henkbirkholz
commented
7 years ago Addressed by differentiating two types of guidance in the definition:
-
declarative guidance
-
imperative guidance
The only non-trivial and discussion-worthy exmaple we could find in regard to "configuration is transported via the management-plane was the use of a DHCP client by a target endpoint.
The conclusion was that the configuration here is the DHCP configuration stored on the DHPC server and the configuration to use a DHCP client (and not to configure an IP address) on the target endpoint. The result of this configuration is the creation and synchronization of lease files, which represent the resulting state of a (typically) randomly selected IP address to be used by the target endpoint for a span of time (defined by the configuration of the DHCP server). If there is a static association of a MAC address used by one of the target endpoint's interfaces and an IP address provided by the DHCP server, this results still results in - now rather deterministic - state on both sides (the successful distribution of the pre-selected address).
I will leave this issue open to allow for comments or questions.
adammontville
1.) As a basis for discussion, the current definition of "Guidance" includes the following three examples: "Configuration", "Profiles", and "Policies".
Is configuration guidance? The assumption is that guidance – in the context of SACM - is machine-processable, because the architecture draft (3.1.3.1) states that "A collector consumes Guidance and/or other Posture Assessment Information". The terms Guidance, Configuration, Posture Assessment Information, Profiles, Policies have to be better aligned and defined.
2.) The current definition of "Guidance" also highlights that guidance is transported via the management plane.
Is that correct? A related question (do we need to distinguish control plane and management plane?) is raised in Issue https://github.com/sacmwg/draft-ietf-sacm-terminology/issues/3 Management Plane vs. Control Plane.