structures are available to model this information, and (3) the actual information elements that we think are necessary for SACM.  As a result, if the text didn’t seem critical to reaching this objective, we did not include it in the merged text.  Do you feel that this text is absolutely critical to include in the WG IM?  The main driver behind this is that the current WG IM is already very long :).

It seems that you’ve also become more specific when talking about the tasks supported by the information model.  The current introduction speaks to things like “endpoint characterization” and the proposed introduction speaks to things like “target endpoint characterization”.  Was the qualifying word “target” chosen for a particular reason?

[danny]: We added the “target” qualifier because it was more specific to the tasks being supported by the IM and better aligned with the terminology document.

I ask, because in my mind “target endpoints” are the subject of an assessment process, but we need to deal with endpoints outside of such processes.  Configuration assessment or vulnerability assessment will have “target endpoints” to examine, but an endpoint management capability doesn’t really have “target endpoints”, because it is concerned with all endpoints (use of the qualifier “target” implies a subset of the whole).

[danny]: Using the current definition of “target endpoint", wouldn’t an endpoint under the “endpoint management capability” be considered an “endpoint of interest” and as a result a “target endpoint”?
My recommended change to the proposed introduction is to change “target endpoint” to “endpoint”.

Again, all of these comments are made with my contributor hat on.

Kind regards,

Adam

v2.23.0 | Report a Bug | By Email