search

sacmwg / draft-ietf-sacm-terminology

SACM terminology aligned with best practice definitions, standard references, and terminology definitions of other work groups
Other
2 stars 2 forks source link

Definition Tasks #28

Closed henkbirkholz closed 6 years ago

henkbirkholz commented 8 years ago

1.) The way it is worded at the moment, the tasks "Attribute Definition" and "Policy Definition" in the definition of SACM tasks could imply that they are conducted manually (especially "Policy Definition") and not necessarily conducted by a SACM component. This seems to be in contrast to the other tasks, which are all conducted by a SACM component.

Is this intentional? Is a SACM task always conducted by a SACM component? Does every SACM task have a corresponding manual counterpart?

2.) The name of the SACM task "Attribute Definition" could be misleading. No attributes are defined, but a subset of defined attributes is aggregated in a list (that is called attribute definition at the moment).

adammontville commented 6 years ago

Can someone (@henkbirkholz ?) figure out where this is coming from? I can't find "Attribute Definition" in the current or previous draft.

In terms of the bigger question: Are certain "artifacts" not necessarily conducted by a SACM component? I think the answer is yes. I think activities like defining a policy (i.e. like a CIS Benchmark or a USGCB checklist or a DISA STIG) are largely manual processes. There may be some cases where certain recommendations could be inferred by a SACM component based on different guidance (but at some point the guidance relied upon comes from an organization, which is likely to be a manual process).

What is the action to be taken from this issue?

jarrettlu commented 6 years ago

I looked at version 13, 8, 5. I didn't fine the terms "attribute definition" or "policy definition". I assume it means the task or process of defining attributes or policy. I agree with Adam that some policies are defined outside SACM, and the policies can be used by SACM for posture collection, for example. I presume SACM can define internal policies too, e.g. on how SACM components should work together, but I don't have a good example.

I believe this discussion helps our understanding. I don't see the need to create "attribute definition" or "policy definition" terms yet.

adammontville commented 6 years ago

Jarrett, I agree. I'd like to close this issue if there are no objections.

sacm commented 6 years ago

Hi,

I agree w/ Jarrett and Adam - let's close this issue.

Cheers,

Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com Jan-April: 579 Park Place Saline, MI 48176 734-944-0094 May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434

On Wed, Apr 4, 2018 at 9:55 AM, adammontville notifications@github.com wrote:

Jarrett, I agree. I'd like to close this issue if there are no objections.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sacmwg/draft-ietf-sacm-terminology/issues/28#issuecomment-378608379, or mute the thread https://github.com/notifications/unsubscribe-auth/AKbE0WxZ3QlHX9ffMIlArpwqYKyDo24Vks5tlNDjgaJpZM4HLxf1 .

sacm mailing list sacm@ietf.org https://www.ietf.org/mailman/listinfo/sacm