Internet Engineering Task Force 100, 15 Nov 2017

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF100-SACM-20171115-0930

Description

SACM meeting session at IETF100
2017/11/15 0930

https://datatracker.ietf.org/meeting/100/proceedings/

A

B

It's actually 9:30 should I wait. Think the Dave's.

C

Gonna ride in the next.

A

D

B

We're just gonna wait a few more minutes for some missing folks that we think are yeah, show up.

C

B

Okay, welcome to the SACU meeting. If you weren't intending to be at sockem, you should find the correct room, so sockem 100 IQ have 100 singapore note. Well, everybody should be really familiar with this at this point.

B

Go find it online. If you can't read this fast, we have note takers in jabber scribes, all right.

B

Working group status, I'm gonna, let you start the stat you're gonna care and starts it now now out of your starting status and then you're gonna hand over.

C

E

On I like to bash the agenda, a little.

C

E

Or is it good time, alright, yeah so on this agenda? Doesn't look packed so I wonder whether it's possible at the end, to spend a few minutes to kind of talk about the terminology yeah, the second technology.

E

B

Well, bash the agenda and we'll add a discussion about terminology after the hackathon report and before the way forward, conversation.

F

Good all right so uh status, you guys can hear me. Okay, I can't tell if it's going over or not status.

F

This is the status I, don't even know what the status is at this point, but the recharter yeah yeah we've got that moon forward. Thanks.

F

G

Good morning so.

G

I'm, sorry, clearly, your chairs have not had enough caffeine or something this morning, so this is the second working group of as we've already indicated. First of all, we are three chairs today, because Adam is departing and Chris is coming in. So first of all, we would like to thank Adam for his leadership over the years.

G

And the recharter is with the iesg. We have some comments on that that I believe have been copied to the list as well as to the chairs. So we will be submitting some updates to that and.

G

Beyond that, the rest of it, we will discuss in the way forward when we talk about what our next documents are. So that is all we have for wayforward Steven. You ready.

H

Hi Dave Walter Mayer one quick question before before Steven were you planning on covering draft status as part of now or the the status partner at the end? Maybe for next steps draft status draft.

G

Status, we're gonna cover under work way forward next steps: okay, but we didn't properly coordinate. There are now well coordinated.

I

I

No problem: okay, I'm Steven Bankart with NIST I'm gonna be providing a little bit of a cross working group update first and then using that as a lead-in to the sockem draft here that relates to that so I'm gonna be talking about the Rolie girafft. That's in Mile, resource-oriented lightweight information exchange. This is just a really brief update on its current status, so that everyone here is aware of that says it does impact a couple of the drafts here in Sakon. So next slide, please that's.

I

All the slides now off to summersault before they exit.

I

Okay, so the Rolly draft in Mile is currently an IAS G review. We were navigating a few remaining issues that were blocking the discusses of that draft. As of just a couple days ago, we have resolved those primary issues and we are now fully expecting those discusses to be cleared as soon as we post a new version of the draft in the next couple of days. So the current version that is in mile is version of 13 once we post 14, that will be the one clearing the remaining issues and hopefully with any luck.

I

That is the final version. We've had really great review so far from iesg ad last call. All of those steps we've had a great number of editorial changes, a lot of great review and a small number of minor and normative changes and I'll cover some of those briefly I. Think on my next slide. Go there I didn't so I'll go over it really quick. The primary change that we did to clear the discusses on that row. Leak or draft was removed. The Ayana registrations for the dot, well-known URL location.

I

This instead is going to be moved into a new Rolly service discovery draft there's going to be a new document that describes how one might actually locate the Rolly repository, and if you want to hear more about that I'm going to be talking about that draft and talking about the changes in detail and mile which I leave is on Thursday.

I

Yes, Thursday afternoon smile. So if you're interested in hearing more about those changes, you can come there so onto this draft, the back one, sorry I didn't actually make it to that slide. I went on a tangent. This is the software descriptor extension. This is the draft that is actually here in sockem. This is an extension to Rolly that we've been working on here that covers the Rolly capabilities of carrying around software descriptor information. This is information like the ISOs wid format, although it is not confined to that format by any stretch of the imagination.

I

So this draft was since IETF 99 Prague adopted as a working group draft. So it's official title is now draft IETF sockem Roly software, descriptor, 0 0. We've continued to work on it made some editorial changes to the text but, most importantly, we've updated the extension to a new format. This is a standardized format that we're going to be using for all Rolly extensions. So the primary change in this version is: we've changed the organization of the document, so we'd really appreciate it.

I

If people can come and look at the new version of the document that was posted and just let us know if you think the organization and the flow of the document is something that makes sense to you and as always we're we're welcoming editorial stuffs. Well, can.

B

I ask how many people have read this document, the the.

I

Most recent version is from October 1. Ok,.

B

Ok, ok, if we could get some more people to read over it, it's actually very short. I know.

I

It's way less, it's like in terms of actual content, it's like 4 or 5 pages, or something like that. If.

B

We could get some additional reviews. This is really a quick and light one that would be spectacular. All.

H

Right, the review would primarily be organizational Dave, Dave, Walter Mayer. Just add to that I think at this point we feel like this draft is we've done most of what we can do with this draft. So.

J

H

Feel it's it's a pretty solid draft at this point. So if that helps folks, as far as reviewing the document, we really don't feel like we can do much more until we start to get more feedback on the document going for it. So this is just some encouragement for for more feedback. I read.

B

It Whitney only I found a few knits, primarily so yeah.

I

B

You know it's a short read, take a look. Thanks.

I

Okay, next slide. Another brief cross working group update the Caesar extension was also updated to the new format. So again, if you're making comments on the organization of software descriptor, that's super useful, because that is the organization format for all these different extensions.

I

We're looking for more review of this document as well as always review everything. It's really helpful for the for the authors of those okay next slide is that it no way forward right. So, just as we were talking about a second ago, we really feel like software descriptor is currently in a pretty good place. It's a technical description of this new information type. It covers all the necessary registrations as far as we think it does, and it really kind of describes the extension.

I

So at this point, we as the author's feel that this document has reached kind of technical maturity and we're just looking for review so that we can really kind of start to move it forward and find out. If there's anything, we need to change. So, if Chris, you said, you found some knits. That would be great. If we could, you know, get those start making some changes, get an o1 version out and and continue to work on that be extremely helpful.

I

So I think that that more or less covers my presentation topics as far as roli goes. It's a brief update here. If there's any questions, I'd be happy to field them. I think I have a lot of extra time for this segment. But if there's no questions, then that is all I have to give.

I

Okay, thank you.

K

So Kathleen Moriarty walking in at the end of that not having full context. This is for Roli, that's already beyond iest review just or something.

I

K

I

Gave a brief overview on that rolling in the beginning, this.

K

Is different, this.

I

In particular is for an extension that we're working on here in Sandin Sakon. This is uh okay.

K

Alright, thank you. Cuz I was gonna ask well what are you setting for a few times, but it doesn't matter yep.

I

Yep, it was just adopted as a working group draft, so we're just looking for more review on it.

B

Frank data in control, plane, security, baselines.

L

How do I write French ah good morning, okay, so.

L

Yes, it's mine, yes, okay and I'd like to introduce some of our starting work about the network, security stages or poster collection of the some networking. First in network infrastructure devices such as the uterus, which I think this is maybe uh maybe a natural extension of current a second walk in the future. So we proposed here and hope to get your suggestions.

L

Okay, so so, okay, let's start from the motivation okay, so we don't know that in last idea meeting we have some discussion about the panic, the poster assessments through network information collection and from our understanding. It's it's. We.

M

Can we can use our current.

L

Ciccone architecture and the protocol to two more things: to help the network operators to monitor and evaluate their network infrastructure security. So.

M

L

Our an idea- and we try to do something here so here we, the network infrastructure vices. We mean that you know the uterus, which firewalls those devices- okay and the the goal is to collect the security posture to do the assessment of the devices as a software vulnerabilities in the configuration it's totally.

M

L

Same as previous same second work for the enterprise devices, right, okay and and I think it's also aligned to the second. We try to work its cover data collection and the mess during part of the new work. Okay,.

L

So the the overview of this draft is first today we want to mention why we need this kind of mechanism for the network infrastructure devices, because we all know that country for the for the security circumstances of the network. Devices is serious because there are a lot of unsafe. A sex channel exists here.

L

So how can we protect them, such as a telnet SNMP, the previous version- and we all know that tcp/ip is a very open network protocol and it's a bring us a quantity, but also it opens a lot of attack in attacking the face for network devices. So can we protect our what us is more okay and then the network and the device is becoming more and more complex.

L

So that's another program that we make our security become more harder and the another key point is that the Coverity, the traffic processing capability, mismatch between the date, the data plan and the control end of the device. So, based on these readings, we see that if we have some kind of automatic monitoring and posture assessment and mechanism for the network devices, that will be good. So so the objective of the mechanism is to identify the stress and the vulnerabilities of device, such as unnecessary services and the instacart in insecure or configuration and abnormal.

M

L

M

We can enforce.

L

Security high during.

M

L

On them, we can update our software patterning.

M

L

The security configuration and to a lot of things to harden the network security device so do I, saw security, sorry and nice lights are.

N

There Frank, oh sorry, just a good question. Actually, maybe not a quick question. Ok,.

M

N

The panic mailing list there was a: what is the boundaries of that? What's panic is doing and what's going on with the the egg push that was one of the last messages.

N

Is there anything you can talk about with yang push the other thing this plays into to sort of the stir, stir, Hank and Nancy a bit is the idea of athis station, and is there any talk about how panic in ER relates with any attestation, as well as a device push so I'm just trying to get the idea of of where that's going, because the panic list seems to have gone fairly quiet recently.

L

Yes, I think yeah, that's a good comment and I think that's all the question we need to consider later together, because right now we we just from our vendors perspective that we think that we needed those information to be collected and evaluated to to access our network device security but today and how to do it. I think young push is a very good me Canada and we can paste on that's one of my mind.

L

That's one point and the secondary I think I also agreeing that with you that attestation is very important for the whole work, because if we, if we just provide the information- but we can not count in that information is integrated and it has a trusted base so that we're influenced the the the operators charter that they, this information is useful. So, yes, we need to consider all these program as a whole and.

O

L

Okay, next slide, okay and from from our forest prospective way we divided the the network, devices, security, posture or security baseline into into this architecture foster day, we have three layer, the the foster wines application layer, which means that we need to assume the security of the network devices application layer such as those web application security and the the the how.

N

L

The data sensitive data in devices and how to do the privacy protection and a lot of singing application there and another important in the party is a network layer. Okay, so this layer are just to consider how to protect the network resources and their service, so we can use the second the second we can attend to collect it in and then based on the collective attacked we can hire in the configuration in the studio's connection. So for this layer we have three controllers: three plan, controller and Italy and the manatee plane.

L

They all cover their respective features. Security related features, awared use later, ok and the last one is the infrastructure layer. This is more about the device itself and the operating system running on the network. You Isis, so we also care about their security. So these are the from all understanding that we should appear about. We should we should study on this work. Ok, next slide. Ok!

L

So so, yes, I, think this I think is this page adjuster can answer some of the questions we want this work based on some existing technologies, such as we use that we think that the young push and notifications a sub pop mechanism is very useful so here to help us to to flexible and inhale you the way to collect those information, and then we also want to because this work is finally used by the Saku Saku architecture. So.

M

L

To matching or how to translate the network poster information to the secona information motor, so we need a broad, I think, Hank, as tom has already a good start on this direction. He has a already has a draft on edge, so we can work together with his draft to to deal with this program so and another very important thing that we need to do is that, because these are all related to the network devices information.

M

L

With information on information security information by using the young Loder, so we need to identify the existing young mother in you know: United. There are a lot of young motoring for for different part of network devices, so we.

M

Do not need to reinvent the.

L

Same thing, so we researches a young category log and all the ITF young drafts to try to avoid do the same thing as then. So the way we have introduced our finding in next page, ok, please!

L

So in general, there were good news and the bad news for us know for Socko, okay, so possibly for the date plane hit, play and young mother, young, okay, Ted play and security posture, young mother and with such the other existing your mother any place. We don't find the existing and about this part. So so right now, in order after we leave the some awful point that we think is important for the networking devices security.

L

They are the air to protection, so how to to the Mac limit, how to suppress the Burin traffic and the up protection? Okay, it's related to upper abs, preferring and apps flooding, and you are PF and the DHCP snooping and how to protect the devices control.

M

L

To do something in data.

O

L

Avoid flooding or the DDoS attack to the device and how to detector the MM, fragment or Martha on the packets and to just that, if cut it in and that's just from a very initial idea of wrong or perspective, I think that we think that is not complete, and maybe it's some mmm it's just very beginning stage. So we hope that later we can refine them and we can simplify or add more useful information here next page, okay and about to the date plan.

L

We also write our also write our control and story control in security post bit align your model, but for this drafter we ran way after our search of the current existing chapter, we find that most of them are already covered in the in several charts. For example, the PGP is already covered, OSPF is MPs kitchen DTS and all this are covered in existing draft, but we also identify some some some missing content in those draft, so I think for us. Our strategy is that we can contribute to to those exceed those existing jobs.

L

So that's our current idea, okay, so the next steps we counted. We want to, we think we can to further work to simplify the current data motor, because a lot of details may be not needed for it, and also we can. We should consider how to combine, where, with current young push and the notification mechanism and how to work together with us, working in the scope of sockem so based on the stock confirmation, modal, and maybe we think that is incomplete information.

L

So there are other essential part of the security baseline can be added later so so we're coming for. We well yeah will become any more comments and Makoto's to work together on this direction. Yeah. That's all.

B

Any questions how many have read the draft.

B

About six, seven.

I

Hi Steven Bank are just a quick question, so I I have read the draft. I was just looking over it again and I just wanted to ask a quick clarifying question about. Maybe if you could state, but what exactly are the goals of this draft? Are you attempting to just register new yang modules, or is this trying to do something more than that I mean? What's the what's the goal of this? Yes,.

L

Okay, I yeah, that's a good question. um I think our ultimate goal is that we want to based on the current Sock'em architecture, to collector the security posture of the network devices, because from our long-standing current ii, work only covers how to collectors enterprise devices security posture, but how to extend their. They can fit the existing work to the network scope. So that's what we want to do, because this is just a zero zero version of charge.

L

Oh, we can only say that Calgary, we provided some raw materials here, and we think that this information is useful to help us to assessment at the network status of the security studios of network device, but how to use them and how to collect and how to evaluate it. Then how to do the smart filtering of them I think there are a lot of work need to do.

M

L

They own in the scope of Sock'em right, so that we need to do okay,.

I

Good, so in the document there's all these defined modules right so is it. Is it fair, then, to say that what you're doing in these drafts is defining yang modules? That line up with the sacrum information model is that what you're trying to do.

L

I think so! Yes, yes, because if you see my last page, your next steps I need to do the alignment to the calendar. Second information motor, so that kind of information of the provider, a lot of good structure of the endpoint attributes and the poor. In the statement.

M

L

Think that we're that's a very good lie, a pitch line that we can pass on it and the to define our more.

I

For week we are reference, it yes, yeah I, just think Kathleen's comment that was put up on the slide as a good one. Is that there's a lot of yang modules out there yeah.

J

Remember everything right: you just want to make sure that.

L

I

You're doing is not just doing that again and maybe hey.

L

Yeah yeah I will avoid it. Yes, okay.

M

Yeah good morning.

M

Yeah I think the term baseline is just a little bit confusing at this point here. So this is. This is about security posture either. This is the attend. I get from this presentation. That is not about baseline security. It is about the crying specific security posture from network devices that you know, yeah right.

L

M

That you want to input into the second security automation domain. Yes,.

L

M

The yang modules are supposed to be the interface for this additional information that is probably or maybe not yet covered in the information model of second today or unfortunately, as you put it, this is the bad side is already covered and other yang modules have to strip it out. So next steps are, is that is making basically order in the draft and find out what is redundant and safe from that and find all viruses distinctly new, and if that is missing from the information model, make sure I met you there.

M

Yes, this is what I get and yeah. This is my questions. Yeah, don't.

L

Stand in totally correct, okay,.

M

You're, either at.

L

um Expert is thank you for correcting me, maybe my my English aerofoil posture, okay, yes, thank you.

B

Cristinaw co-chair hat off, so looking at the draft, you had a lot of yang data elements listed in your draft and it was more type information than it necessarily included what I would consider kind of a baseline. So you didn't give guidance on any of those elements to be set in a range you know turned off turned on, etc.

B

If we move kind of the yang type definition materials out internet comm, where it belongs, do you anticipate kind of building guidance about what those values should be ye.

L

No, no I I'm, not sure right now, because I think the most important work ago for this work is that we just want to collector or want to specify what information we need, but it's very hard to define. You know the what value we anticipated, something maybe some some part of them. We can. We can provide. So if we open or if it's turn on off in certain off but there's some some some some counter or something cannot be, give our only value to evaluate right. So I think it's is half of your requirement.

L

We can do some some very some very concrete. Where do we can we can give that part? Some of them, which is not okay,.

O

Hello Jessica from Huawei I'm, going to present as a security baseline for network device management plain- and this is a part of the previous presidential security baseline walk, as we all know that Sakuni neck network devices is a Chinese a and a crucial work for both organizations and the operators. So our purpose of this world craze true defines security baseline for network devices, and we want this.

O

Work can be fostered used in the security posture assessment and this document will focus on the multiplying security and we provide a data model one and we want to include in incorporate the best practices from the industry and that you provide a minimal set of Security's features for naturalize management plain and, as we all know, that they are already many work about llamado see in IDF. So we will reduce the exists in your models and provide additional models under groupings for the missing parts. Next slide. Please.

O

So this picture is the overall structure of our of this document. Change can be divided into four parts: user authentication and authorization system, management, security, lock, security and foul security, and at the bottom of this page will list the existing Llamados. There are two RFC's that has already published it about the security met about system management, and we can you reduce the security parts of these young models and the zerah. Also several drops led working on TOS ssh net account syslog anja is a el llamado next slide. Please.

O

So so this is our. This is a brief young tree about the user, authentication and authorization pathway divided it into three sections.

O

The first section is about user interface, security releases, three ways that are commonly used when we, when we try to log into the network device, we can login to network device by council, vty and the web for each type of the user interface, the authentication mode and the privilege level of the user should be defined to make to make access, control and also authentication and the flow vty user interface and the web user phase we reduced the the existing groupings has that are already defined, such as ACL rules and the SSH groupings, and the chiaroscuro means patch, such as already defined SSH and ETS groupings.

O

Many folks and their specific configurations there are some configurations, are lost, such as a saucepot configuration. So we we added is a miss impact of configuration and monitoring.

O

The second section is about authentication and authorization for users away, meaning folk sounds configuration of readers and taxes servers and as a secure communication between client and the server, and the last part is the user profile it meaning about the user. Credential configuration and the password complexity check next slide. Please.

O

As for the security and for the system management security, because they are already defined the young models which has to reuse the reduce the security parts of this young models next slide, please.

O

For lock, security and the file security were many folks out to a specters of the security on the log and the files that stored locally and another is the remote transportation. So so for lock, security remaining focus sounds the local, the local log access control and is a remote, remote security. We focus on the syslog security. This pad has been already defined, so adjuster reduce each and full file security.

O

We we focus on the security check for different types of files, such as Apaches packages and the configuration files and foremost for the remote transfer, where folks about the FTP, SFTP, asleep she and the FTPS. So next slide, please so.

O

This is a whole picture as this document chanda. Our next step is to try to refine the data model and we want to incorporate use of faster practices from the industry. So please review and give us comments about this, and now we will also try to combine this work with second frame work and to to to meet our goals to access the network security posture, and we also try to combine wins. The existing young push push and the sub pop mechanisms.

O

So so that's our work and please review and comment. Thank you.

M

Hi, this is Hank again, so the first thing that, after reading most of it I would say that the arm with both work groups, ii and itunes f, start to develop young modules to report about the state of the endpoints and security functions, and this seems to become kinda really redundant, because this draft here, for example, is, has a lot of overlap with the new data model for monitoring and I to NSF- and I think that's not gonna- be a problem for long because this afternoon everyone will meet in one room and try to work on the yang modules fun from IG or NSF and yeah.

M

I think, probably you will be there. I don't know if not because I can give you the point in time you can see if this works out and yeah, we have to make sure, maybe just create one reporting yang module that can be used for subscribe notifications and use them both workgroups, probably because seriously some of the stomach's identical. So that would be a good way to move forward. I think at least that men and.

N

I, second, that one other thing it's really good to see is a couple. Attempts ago we talked about the use of yang, push and I'm glad that sacrum is listening and and adding it we're trying to take yang push to towards working group. Last call and a lot of the impetus for this is going to be the users of this, whether it be sockem I to NSF DTN, and so, if there's anybody who would like to see and usually I can push and get it to. The last call to be great.

N

If you could come to Netcom tomorrow, to be able to say bring it to last call so that we have users saying that they they're ready to go so coming home when you, when you want.

H

So Dave altameyer so I'm definitely not an expert in yang models, or you know what's what's out there, but in reading this the one thing that I think is missing. That may be useful to inform some of this conflict resolution. Discussion is is around you know. It seems like this is motivated by the fact that there's some missing stuff and and what's currently out there as far as the a models and and so I, would like to see more analysis around.

H

You know, what's what's missing, and you know why there's a need for more work in this in this space. I think that would actually be helpful to inform and maybe engage other other folks within the yang community on you know what well what's needed to really fill the gaps that you're you're trying to it to address so maybe would be worth writing a draft that instead focuses on instead of focusing on new work would focus on.

H

You know where, where where's their missing pieces and an existing work, that needs to be filled in just an idea and.

O

Thank you, I have a brief analysis in my draft and thank you for advice. I will and add more analysis about our work, to make it more clear. Okay,.

L

Just add some clarification to that question. I think this manager, plan and Java is the Aruban motion. Actually we noticed this program that we country what we are doing. It's already exist in some some young related attracts. So we do the brief analysis, just like Choshu said and then I think we should the two mode of this work to give an overall picture of what is missing in current existing young model. That's that part of the work, but that's not all, of the work, I think for the core of our work.

L

We want to do this working second, because that we think that stuck on is a very good place to to the the end-to-end and network security post, your collection and assessment, so that doesn't mean that the doesn't mean only the content. We what we've content we need so, but also covers the mechanism how to how to process this message, this information, so how to collect and how to evaluate then I think there are still a lot of work related to to these Network Devices how to how to manage isn't so.

L

It's not I mean that you're right. We need to do the old analysis, but we also want to give our complete solution for the network device security posture yeah. Yes,.

B

Hanck Europe.

B

Chairs say this is: what happens when you don't submit swine? Thank you for slides.

M

This is very appreciated.

M

Next slide. Please.

B

This is the entire deck.

G

M

I'm Hank, Adam and I were the champions of the second, the combined that come second hackathon project of the ITF 100 and last time for a quick recap: we for the first time combined the yang push technology with the XMPP quit broker draft technology that is incubated in Maya, and so what we did. There was a static combination. We had two participants of vendors.

M

It was for y from the People's Republic of China and Cisco from the States of America and both provided how we are in their own locations, so we were basically live connecting across the globe and aggregating that information. We are subscribed, notifications here, they're in Prague and fed that into the second domain for the post process, man that is defined by the at the moment expired architecture.

M

This time we addressed the new items that are defined for the we chartered for the new charter of second, which are, if I remember correctly, messaging variation and collection, and so most of it is about collection orchestration. But this, which is the messaging all of them, include the term orchestration, which is like a meta. All of that. So this time we are focusing on discovery of target endpoints.

M

This is done assuming that we are addressing network equipment primarily and that network commitment is supposed to have yang interfaces active and those are then again yang push capable. So the way forward was to have a route network device and then crawl through the network by discovering the capability that a network device can find its own neighbors in the layout who broadcast domain, we are lldp and CDP or CDP and has a corresponding module yang module capability.

M

We then query that so subscribe to that we have new other slides now, I'm surprised, okay, I mean knowing that and and yeah. Therefore, we can define new management plane interfaces for other devices. Again we have a capability given and subscribe to appropriate modules and therefore discover the complete technology if it is enabled with CD Pol ADP. That is one step. The other step is that we orchestrate the collection, so we provided or created our first second repository, the second phone, which is the imperative guidance repository in this database.

M

Basic key value store, we find device type device model and potentially even the IP address, which is easiest thing to do at first and then find out by a manually configured value which capabilities are interesting or defaults to subscribe to in this device. Type device model combination, so probably you're interested in something else when it is a just a purely a to switch, then if it's a full-fledged carrier-grade router so again that this is guidance what's to collect from a specific type, mother and yeah. These are our two basic accomplishments.

M

I think we focus on orchestration or on static configuration, and we created offers repository for our guidance in this case, imperative guidance and yeah big I think we want a tailored price that is targeted at CrossFit group collaboration and considering that we now create the days and our third binding to yang. That is not net current and not restaurants. We hope that we can even show feasibility for the comai binding of yang crush even next year in London, I.

M

Think, yes, oh there's my crowd report on the hackathon second kind of combined hackathon project and the first question.

P

Rob engineer you seem you it's less about the hackathon, perhaps I'm, not tracking the documents enough. The term impair imperative guidance has been used a bunch of times. How is that different than normal guidance read.

M

The terminology please and now I- will answer the question and imperative guides is telling you what to do. It is, for example, it can be. A subset is typically configuration on the management plane. It is how a device also behave. It is making a device change its behavior. In this case it makes the collector do specific collection operations on specific device types and models.

M

The contrast to that is imperative. Sorry declarative guidance. This is um guidance that tells you how it should be. So if the temperature, for example, is as a threshold of 50 and it's always at 60 you're violating declarative Gardens. So therefore it could be that, for example, the term policy which is like overloaded and burnt term here and the ITF is declarative guidance. Also, you can define the courage of guidance via description logic, languages and, if John stressed nervou would not be here.

M

He would be basically at the mic and tell us how this is done, but there are existing solutions to do very sophisticated ways of defining imperative guidance, declarative guidance and intend. It is a third category, but here starts just stops. My expert knowledge as a John says, never be the one to ask at this point.

H

Hey Dave Walt Meyers. You mentioned that there are existing solutions in their space. What what draft should reread that relate to to this work? Could.

M

You please specify in this space he.

H

Said there were, there was existing workaround imperative and declarative guidance which, which draft should.

M

We read I'm actually not sure how much of that went into drafts already again. I would contact John stressed not offline I. Try to send him to you and Stephen yesterday, I'm not sure that of successful, because he was writing slides. All the time is that he has was working on actual solutions in all three areas. So um I guess we should go and ask him. I mean.

H

This is sockem, though, so it would be useful if we could actually get some of this work. You know submitted as drafts here.

M

Maybe there is, there is a draft called something-something capabilities in the I to NSF the ECA. The event condition action model is described in detail there, and it includes some of the variations of the intent and declarative guidance. Language. So I would read that draft first and order to get a little bit familiar with. The ECA model is used to aggregate hierarchies, offer event, refinement or notification, refinement and I to NSF yeah.

H

So could you could you post something to the list, maybe sure.

M

H

These drafts um yeah I think it would also be useful for those of us that are not I to NSF experts to understand how that more closely relates to the work here in sockem would be. Maybe a couple of ideas on how could happen would be posting a quick summary to the list talking about how the work relates, or you know, or writing a draft talking about how okay.

M

Yeah I will not have the time to write a draft for that, but I would recommend everybody to join us at Butterworth at 5:00 p.m. today. Although it is a small room and maybe I should not invite anymore I reckon he said it's a small room. We are already a lot of people there, but I would again start reading existing drafts and I to NSF, which are always so.

H

I've done that I mean there's just a ton, there's just a ton of words there and it's not clear how.

J

H

That work, you know directly relates to the Charter here and and Sock'em so I.

J

M

H

Looking for some help to better understand that, maybe.

M

From the top of her head- and please correct me if I'm wrong, I heard the target of goal in second and the second working group to create an evaluation language are to adapt an existing one. Is that correct, I think.

H

That's what we intended here. Yes, exactly.

M

And exactly that point, the ECA model comes into play and I would focus on specifically that sections in the capability draft of I to aniseh, okay,.

H

And you're gonna send an email, pointing I will just type an email to my keyboard. Thank you.

Q

H

Q

One edition action top of that there's actually discussion in MRG currently actually is also similar to that busy regarding how how intent of policy, how service models, how all those things actually relate. There was like a big discussion on Monday regarding this and there's also actually a draft on this. Perhaps the imperative and declarative the guidance are some things to do also after the discussion month anyway.

Q

I just wanted to find out that there is this after also going on, and actually when you go to the intimately page view see, you will find a draft yeah.

M

The the problem here is I think to build a general solution without a very specific problem. Domain failed twice here in the ITF and now nobody is doing that anymore. So every working group no starts its own version of it, and now people find out hey this somehow always sucks in looks similar, which is a conundrum, so basically really know this, and finding out that our problems are similar, helps us to create an actual lightweight combined solution.

M

The hips every working group may be an extensible one that is enabling every working group to achieve its a detailed gold rules, and so yeah I think it's very, very good advice. Maybe you also could point through the pointer of that and sure.

Q

M

Here, so um that's it maybe I. Should these slides, I'm, not sure okay. Thank you.

B

M

Our seriously didn't episode at the time.

B

Yard you want to do terminology bash.

B

Thank you. You can go find another mic because I'm sure you're gonna get up.

E

So, since Prague I don't think we have done any work in the terminology area for second, and maybe due to a couple of reasons one is we talked about, you know, the working group is recharging and you know there are new drafts coming out and we're spending more time in hackathon and cashing out some ideas, and you know what works and and what not.

E

So, given that you know there are interactions and in the interest and and or humilation ship with I to NSF group and the second, and they also have you know overlapping concept, which kind of a similar.

J

E

I just like to sort of get some guidance or suggestions as how we should move forward in terms of you know, second, technology, whether you know we should combine or mean to me at the moment, I think it still makes sense to have a separate terminology draft for a second and we can revisit that decision later. If you know, if we want to move it, you know merge it with some other drafts. We, you know that doesn't preclude that and I think.

J

We should online.

E

Things with it--when and that's a half working group when appropriate, and we should avoid to have conflicts there. So you know I just want to see whether people have such as streams for us moving forward.

G

M

Hi, this is Hank, yes and also I. Think that we cannot merge the terminology draft at the moment with any draft, because there is none. All of the relevant drafts are and expired, I think the architectures are expired and the information models expired. So I'm.

J

Happy that the terminology is.

M

Not expired, this is due to as we are working on refactoring a version of the architecture, but it is simply accumulating too much work on my side. I cannot were also the hackathon was more important to find out and through a future feasibility from okay. This makes absolutely no sense, and that really helped follow us through iterations now, and it will have a very good effect on I think both the x-pyr drafts and the terminology.

M

That's the only thing I can add here. Otherwise, I would fully agree with Jared's.

R

Hi, this is Nancy, so I just want to say the terminal terminology draft is important. I, don't have any strong opinions about convergence merging, but just as an FYI as I am working with now a new co-author on the XMPP grid, which, admittedly is a mile. We found it helpful to reference the terminology that is currently in sockem to help clarify the intent that what we're trying to do.

G

Okay, so at the highest level, is what I'm hearing is. This document is important and it's not moving forward and Hank is focused on the hackathon, which is great, is.

G

Is there anybody who would like to be editor.

R

So, okay, shamefully I'm an author in that too so I guess I need to go back and see what the open issues are, because I didn't think there were that many things that we needed to address so I should look and pull my weight. I think we also have a volunteer for.

M

S

J

M

Caron was pointing at Adam, who looked very, very happy, so, yes, it is moving forward. It is just not moving as fast as it did due to the reasons Jared just said, it is not intended to stall. All is basically effectively not finished yet and I think that the alignment work in the data models that we are now aiming at will also consolidated the terminology. More also, it helps that John, Cessna and I are off of the iPhone is F terminology.

E

I think the trapped is supposed to be an evolving sort of jobs, as we call and even.

J

Within different.

E

Drafts with unit ii, including the we chartered the new charter in.

J

E

Terms like imperative.

J

E

And things like that and is actually defined it there, so that sort of a says that you know we need a reference yeah.

M

So- and this is just an observation- absolutely do not- and this is literally want to point as all this is not trying to state an opinion. Just a question maybe are an observation.

M

And I think it's I don't know the extra charm out here there are non-essential drafts, like I don't know like a problem statement or so that it should never be pushed to is gb because I forgot the term. I'm sorry they're supported supportive draft support rafts and those should never be pushed to the is she because it is a gateway function? They are overloaded by that and just would see the context and combine drafts, and I try to understand and read the definition of support raft and it seems the terminology is not covered by it.

K

So Kathleen weary one clarifying point. The word never was not part of the statement. It is up to the working group to justify why something might need to be published and there are split views amongst the iesg and, of course, with a turnover in March I. Don't know where that split will move to right. It's been on our trends of disliking support documents, more and more, it could swing back or it could swing even further to disliking them.

K

It's just encouraged to have them the wiki based so terminology. We don't see these too often coming through it's fine. If the working group wants to publish it, you know I will happily support that and and move that through, but it's up to the the working group we often see them combined with other documents, so.

G

I have sort of two questions about that. One I know that the the the concept of the wiki based document is is something I've struggled with, because I feel like we put it up on the wiki and then nobody ever looks at it. Nobody knows to find it I, don't.

K

G

Which wiki documents have actually proven to be effective for starters, yeah.

K

I would rather a dead draft than a wiki document. Frankly, right.

H

K

So you might use your sockem wiki to point to expired drafts or, if you want to, if you think it's important to have them published, so that the broader community using these specifications coming forward, really need them, then just make that clear and myself or subsequent ad will fight for that right because we are. We are here to support the working group. All.

G

Right so that the second question then well another question that popped into my head: actually, it popped into the ears behind these two of them. Can you reference a wiki or expired drafts in a published RFC? No.

K

Of course, not okay, you can owe expired. Drafts yes, expired.

G

Drafts you can but a wiki. You cannot write.

K

Right and it would be an informative reference, but it is it's because it is stable. Okay, right we archive forever wiki's.

G

Are not stable, so what I had asked at the last meeting was that we at least keep at the last meeting. There was a conversation around you know. The terms that were in the terminology document were not. You know, weave. Those terms have evolved somewhat in the conversations with the I to NSF and this group that were working on terminology, but that wasn't getting rolled back into the draft and.

K

Yeah, that's fine I.

G

Would I would prefer to see if it's a living document that we're not quite ready to publish I'd prefer to see it have regular updates, yeah.

K

And not to you it's to.

G

Hank or whoever ends up editing, yeah.

K

And when you feel it's the right time to publish that I would advise something like a terminology. Document is coupled with a core working group document so that the iesg is reviewing them on the same, tell a chat so at least there's some coupling and yeah.

G

That makes a lot of sense. Actually thank you. Yeah.

K

I have to breed a lot of these things, so.

G

Yeah I mean I I, like terminology documents, if they, if they don't become like a pit of despair in the development process, right.

K

Now I shed exercise.

K

All right, thank you, did this answer your questions.

M

Just one last comment: there's a strong opinion about the terminology draft at night when SF, so everybody's arguing about this I think I train myself is using it differently.

M

I think they they want to have a stable before moving other drafts forward and and I think we are doing a interfacing with institutions and between developing solutions, so it will at least become stable, I hope and we have a finer working Lascaux call for the architecture, because then we're stuck with that and then most of it will not change any more then there if there are actually additional terms defined.

M

Those can go into the specific, very specific solution drafts, apparently because they are not in the general terminology, so I think if they're coupling it, my first gut feeling will be coupling it with the architecture draft.

G

Right so this goes back to my pit of despair, comment. I think.

G

Sometimes done is better than perfect and so I think we need to not I mean you can change things. You can publish updated RFC's, but if we wait forever what.

M

Is the problem with coupling it with the architecture waiting forever? What does it mean.

G

I tell you what.

M

G

My opinion, the problem with coupling up with the architecture is I've, been hearing rumors of an updated architecture document for a while and it hasn't actually appeared. So there is no architecture document to couple it with right now. Well,.

M

I will not reiterate the history of how we dealt with the architecture. It was not best way to do it. So, on the other hand, I think it is not a pit of despair. It is that shining beacon of hope, so I'm not varied about it at all.

G

Okay, well I'm, okay,.

M

G

All honesty, I'm not worried about it. I just I think we, you know we need to get an 80% solution out the door and yeah.

M

But the solution.

G

Is the architecture.

S

In this case, the.

M

Terminology is to make sure everybody is consistent. The architecture is the pit of despair. Sorry and.

G

I'm but we're getting ready to talk about way forward and we can talk about the architecture at that point. Okay,.

R

Means again, yeah I mean, as the author of the architecture draft pitted despair. True I actually stopped working on it, because I sensed and not sense I got feedback that questioning whether it was useful or agreement. So, if there's belief that there's use to it I'm more than happy to bring it back and move it forward,.

G

Right and actually, as a working group, we decided to park it right.

R

Oh sorry, okay, I kind.

G

R

It softer so the girl decided to park it, which is why I stopped working well.

G

I just started this whole conversation by using the term pit of despair that I have immediately regretted, but great that's fabulous.

R

So let me rephrase it I'm more than willing to continue to move the architecture forward. If the group believes we can now unpark it how's that.

G

G

Let's get to that, so our next portion of the agenda was to talk about our way forward.

G

Right so the way forward in, in my mind at least, was to go quickly over our current drafts and then to talk about the Charter and then to talk about our definition of milestones. So is that your way forward.

B

So so here are the current active drafts in the working group. None of these and someone can tell me I'm wrong or in last call so.

B

C

B

We so Hank, you have Co swayed.

B

You have the pen all right, Dave's already getting up.

M

Hi this is Hank yeah I made a big updates with the Kosovo draw that is visible at the editorial version.

M

Unfortunately, time moves on when you work, so I was twenty seconds late at the submission deadline, and then two days later, I got a review comment from my co-authors, one of my co-authors, including 112 comments and 50 changes, and then I thought maybe I just postpone submitting it a little bit and then incorporate those first.

M

So luckily I did not commit because the other next commit would be another. Bigger change. Also I need to work with Dave on this, but I think we have a work session directly after this so um yeah. It is making very good progress and it is a viable solution for suit. Also Satine.

B

Any additional help, or you guys have it under control, it's just a matter of time and fingers, two keyboards. It.

M

Was my form of getting in soon again? We had a lot of things on the plate in the last iteration, Dave and I, and we soon spiced so I think we can be better than this and this. This is not the problem that the content is actually quite clear and quite understandable and going forward, and it is about just doing it now. I mean if you compare the editors version with the submitted version on the github, and you see the significant additions that are already in I.

B

Haven't looked at the github version, but okay I can.

G

You you said you pushed update and missed the deadline. Can you just go ahead and push it, publish it oh, never mind.

H

De vuelta mire so yeah I'd like to get this curse. Word document done me as far as milestones. It would be great if we could aim for a working group last call on the draft by the next meeting, because we've been working on it for awhile and I. Think we're getting to the point where you might be addressing new use cases around curse web, but we can do those and an additional drafts I think it's important to pull the trigger and get the core done as soon as possible. So.

B

Does the update still in code include using Co app and ah the one that's on there has has co-op as transport?

B

No that's all gone. Oh.

M

ah Document definition has nothing to do with transfer and transport in. You think you're confusing things here at the moment, the term Co app does not mentioned once.

M

Maybe you're looking at the wrong graph.

B

Maybe but I'll check again the document yeah no worries.

G

um Hank I know perhaps I was looking down or something, but you have changes to make. Did you give us a time frame for when you if those changes would be done? I'm really sorry I was listening. I promise.

M

Okay, with a little bit of grease and good work, we can do this in the next two hours after lunch, oh and then submit it. No perfect I think it's possible. I have fun. It's Mike. I have one comment to make.

M

We use a lot of attributes that align with the ISIL standard and some of those are not as well defined or useful at some points make sense as it should be making. So my current thinking is, we will diverge from some of these definitions and make them better I'm, actually more useful, so but this stuff that I have to line with Dave, who was also involved in creating the ISO standard, and we have to prune everything.

M

That's actually we can prune, or maybe we can have to live with some definitions that are just there because they are commonly accepted.

M

My biggest problem was that the current of Weber schema definition from ISO makes absolutely no sense. It is broken in so many ways that you can define switch that are basically no sweats, and so we want to concise, with definition that doesn't have that problem and I think also. There are some implicit definitions somewhere in the text or somewhere in the XD, that I never explicitly defined and I think gave us our best expert on-site in this domain.

M

I think I really have to swim with him in order to make a decision, and so yeah I think we can do this today. Probably I will give a 79 percent guarantee. Okay,.

G

So how about we'd say end of the week.

M

After today, I cannot work under any more. My time schedule is so full that I have read litigated every lunch to me.

G

Immediately sorry, I suggested.

B

It's maybe going out to the folks on Jabbar. Does anybody have updates on ECP.

F

Hey I can talk about that a little bit so UCP, I think, is ready to be updated. We're going to. I think the authors are debating what kind of diagram they want to include in it if I understand correctly. So it's something that can happen on lists, which is why it wasn't a presentation about it today that.

I

Makes any sense so danny has posted to the Jabbar in response he says: Jess is still making updates to uplevel the draft and make updates based on changes to Schwimmer I. Think the plan is that we will take some open issues and bring them to the list. We are updating the diagrams to.

G

Okay for the swimmin document, it went to working group last call. It has. The working group last call has concluded I believe, according to the authors, that all of the comments received have been addressed, and so our plan is to send it to the isg.

G

B

Raleigh's software descriptors, although I think you kind of already touched on this.

I

So I don't really have anything extra beyond. Basically what I said at the end of the thing just waiting for review for people to look at it, I'll probably go over it with a microscope and see if I can get some editorial changes to make before the next IETF posted zero one. So if things continue as they do now, I'll probably ask for a last call at London at.

B

I

I'm thinking at but yeah Dave.

H

So so, given that we feel like we've done pretty much all that we can, this is Dave altameyer, given that we've done as much as we feel like we can do on this draft.

H

Unless we get comments from the group, we don't expect to make any additional changes really, except for maybe a few minor editorial things. So would it be worthwhile to do a working group last call on this document as a way to stimulate more review.

G

G

Yeah, if the authors don't believe, there's any substantive changes coming, they don't have a list of issues they're trying to address, and that would indicate the document is mature from your standpoint and what we need are more comments. I do.

I

Not believe that there's any technical changes that will come from the authors, barring any review, so, okay.

G

Is and so you said, no technical changes. Are there any editorial changes you want to do before we do a working group, less call. None.

I

That I want to do right now, no I I have looked at the document. I have no editorial changes. Okay,.

G

So apparently there are some knits that.

I

G

Kris plans to send to you, if you could so we'll do the knits. If you can update the document, then we can issue a working group last call for folks in the room or how many people have been reading this document or following this document any.

I

Version of it any.

G

Version of it, hmm okay, I did overhear the count. I heard overheard a comment last night at the social, which was no comments on the mailing list is worse than negative comments, and so I would strongly encourage people to comment on the working group last calls you.

I

Could be mean to me I can take it. That's one review all.

G

Right so we have a way forward with that one excellent.

B

That terminology is the other one. That's still a working group draft and I think we've already beaten that horse, so I'm not going to go there again and I. Think that brings us up to I'm, not gonna, go over expired drafts because I'd rather talk about where we stand with charter.

B

So we submitted the recharter, has I know a lot of people participated in in working on the language. That's in the Charter.

B

What I don't I, don't actually know how to frame the conversation.

G

So all of the so the Charter has gone to the iesg. We've gotten some comments back. The some of them have to do with. We aren't quite clear enough in some of our language, so Chris and I worked for a while yesterday on editing a little bits of it. This is not making any substantive technical changes to it. It's just trying to be a little bit clearer in the language.

G

The one thing that we did get feedback on was that they would like to see some milestones. The milestones are not actually part of the Charter they're actually separate, but we do need a concise set of milestones, so I guess what I would like to see is a discussion about what our milestones are, because the list of things that we work on well, primarily, the feedback was boy that list of things that you're going to work on is pretty abstract, and wouldn't it be nice if it were more concrete, so there's a couple different ways.

G

We could do this. One way we could do. It would be to go through that list of work. Items will include from the Charter and discuss which specific documents might map to those that people are planning on or are currently in the process, I'm open to suggestions on how to do this without getting into a lengthy architecture, not not specific, not sockem architecture, but a lengthy conversation around it. So thoughts.

G

Okay, can you just bring up the draft, then yeah.

G

That's it right. There I just want to.

G

Yeah I just want to go down to they go down down down down so specific war at work. Items may include the following. That sounds vaguely like milestones. We need actual milestones to map to this.

H

Well, you were doing that. One thought crossed my mind based on what you had. This is Dave altameyer, based on what you had up on the on the screen. I think it would be useful, maybe to descend coast, wid and really software descriptor at the same time, because the software descriptor references coast, wid and- and you know, since they're related and concept, it might make sense to tie those milestones together.

G

Alright, so swimmer now coast wit and Raleigh descriptor, when the two of them are ready to go and.

G

Okay, so looking at the Charter, the.

G

First, work item to find a way to provide three types of imperative guidance to the correct sacrum collectors.

G

Milestones for that I.

G

Yes or a draft, or is this something we're going to have? We have these work items, and so what I want to know is what specific documents I mean. The milestones can evolve and change over time, but it seems to me that we ought to have an idea right now of what these drafts are going to be, and some of our drafts already map into this, but or do portions of this, but.

M

So this is Hank hi, first of all, without a stable architecture. This is impossible to do. Second of all, I think that the yang push. What we do is in the orchestration of filter expressions for young push and subscribe. Notifications is a wait who orchestrated structions so yeah. That will be a draft, become a draft but I don't know exactly when it depends on I.

M

Think that yang the essential yang push stuff is in working last call so I would everybody who is interested in this line here with the yang expressions should be maybe visiting that Kwan and comes from I? Think was the expression.

G

Okay, go ahead, Dave.

H

So I was I was just gonna, respond to the first first point about providing different types of guidance. So we we have Roli as a general purpose method of allowing any kind of guidance to be retrieved for use, and we've been working on information types with enrollee to define specific types of security, automation, guidance that can be, you know, sent to a collector. So an example. Draft of that would be the configuration descriptor draft, which is a current personal draft.

H

There's also the software descriptor, which I think speaks more to like what to collect from Target endpoints, which is I, guess number two.

H

Which target endpoints to collect from sounds to me like it's some kind of command that needs to be orchestrated and number three. How quickly after an attribute change needs to be collected, sounds like a policy around around collection.

H

Those are things that that could be also provided using using roli. We haven't specifically been thinking about what that would look like yet.

B

Go ahead so, as.

B

The observation seems to be that there's a lot of work going on with kind of yang malls coast, wood, etc. That to me feels like mechanisms to enable collection which I would kind of think of you know if I look at some kind of vertical stack of operation. Those are methods that are at the very bottom and then I, look at Raleigh and I think boy, that's kind of at the top.

B

It's a method of kind of sharing and distributing that the middle seems really really fuzzy still, and it's not clear to me that and I think the hackathons have helped a lot.

B

But it's not clear to me that, where we're coming from on top and where we're working at from bottom actually know that they're going to a single spot, I think we're in I think we've gotten to the point via hackathons that were that we're going to the same neighborhood at least that that's positive I'd like to end up in the same house, and you know feel free to disagree with me on that. But that's kind of my impression at this point now: okay, Adam go.

F

At a Montville contributor, I guess at this point right so.

F

Yeah I kind of feel like the collection we've we've got so to me, like the second line here, define extension of IETF Nia to collect to deliver information. You know from from that thing, that's actual collection, how we express the guidance for that I, don't think we have anything really set, even if we have Roley to deliver it, we don't have anything set for that. Yet right so so we are going to need a way to express that I.

F

Think Dave you mentioned I, can't remember exactly what you mentioned. You mentioned like a configuration.

F

Try would you called it? Thank you.

H

Dave altameyer, so this text says to find a way to provide three types of guidance, and so that's why I was speaking to two Rolly I. Think I. Think it's your point that we we do need to get to, and this is maybe, where the squishy middle, that Chris was talking about, comes into play. We do need to get to defining what that guidance.

H

It looks like at some point, but until we get to that point, it doesn't necessarily have to stop us from working on the mechanism that can provide that guidance and- and in fact you know there are existing proprietary forms of guidance out there already that can be provided using a standardized and ISM like Roly, so I think, there's value and and focusing on more of those kind of information exchange mechanisms without yet standardizing the specifics of the information that will be exchanged.

B

I'm- okay with that, so so now, let's pivot, that back into milestones. So to me it sounds like you know: it's gonna be really hard to write guidance until we know what the middle looks like, we can make some version of progress on collection and understand. We have a bunch of different mechanisms that look like they're moving forward on collection. We have some mechanisms that look like they're moving forward kind of on sharing.

B

We can potentially, in my mind, set some reasonable targets around that and then there's the hard work that needs to be done to be able to define how we're going to talk about after we do those collections in different formats, how we create guidance and repository to be able to work on that middle part. Does that sound reasonable to people?

B

F

Adam yeah, that sounds reasonable, I mean let's put a stake in the ground. Go that way and we need to change. We change alright.

B

So so we have so Hank you're doing. Your comment was that you know: if we're gonna do the yank election, we need to really have yang push get to last call. So if that comes up for last call this meeting, then you know. Presumably we can have something a little firm for whatever that means by next meeting on on yank election. Does that.

B

That you know the.

M

B

So firm means that if you have working group last call on Yang push, then a lot of the ambiguity comes out of what you can write for your yang push collection, and that means that say bye at least by London. We can have something that we can really argue about and that by Montreal we could potentially anticipate last call. Does that seem? Does that timeline seem crazy, I.

M

We could write apart that this architectural and defines a control plane procedures of how to orchestrate. As that specific part, yes, it would be a portion of a solution that is adhering to a non existing architecture. Yes,.

B

Can we cut collection from orchestration to some.

M

Extent, yeah, that is two sentence: draft use en coche.

R

J

A question about attestation: would that be scope to include that in this chatter or we just wait for or is it part of something else to collect attestation data of all the collection things that is being proposed in this charter?.

B

Under that, I have a good answer, but folks who want to stand up Dave Hank anybody.

N

Just add to that I think attestation is very interesting and if you're trying to do continuous monitoring, knowing that you're monitoring, something that isn't hacked is a plus.

R

Eric, it was hard to hear you, but um so sorry, Nancy I, think the answer is yes from the standpoint of our Charter is talking about posture, guidance, collection, assessment and so from that perspective the type of information, whether it's a testable or not, I would think is in scope.

R

But that's the NZ's opinion I would.

B

Think so, I'm jumping in line Hank I would think you yeah attestation is in scope, I think there's a nuance between when you collect data. That's attestation versus just data collection. Attestation comes with some kind of you know, kind of security bound. You know ability to assert the the level of trust in that data, and it's not clear to me that the goal isn't to be able to collect both and put them side-by-side.

M

Hi this is Hank, and this is my IOT director and TCG. There is a head on. It happens to be that I'm kind of familiar with attestation and I think today the rats email list will start it's a non-work email list of about remote attestation, which, for example, is I, think they're talking about here and not at the station and I. Think. The important things for second are the conveyance of evidence and not attestation.

M

You can do attestation with that, but I think what we and second can do is create security posture, that is evidence or collected, but we are not in charge of creating it and we are not in charge of appraising it.

M

We are solely in charge of producing a thing that is producer processing it because evidence appraisal by a verifier in a remote attestation procedure is super complex and it would be I, think half of a complexity we already created in second already and just saying yeah, we're going to also do that is a huge scope creep so, but be very careful how we, how much verification, that's or appraisal we are very thick verify. We include here.

H

So Dave Walter, my rat, so I, don't think we're actually working on attestation here, at least in its entirety, but it seems to me like we're building some of the building blocks that could be used as part of an attestation solution and and right, and so so in my mind, some of those building blocks that we're working on here is a method of collection, which is um you know something like yank push I'm, along with the yang models that you know we're collecting data for, and it may be useful to create some guidance around what yang models to use to collect from what devices I think that's kind of what Frank and company are are trying to do.

H

I think. Another thing that we're trying to do here is define a method of evaluation. So when you've collected data, you want to be able to figure out if that matches some expectation, some expectation, and we we have some ideas on how to do that. That evaluation, how to make a statement of what's expected and had to compare that against what has been collected and then I think we're also talking about you know providing data-driven guidance we like to use terms like imperative and declarative and and and and and all of that.

H

But what I think we're trying to do is where we're trying to both describe and provide the the data that is necessary to have a data-driven approach to to collecting the posture to performing the evaluation and- and so those are the pieces that I think we're talking about here. In very simple terms,.

H

Is there agreement around that I.

B

Don't know if I want to chair hat off I, don't know if I want to define a method to do to do evaluation more than I want to provide infrastructure that lets people develop evaluations to a method that allows people to develop guidance.

M

Hi, this is Hank I think here we could maybe used to actually use it from baseline. So maybe second provides a set of baseline evaluation capabilities, and then you can build on that. Okay, I heard a lot of ie. No, no, no here next to me, neutral parties and just the thought. Just a comment also I, don't know, really know what data-driven means so, meaning that we.

H

We we don't want to heart code into tooling what is collected and what is evaluated. We want to allow a.

H

Policy- or you know some other form of expression, to be delivered to the tool that that will then drive the tool to perform different types of collections, different types of evaluations. We want to make that more more dynamic, I think that's been an ongoing thread in our SATCOM conversations.

H

We we don't, we don't want to pin the two down there. Yeah content-driven is what is what I'm saying I.

M

Can totally understand content-driven if you define information, types and content types, enumerate them and then somehow tell you how they're related and should be and compared, for example, I'm. Absolutely fine with that. This gives structure to the process, but but just saying yeah, you should be free to do. Compare everything with everything is like doing nothing, yeah, exactly, there's a problem we are trying to solve. So if you have a list of information types and content types, critics economy- maybe with that and then say this type of information typically requires this.

M

In this type of information order to be evaluated, then you can have an abstraction with content, type definitions and then see what fits, and that makes total sense. If there is data driven, I'm hind that, yes, that's what I mean.

R

So the clarification is data driven is really content driven.

H

Karen can I tie that back to the love.

G

For you to talk, that's exactly what I'm looking for here! Actually so, when.

H

We're talking about providing guidance, I think it's where we're talking about providing that content. You know that that can be used to drive collection, that that can be used to drive the evaluation and we're talking about you know developing the mechanisms that are used to provide that content.

H

So when we say to find a way to provide three types of guidance, what we're saying is we're talking about the mechanism that provides content.

H

Right, and so we Adam just said, we need, we need to define what that content. What that content is right.

G

So I mean put yourself in my shoes: I need to enter milestones and so I'm. Looking for a document that says this because that's what milestones are in the IETF right.

C

H

So what I was saying before I was proposing that we that we can use Rolly as a method of providing that that content and that we work on drafts to describe information types which are, you know, classes of content that that can be provided over Roley, and that may be at some point in the future, we'll get to defining the form of of those specific kinds of content. But that's not a that, doesn't necessarily have to be a priority right now.

B

So, okay, so what we've said if we? Let's? Let's look at those milestones right so so? Coast wid early 18, Rolly software, early 18 right I, put down a place marker for ECP in mid 18, okay,.

B

The the types of collection we've talked about gathering so far in the working group include PT absolute, so right so ECP is, is the you know, posture attribute near posture attributes right. We have yang data models, we have swig.

B

We've talked about you know, separately, like WMI, is actually in the Charter and.

B

What was the other one oval, so that gives me five different raw data formats coming in for collection.

B

Given the history of sockem and the religious war that breaks out when we try and pick one of those I'd like to put a place marker down where we talked about how to not pick one of those and how to only do the minimum amount, we need to do to be able to walk across them and define the metadata necessary to go from one to the next to the next.

M

Sounds great that would be something to connect.

M

I, think that is the the information type content, type of correlation we just were talking about. This seems to be the metadata. You just mean meant yeah, but there has to be things to connect in order to draw a line and I would I am here and that the mic I wanted to highlight- and maybe I didn't push it to the list, because I was tired. I pushed the first yang module force which submitted it before the submission event.

M

Actually, no, it's an individual document at the moment, but I will push it to the list, because I've actually forgot that that just became to me that there is a yang module for self identification now I, but I forgot to tell you about it all right. So.

G

Nancy, you wanted to say something.

R

Yeah so I was just going to add: we've been talking about the different data models that could connect for that content, driven either guidance or collection, so I can bring back. So Roley is one way to Express pieces of the transfer.

R

The other way to do it from okay, don't kill me in a synchronous way. Publish/Subscribe mechanism is to either do it through yank push or from a collection and brokering I can bring back the XMPP grid.

R

So in this list, what we're missing is some of the transfer protocols. I'm just saying XMPP grid would be one of them. Roley could potentially be one of them as well right so Kerri and I'm just trying to answer your questions of what's the work that we need to define right.

L

For an adjuster, I I, don't I'm not very familiar with so many existing mentor connection, mentoring, second volley or other thing, but adjustable as I want to see that for for for our Wender network device, when the country we we we use widely used young, you know young Tatum, odor and the net company can even to push you to collect our security, the configuration information so yeah, that's our current condition and and another content.

L

You know what raft is all implemented in audio isaacs, so I think that's a very we're major thing that we can standard. So that's yeah.

B

They will take it.

F

Okay, good I, don't know how to say it. I want to say like we need some kind of like wouldn't want it. We talked about the different transfer mechanisms right like what I think the ECP I think: okay, there's you know we're collecting some stuff. It gets sent up to a server and then ECP I think actually talks about storing into a repository right.

F

What, if XMPP good, is part of that, then do we need to expect an interface actually like to that repository so that then there could be the point-to-point connection or there could be the that through XMPP grid way. You know what I mean like to me.

J

C

F

Need to expect some interfaces so yeah.

H

Nancy and I were just actually having a brief sidebar about wanting to do something like that. So maybe that is something we could do it.

B

So we're writing it down 18 or fall.

F

Say there again what.

P

B

18 or fall of 18.

E

F

H

This is Dave again one of the things that I think we need to come to terms with in in this draft is I, think, there's a role for guidance to be exchanged between organizations as well as within an organization and the the transports that we may want to use may may vary based on on those those needs, as well as the discovery mechanisms. The the ways of you know initially determining where to go to get those versus tracking changes that are occurring within repositories.

H

So one of the things that I've thought about over the longer term is you know, roley's, really great, for discovering sort of an initial set of content that an organization may provide, but it's not great for identifying changes that are occurring as they occur. You know within within that repository, and so maybe there's a way also to sort of connect together, Adam pub for syndication and XMPP for notification. As part of that I think Peter, st.

H

Andre had done a an early Adam pub draft that was talking about using XMPP, so that could be maybe work that we could resurrect, but I think the Adams point. We first need to kind of define the ecosystem I think more in a more useful way.

H

B

Volunteering Adam I just.

F

Want to agree with all that, inter intra organization, kind of thing,.

J

F

I think I'd like to tackle like the simplest cases. First I don't know if that's like a Captain, Obvious kind of save it or what. But you know what I mean like I, don't want to think too hard about the edge cases. I'd rather get something working on a simple case and then iterate over that.

B

So chair hat on I'd like to continue that the hackathons provide some, you know drivable moments for us to actually resolve issues and make tangible progress that informs kind of you know draft writing. You know and what we can build so I kind of agree with Adams, keep it simple, stupid and then we'll add on the complexity later.

F

G

I think we've I think we've sort of taken this conversation as far as we can take it. I I still find it a tiny bit frustrating that were unable to identify concrete milestones and spaces, but I I.

H

Think we can get to that. This is Dave I, think we can get to that soon and I think we actually do have some that we that we can continue to work on like, like the configuration descriptor work, like the you know, like some of the ongoing you know, Roley work that work that we're already doing I-I-I think we should also maybe add some calendar milestones for doing things. As far as more more hackathon work I'd like to see us I'd like to see us get better, though about.

H

About getting knowledge out of the hackathon work and I don't mean to take us from The Shining Tower to the pit of despair here, but you know we we're doing a lot of interesting things in the hackathon, but I don't think we're doing a good job at communicating all of this integration work that we're doing across all of these different groups. You know to in a way that that folks, that are not intimately involved in the hackathon can actually understand.

H

We didn't have any slides at this meeting to talk about the work that we did at the hackathon and that would have been a really great way to actually brief people about. You know this is what we did, and these were the successes that we had, and these were the problems that we found, and these are the things that we think should be worked on and I think that's a missed opportunity. I think we should. We should find ways to do more of that. So.

G

I agree with your your comments about it would be nice to get more out of the hackathon and I think that there's a fair amount of good work going on, but if I were to take myself outside of this working group and look at the Charter that we've submitted with these high-level work items and we can't define milestones that map to those work items that just that to me is a logic disconnect now.

G

Maybe we can get it resolved shortly, but I to be honest, I thought this would be like a five minute exercise and we would go down through those work items we're like okay, this maps, to this this maps to this this map. So this may be done and now we're twenty or thirty minutes into this, and we're not done that's kind of it shouldn't be this hard.

K

Kathleen Moriarty ad, thank you, yeah, that's a concern and it will be for the isg reviewing this I have this slated to be reviewed on Friday, but it sounds like you need more time. Well,.

G

That was I mean I would prefer to have it reviewed and done on Friday I mean we it's been floating around now for months. Can we.

J

G

If we as a working group, can't define you know five to ten I mean it. Chris is busy over here typing, so maybe so.

K

I mean if we can get the milestones to me by Thursday night right match back to the Charter, and it's it's real clear that you and Chris work I think that's going to help the rest of the IETF understand what sacrum does write the comments you're seeing from the IAS G is it's a little nebulous? They don't quite get it all right and it's because it's a space, none of them have worked in so I. Think it's our job to make it clear to them the importance of this work and showing the concrete deliverables.

K

I only got up to talk about timeline, and really you know you guiding me as to when this should go before the iesg again right, because I had slated for Friday, but I can push it out. I.

G

Mean I would like to see us I would like it to remain on the agenda for Friday I'm, not willing to give up on that quite yet great and I'm not saying that the milestones that we have to define have to fully flesh out every one of those work items. But there needs to be a clear mapping between these abstract work items that we've defined and concrete milestones right may I'm, not all of them, but at least.

K

A good portion of them right and the milestones can involve they don't have to be tied to a charter review. So if you get some main core ones that you know where the current go forward, that's fine! You can add more right.

G

But you know, as part of the Charter I mean it was clear. I think it was Benoit said: where are your milestones? I will.

K

And I think taking heed to Benoit's advice from the interim call. You know in terms of reuse of existing technologies and making that very clear is going to be very important to him right so showing that in the milestones, I think you're really careful to make sure that's done. Thank You Hank.

G

M

This is Hank yeah, just connecting to the requested from Benoit I think that it's kind of easy, because this is the work I, think we have the most concrete progress made in and Eric I think you would agree with that. So this is very visible and then addressing Dave's comment. First of all, I we have hackathon slides.

M

We could have just pulled them up. Second of all, I was at the LCF meeting on Friday ended a PR interrelationship presentation of en coche in our work. In second year we have slides net conf that highlight the hackathon output. We have slides and core that elaborate on how this will be done in kamae. We have slides in this interesting research.

B

G

M

The visibility is high at the moment higher than ever and Hank.

G

I, don't think this is a point worth dwelling on a lot. I. Think Dave's point was, it would have been nice to have just a slides here. That's fine! We don't, we didn't, have them we'll move on, no need to Gus it any further. It's not on, and it's not only on you Hank.

G

Yeah Adam is up here accepting responsibility, so you're not gonna talk about slides right, no.

H

G

H

Talking about milestones, so this is Dave we we actually have don't. We have milestones for some of the existing work that we haven't yet yet completed. So we we have probably three or four drafts, for which we already have milestones right right.

G

But we're putting in a draft charter with eight or nine work items and no milestones associated with sure.

H

G

A few while stones associated with them right, that's my only point, I mean if we reach our during. We ought to be able to list what our milestones are for our recharter.

H

G

All right so so I think we've had a fair conversation on this I think we need to continue it on the list. Chris is busy over here typing up a list of potential milestones and I'm sure he will email it to all of us shortly and we can discuss on the list, but I mean they don't have to be specific draft names, but they need to be a you know like four or five or six words. It says we're going to do something: we're going to do a document that addresses this.

G

All right any last comments on what's on the screen. Oh.

R

This is Nancy, so just a nitpick not clear to me that ITF does api's. So when you say data interchange, API is I, think you mean interfaces gssapi.

B

G

So any other last-minute comments, excellent, thank you all and please, please contribute to the milestone conversation on the mailing list. Thank you. Thank you. Adam.

D

T