IETF Logo Mail Archive

Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document

"Haynes, Dan" <dhaynes@mitre.org> Mon, 20 June 2016 18:24 UTC

Return-Path: <dhaynes@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBC6812D0A9 for <sacm@ietfa.amsl.com>; Mon, 20 Jun 2016 11:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.625
X-Spam-Level:
X-Spam-Status: No, score=-5.625 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vTN4WZp4GPhU for <sacm@ietfa.amsl.com>; Mon, 20 Jun 2016 11:24:35 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 8CEE4127078 for <sacm@ietf.org>; Mon, 20 Jun 2016 11:24:35 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id ED28B6C005D; Mon, 20 Jun 2016 14:24:34 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (imshyb02.mitre.org [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id D96006C035C; Mon, 20 Jun 2016 14:24:34 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Mon, 20 Jun 2016 14:24:33 -0400
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Mon, 20 Jun 2016 14:24:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9M/c3EpDLLMFZUkMhAyYVRcJKCY4KLBpP61wPb+uigw=; b=qZkAeXw5GIDnNLF7ko8UQoO9//Fb5M+mOZ9LOVy9KFT7kV8teE0UoyXVIxFppBVmLh0U8GDewZnT1ulsPKyZ9RaftXsIyawzpzDsU4mcZXIu7t66jLUMr44o3eYdJH5GNBT6yvw3Em4pU7tsk2RzrzAmts3gl662weRpTYK2kYc=
Received: from BY2PR09MB1078.namprd09.prod.outlook.com (10.166.116.10) by BY2PR09MB1080.namprd09.prod.outlook.com (10.166.116.12) with Microsoft SMTP Server (TLS) id 15.1.523.12; Mon, 20 Jun 2016 18:24:27 +0000
Received: from BY2PR09MB1078.namprd09.prod.outlook.com ([10.166.116.10]) by BY2PR09MB1078.namprd09.prod.outlook.com ([10.166.116.10]) with mapi id 15.01.0523.015; Mon, 20 Jun 2016 18:24:27 +0000
From: "Haynes, Dan" <dhaynes@mitre.org>
To: Adam Montville <adam.w.montville@gmail.com>, "Dan (Dan) Romascanu" <dromasca@avaya.com>
Thread-Topic: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
Thread-Index: AQHRsFg3j9pPF/hRvEyIr/ZBYgADtZ/hrueAgAAdaYCAADWYAIAAsskAgATluwCAB8GGAIADd8Ig
Date: Mon, 20 Jun 2016 18:24:26 +0000
Message-ID: <BY2PR09MB1078437729D1E67B79C83516A52A0@BY2PR09MB1078.namprd09.prod.outlook.com>
References: <17198AFF-DF5A-46BC-B84A-2AAF1717BD90@isoc.org> <EC234EFE-95AB-444B-8A5D-782ADBD60559@gmail.com> <1c99b26c-bdac-5798-1bd9-e957b11ae4bd@yaanatech.com> <db612b00-c11a-88c1-45da-35e0693305e9@ThreatGuard.com> <6062111F-9C39-4C7C-B008-F7E23FED40DE@gmail.com> <9904FB1B0159DA42B0B887B7FA8119CA7520D40F@AZ-FFEXMB04.global.avaya.com> <E79698DE-B183-4AE1-8F6C-08744E8BFFDF@gmail.com>
In-Reply-To: <E79698DE-B183-4AE1-8F6C-08744E8BFFDF@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dhaynes@mitre.org;
x-originating-ip: [192.160.51.86]
x-ms-office365-filtering-correlation-id: 40278d15-6e2c-4cc0-380c-08d399381d28
x-microsoft-exchange-diagnostics: 1; BY2PR09MB1080; 6:A9Mw/rB22n3BtV7JA54MGQNo5Mu4sjyLPhRQMJ/sWLDTURpxJa17yQdo5+4/SEqgE7KuAY8RTpXMzGEc+2qvJiazZmD1VtlN/CdQYjLJzIJWQSGnWjQlz44NqbNaN3hJububE7Cy1TmUxoobBsuFVAAV2/gmYySE/TvGtijmp7WHquGrwKVsRzQOH1YE6hTamYDAQ+Bm4v1oYxNqNoRIFNn2CyKsK75fCRrhJT9BBLiz/g5jkGTNlht9M+0N7eosBkeIctIVaCj2ewPlDOLS0gl6u2XQ3lhvJmwzop8zygarbvOKGNeM/DvRk7R6Qe+ybXtwyLwK+DKgd2+1neMqdA==; 5:36OF1pvUvMTVNqZkCgMJuLDgQOn/qgNMtgedLknODln6LT0WFedf68mTFnyx5lV/1Xg/+OAt04ejlMX3JjdI3wmX0mdfkAFGoDERqaNALOX4upVPy+n31LtAo3SDrPIxJqSZvK0FeDxRQetnCRnTlw==; 24:EDr0sRJg88Zo6CyB314iedvpqBjPMWnm+9WEPkooLtMEZvyLTuQxkK0LoLluZR8b/VVt01D/9rc2aDzSXIPy6B92kSFqiu+bZC8VsbsFhWU=; 7:PnOk7qGtl7wWePQHTou5uqu4L5VJ/UdXliQEgt4uRZAtFs5VosSNnM2SBvAv9NheOImlqGw4onv83KcgP7uDk106wnl6f6UT8R2+OWpWpr5UeJC/BWCLCroVcjOarN9L9mZCse/r5oxAHNZZ1+fANUY8nHI/Ohbh5Tuu34Njfl+enlbdLmvEDUh6KR4pN2Cssth3Z76rX5t83EBlOEL02u/opqBCGiesU8f1rrhkGBdui8NCLcThHrs15Uh7OQaK
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR09MB1080;
x-microsoft-antispam-prvs: <BY2PR09MB10802D3917A8D1BD791F9B9BA52A0@BY2PR09MB1080.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(100405760836317)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BY2PR09MB1080; BCL:0; PCL:0; RULEID:; SRVR:BY2PR09MB1080;
x-forefront-prvs: 09796A1B83
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(377454003)(199003)(377424004)(71364002)(52044002)(189002)(24454002)(57704003)(5001770100001)(81166006)(10400500002)(99286002)(8676002)(5002640100001)(66066001)(19300405004)(122556002)(81156014)(86362001)(16236675004)(74316001)(87936001)(77096005)(15975445007)(2900100001)(2950100001)(19580405001)(230783001)(68736007)(19580395003)(97736004)(102836003)(8666005)(54356999)(19609705001)(50986999)(105586002)(9686002)(19617315012)(3280700002)(7906002)(189998001)(19625215002)(101416001)(3660700001)(6116002)(76576001)(2906002)(106116001)(9326002)(4326007)(93886004)(33656002)(7846002)(92566002)(790700001)(106356001)(11100500001)(8936002)(586003)(3846002)(76176999)(5003600100003)(7696003)(7736002)(7059030); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR09MB1080; H:BY2PR09MB1078.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR09MB1078437729D1E67B79C83516A52A0BY2PR09MB1078namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2016 18:24:27.1111 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR09MB1080
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/wIkqhdAAkPpTn_Ooe6zhNB-EAXw>
Cc: Gunnar Engelbach <gunnar.engelbach@threatguard.com>, "<sacm@ietf.org>" <sacm@ietf.org>, "tony@yaanatech.com" <tony@yaanatech.com>
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2016 18:24:39 -0000

Hi Adam,


This all makes sense to me.  With regards to completeness, I would also add DM-001 which says “The data model MUST contain a data model element for each information model element”.  As long as we make our IM complete, our DM will also be complete because of this requirement.

Thanks,

Danny

From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Adam Montville
Sent: Saturday, June 18, 2016 8:39 AM
To: Dan (Dan) Romascanu <dromasca@avaya.com>
Cc: Gunnar Engelbach <gunnar.engelbach@threatguard.com>; <sacm@ietf.org> <sacm@ietf.org>; tony@yaanatech.com
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document

Hi.  Because we would like to move our requirements through IESG, I would like to drive this to ground.   There are three things that we’re talking about doing when it comes to selecting a data model for software identification:

1) Extensibility
2) Accessibility (not cost prohibitive)
3) Completeness

There is a data model requirement for (1) - DM-014 Attribute Extensibility.  There does not seem to be a requirement for accessibility (2) or completeness (3).

My question is this: Do we need such requirements?

I would assert that we do not.  Accessibility is something that we will always judge by virtue of the fact that we operate within the culture of the IETF.  Completeness is not something we need to put into the requirements draft by virtue of DM-002 Data Model Structure, which indicates that a data model can be structured monolithically or composed of modules/sub-modules—this seems to imply that we could be ok with “completeness” potentially coming from more than one place.

Thoughts?

Adam


On Jun 13, 2016, at 9:12 AM, Romascanu, Dan (Dan) <dromasca@avaya.com<mailto:dromasca@avaya.com>> wrote:

Re: Requirements – is this not what https://datatracker.ietf.org/doc/draft-ietf-sacm-requirements/ is about? Maybe it needs an update.

Regards,

Dan


From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Adam Montville
Sent: Friday, June 10, 2016 2:25 PM
To: Gunnar Engelbach
Cc: <sacm@ietf.org<mailto:sacm@ietf.org>>; tony@yaanatech.com<mailto:tony@yaanatech.com>
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document

This seems like a fine approach.

As part of that third item, I’d like to get requirements from our own drafts as well, starting perhaps with the vulnerability scenario, but also considering our requirements and other drafts.



On Jun 9, 2016, at 7:44 PM, Gunnar Engelbach <gunnar.engelbach@threatguard.com<mailto:gunnar.engelbach@threatguard.com>> wrote:



Hey Tony, funny thing that you should say that.  You seem to have a better awareness of the other efforts going on out there than I do, so I could use your help in identifying other good candidates and what will be necessary to support as many of them as possible.

What I'd really like to do is take a more formal approach -- gather some requirements and then see from among the existing efforts which is the best from among those that are good enough.  If any.

But first is a matter of setting the requirements.  Stated generally, I really only have three:

  1)  Is extensible -- as a fork outside of the current owner, if necessary, to be sure it continues to meet SACM needs without relying on the good graces of the current owner

  2)  Readily accessible (eg., spec is not cost prohibitive for any users)

  3)  The most complete (that is, closest to being able to represent the other tag types without loss of data or shoe-horning data into fields that weren't really meant for that type of data)


I'm sure Charles, et al, will have other requirements, so feel free to chime in.  However, I think the simpler and more informal we can keep this list the quicker we can grind through it.


--gun




On 6/9/2016 2:33 PM, Tony Rutkowski wrote:
Hi Adam,

A good solution.  Charles and Gunnar should also engage
in some proactive outreach.  Simply stating that "no other
solutions to the problem of software identification have
been submitted" is preposterous when there are so many
out there.  IMHO, one of the long-standing problems with
SACM is its institutional and participatory insularity in an
arena where so many almost identical activities are occurring
in other venues where there is far greater industry participation.
Ignoring them diminishes the value of whatever SACM
accomplishes.

--tony
On 2016-06-09 3:47 PM, Adam Montville wrote:
All:

After several on-list discussions, the last virtual interim, and the discussions surrounding this call for adoption, the chairs acknowledge that there are some key concerns with this draft, but also see that there is rough consensus for adoption.  We additionally note that no other solutions to the problem of software identification have been submitted to the working group [1].

Because the topic of software identification, and SWID in particular, appears to be a contentious one, we are designating Charles Schmidt and Gunnar Engelbach as editors of the working group draft [2].  We believe that Charles and Gunnar will bring the necessary balance to this draft, so that the key concerns are sufficiently addressed.

Kind regards,

Adam & Karen

[1] This draft adoption does not preclude future alternative submissions
[2] Note that original authors will remain authors, but Charles and Gunnar will hold the pen.


On May 17, 2016, at 11:21 AM, Karen O'Donoghue <odonoghue@isoc.org<mailto:odonoghue@isoc.org>> wrote:

Folks,

As discussed during our last couple of meetings, this is the official call for adoption of https://datatracker.ietf.org/doc/draft-coffin-sacm-nea-swid-patnc/ as a SACM working group document.

Please reply with any comments or concerns along your support of this action to the mailing list.

Thanks,
Karen and Adam
_______________________________________________
sacm mailing list
sacm@ietf.org<mailto:sacm@ietf.org>
https://www.ietf.org/mailman/listinfo/sacm






_______________________________________________

sacm mailing list

sacm@ietf.org<mailto:sacm@ietf.org>

https://www.ietf.org/mailman/listinfo/sacm






_______________________________________________

sacm mailing list

sacm@ietf.org<mailto:sacm@ietf.org>

https://www.ietf.org/mailman/listinfo/sacm


_______________________________________________
sacm mailing list
sacm@ietf.org<mailto:sacm@ietf.org>
https://www.ietf.org/mailman/listinfo/sacm

v2.23.0 | Report a Bug | By Email