**Session Date/Time:** 09 Nov 2021 14:30

# sacm

## Summary

The sacm working group meeting addressed the status of the CoSWID and Architecture drafts, alongside a critical discussion on the future of the working group itself. While the CoSWID document is nearing completion with a few remaining IANA-related issues, the Architecture document faces a lack of engagement and updates. The chairs and AD expressed concerns about the working group's lack of progress and energy, leading to a proposal to close the working group, with plans to transition or conclude the remaining drafts.

## Key Discussion Points

*   **CoSWID Document Status:**
    *   Authors (Hank and David) reported that most concerns raised by the AD (Roman) and initial Area/Directory reviews have been addressed.
    *   Approximately 4-5 minor, non-normative issues remain, primarily related to IANA registry handling.
    *   A key technical discussion revolved around the proposed IANA registry name: `swid` vs. `coswid`.
        *   Authors argued for `swid` to align with the ISO SWID Tag standard for controlled vocabularies and allow for dual usage and synchronization where beneficial, while maintaining a separate tag registry for CoSWID-specific extensions.
        *   Reviewers and the AD raised concerns about potential divergence between CoSWID and SWID, suggesting `coswid` for greater independence.
        *   Authors believe the current approach offers the "best of both worlds" by allowing synchronization without hindering CoSWID's independent evolution.
*   **Architecture Document Status:**
    *   Kathleen Moriarty presented on behalf of the primary author, Adam Montville, who was absent.
    *   Several recent issues have been handled, but open issues remain regarding security/privacy considerations, defining capability description methods, and adding an attestation section.
    *   Kathleen volunteered to help draft the attestation section, with Hank offering review assistance.
    *   Adam Montville is actively working with the Open Cybersecurity Alliance (OCA) on the "Pace" effort to instantiate the SACM architecture, with Michael providing support.
    *   Concerns were raised about the pace of updates to the IETF draft and the primary development work occurring outside the IETF.
    *   A call for additional reviewers and contributors for the draft received no immediate volunteers.
*   **Way Forward for the Working Group:**
    *   The chairs (Karen and Chris) and AD (Roman) expressed significant concern about the working group's lack of energy and progress, noting a pre-established "January timer" for resolution.
    *   Evidence cited included slow CoSWID updates and the lack of engagement/updates for the Architecture document.
    *   The consensus among the chairs and AD was that the working group has "run out of steam."
    *   Hank requested that the CoSWID document be allowed to complete its process.
    *   Kathleen requested that Adam Montville be given an opportunity to provide input on the Architecture document's fate, given its ongoing implementation work.
    *   Discussion ensued about the future of the Architecture document, including suggestions to transition the work to Pace/OCA or to publish it as an Informational RFC with a more limited scope within the IETF to provide an artifact for the working group.

## Decisions and Action Items

*   **CoSWID Document:**
    *   **Decision:** The CoSWID authors (Hank and David) will make a strong, clear, and coherent recommendation regarding the IANA registry naming (`swid` vs. `coswid`) and other outstanding issues.
    *   **Action Item:** Authors to provide an updated draft, addressing all of Roman's comments, to the working group mailing list by the end of next week (aiming for mid-November). This update is crucial for proceeding to IETF Last Call.
*   **SACM Working Group Closure:**
    *   **Decision:** The working group will move forward with a plan to close.
    *   **Action Item:** The chairs will send a message to the working group mailing list announcing the plan to close the working group and solicit any strong reasons or commitments for keeping it open within a 1-2 week period.
*   **Architecture Document:**
    *   **Action Item:** The chairs and AD will follow up with Adam Montville offline to discuss options for concluding the Architecture document, including potentially down-scoping it, publishing it as an Informational RFC to provide an artifact for the working group, or formally transitioning the ongoing development work to the Pace effort within OCA.

## Next Steps

1.  CoSWID authors to submit the updated draft addressing IANA registry naming and other feedback to the mailing list by **end of next week**. The goal is to get it through IETF Last Call for potential inclusion in the December 14th telechat.
2.  Chairs to send an email to the `sacm` mailing list announcing the proposed closure of the working group, inviting feedback and commitments to keep it active.
3.  Chairs/AD to engage with Adam Montville and Michael to determine the best path forward for the Architecture document, considering options such as an Informational RFC or transition to Pace/OCA.