Nancy Cam-Winget (ncamwing@cisco.com) June 2015 SACM Requirements Nancy Cam-Winget (ncamwing@cisco.com) June 2015

Status Draft v06 published in May 20, 2015 Draft now in WGLC Github issue status: 19 open issues

Remaining Issues for discussion Non-repudiation: Section 5 is only place to mention “non-repudiation as out of scope for SACM”. However, debates on definition of non-repudiation in thread Discussion: Does it need mentioning or just remove line? Do we add new set of terms and definitions in Terminology draft for: integrity, origin of data, confidentiality, authentication and authorization (all of which are SACM requirements of sorts)

Open Issues - 1 Section Note Suggested Actions/Comment 5 Non-repudiation: “non-repudiation as out of scope for SACM”. However, debates and disagreement on definition of non-repudiation in Github thread Does it need mentioning or just remove line? Do we add new set of terms and definitions in Terminology draft for: integrity, origin of data, confidentiality, authentication and authorization (all of which are SACM requirements of sorts) General T-XXX to OP-XXX: suggestion that all Transport requirements be OP requirements Need group consensus as (Nancy) believes either (or both) could provide security;e.g. Operations are distinct from transport 2.4 OP-004: and OP-002 read very similar. Need to have clarification and consistancy with the architecture. Suggestions are needed to address this one. 2.6 T-001: good suggestion to clarify on transport layer requirements Editor totally missed this comment in GitHub and should accept the recommended text.

Open Issues -2 Section Note Suggested Actions/Comment 2.6 Clarification of intent in section as “transport” can be TCP/UDP vs. Data Transport (tho none were cited) vs. general transport ala TLS, DTLS, RSYNC Editor suggests making clarification that intent is for network transport protocols which are TCP, UDP and security mechanisms e.g. TLS, DTLS are more to address the transport requirement. 2.2 Discussion of whether there is only 1 SACM information model vs. many. Consensus was to adopt only 1 information model but many data models. Would like consensus to close this issue or suggestions for required action. 2.4 DM-010: Attribute dictionary is covered in IM-001, suggestion is to remove this or reshape this requirement to clarify that a DM can define additional attributes which are not part of the IM and there are clarity requirements on these new attributes . Would like consensus as to which direction to go. Editor’s not clear that having the allowance of additional attributes and “clarity requirements” are enforceable or the type of guidance needed? If the latter is chosen, please provide text.

Open Issues -3 Section Note Suggested Actions/Comment 2.1 DM-006: - s/(e.g. Provider A)/(e.g. a specific collector or evaluator)/ In DM-011 - Is the data being shared by a provider endpoint, or is the data being shared about the provider endpoint? Editor should accept suggestion. Recent response to Jim, I’ve suggested adding “e.g. in the case the provider is the target endpoint” to clarify that the data is shared by a provider. But the origin could state that the provider is also the target endpoint. G-009: questions on Discovery intent of discovery of schemas vs Endpoint Discovery is of target endpoints. Editor can update Discovery to state “a mechanism for SACM components to discover…” in G-009 and retitle G-010 to “Target Endpoint Discovery” along with matching descriptive text. Where is data integrity provided? We discussed as it can be part of data operation/data transport or network transport. But we didn’t conclude on actions to take.

Open Issues -4 Section Note Suggested Actions/Comment 2.1 Replace “data attribute” with “attribute” Editor missed references in G-005 that need updating. G-003: continued discussion relating to transport. Modifications were made to the Transport section to clarify this. Can the commenter further suggest how to address this comment? Or group suggestions? G-001: future vs non-standard extensions discussions. Modifications were made to remove non-standard extensions as it is covered by “future” extensions. Can we get Jim and Lisa to agree that this comment has been sufficiently satisfied to close? 2 General comment addressed but editorial needs to be resolved: You need to be consistent on the use of period vs colon at the end of the pity paragraph title. Accept editorial edit for consistancy

Resolved issues still open? Section Note Suggested Action 2.5 OP-003: suggested sentence was added: This requirement SHOULD NOT be interpreted as preventing a collector from providing attributes which were not part of the original request. Sentence was added but issue is still open? OP-002: suggestions to retitle was made Collection Separation is now Collection Abstraction per the suggestion. But issue is still open? 2.4 DM-001: suggestions to clarify intent was made parenthetically to state example of the model element. Editor accidentally removed the pithy title (Uniqueness), which should be added. But can Jim Schaad comment on whether the addition satisfies his concern to close issue? 2.1 Reference to data elements removed from this section. Not sure why this is still open? 2 Step 1 from -04 draft was updated to no longer “define the assets” but rather to “map them”. Also asset is defined in the terminology draft.

Next Steps Provide actions and feedback to WGLC Editor can generate new draft based on consensus