Markdown Version | Session Recording
Session Date/Time: 09 Nov 2021 14:30
sacm
Summary
The sacm working group meeting addressed the status of the CoSWID and Architecture drafts, alongside a critical discussion on the future of the working group itself. While the CoSWID document is nearing completion with a few remaining IANA-related issues, the Architecture document faces a lack of engagement and updates. The chairs and AD expressed concerns about the working group's lack of progress and energy, leading to a proposal to close the working group, with plans to transition or conclude the remaining drafts.
Key Discussion Points
- CoSWID Document Status:
- Authors (Hank and David) reported that most concerns raised by the AD (Roman) and initial Area/Directory reviews have been addressed.
- Approximately 4-5 minor, non-normative issues remain, primarily related to IANA registry handling.
- A key technical discussion revolved around the proposed IANA registry name:
swidvs.coswid.- Authors argued for
swidto align with the ISO SWID Tag standard for controlled vocabularies and allow for dual usage and synchronization where beneficial, while maintaining a separate tag registry for CoSWID-specific extensions. - Reviewers and the AD raised concerns about potential divergence between CoSWID and SWID, suggesting
coswidfor greater independence. - Authors believe the current approach offers the "best of both worlds" by allowing synchronization without hindering CoSWID's independent evolution.
- Authors argued for
- Architecture Document Status:
- Kathleen Moriarty presented on behalf of the primary author, Adam Montville, who was absent.
- Several recent issues have been handled, but open issues remain regarding security/privacy considerations, defining capability description methods, and adding an attestation section.
- Kathleen volunteered to help draft the attestation section, with Hank offering review assistance.
- Adam Montville is actively working with the Open Cybersecurity Alliance (OCA) on the "Pace" effort to instantiate the SACM architecture, with Michael providing support.
- Concerns were raised about the pace of updates to the IETF draft and the primary development work occurring outside the IETF.
- A call for additional reviewers and contributors for the draft received no immediate volunteers.
- Way Forward for the Working Group:
- The chairs (Karen and Chris) and AD (Roman) expressed significant concern about the working group's lack of energy and progress, noting a pre-established "January timer" for resolution.
- Evidence cited included slow CoSWID updates and the lack of engagement/updates for the Architecture document.
- The consensus among the chairs and AD was that the working group has "run out of steam."
- Hank requested that the CoSWID document be allowed to complete its process.
- Kathleen requested that Adam Montville be given an opportunity to provide input on the Architecture document's fate, given its ongoing implementation work.
- Discussion ensued about the future of the Architecture document, including suggestions to transition the work to Pace/OCA or to publish it as an Informational RFC with a more limited scope within the IETF to provide an artifact for the working group.
Decisions and Action Items
- CoSWID Document:
- Decision: The CoSWID authors (Hank and David) will make a strong, clear, and coherent recommendation regarding the IANA registry naming (
swidvs.coswid) and other outstanding issues. - Action Item: Authors to provide an updated draft, addressing all of Roman's comments, to the working group mailing list by the end of next week (aiming for mid-November). This update is crucial for proceeding to IETF Last Call.
- Decision: The CoSWID authors (Hank and David) will make a strong, clear, and coherent recommendation regarding the IANA registry naming (
- SACM Working Group Closure:
- Decision: The working group will move forward with a plan to close.
- Action Item: The chairs will send a message to the working group mailing list announcing the plan to close the working group and solicit any strong reasons or commitments for keeping it open within a 1-2 week period.
- Architecture Document:
- Action Item: The chairs and AD will follow up with Adam Montville offline to discuss options for concluding the Architecture document, including potentially down-scoping it, publishing it as an Informational RFC to provide an artifact for the working group, or formally transitioning the ongoing development work to the Pace effort within OCA.
Next Steps
- CoSWID authors to submit the updated draft addressing IANA registry naming and other feedback to the mailing list by end of next week. The goal is to get it through IETF Last Call for potential inclusion in the December 14th telechat.
- Chairs to send an email to the
sacmmailing list announcing the proposed closure of the working group, inviting feedback and commitments to keep it active. - Chairs/AD to engage with Adam Montville and Michael to determine the best path forward for the Architecture document, considering options such as an Informational RFC or transition to Pace/OCA.