Michael, my comments inline below – thanks for turning this round so quickly, I’m happy to do the awkward Word editing now…
Cheers,
Peter
From: Michael Willett [mailto:mwillett@nc.rr.com]
Sent: 09 March 2012 11:41
To: Peter F Brown; 'Dawn Jutla'; 'Sabo, John T'; 'Gershon Janssen'
Subject: RE: PMRM Draft - next steps
Importance: High
My inputs: I am including these in a separate note so that you can quickly say YES/NO; the next pen holder (Peter?)
can insert these changes. Of course, I can do that, too… you know my reputation as a brutal editor??
- ACCEPT the deletes related to PII in several places; in fact, accept all word/phrase inserts/deletes
[Peter:]
OK
- “boundary object,” a sociological construct that supports productive interaction and
collaboration among multiple communities.
Just delete the word “sociological”. No need to be historically precise; ‘boundary object’ is not a core PMRM
concept, but a good analogy.
[Peter:] OK
- Peter’s mods on Figure 1. Plus, I do not think the UML look is a problem; just clear/clean.
[Peter:] OK, I’ll continue using the current diagramming – maybe an explanatory para would help, walking readers through the figure(such
as explaining the “Concerns” box…) and underlining that the diagram is not a formal model. It does beg the question however: if this isn’t the PMRM model, what is? And how is it represented/encapsulated? Suitable point for discussion on Monday I think…
- Accept Task 8 insert; reads OK to me. Add a short sub-bullet in box 2 in Figure 2.
But, change the wording of the Example to match the flowing example (EV etc).
[Peter:] Agree – who can take a crack at that?
- Task 13 example? None?
[Peter:] I think we need one, as I mentioned on the call: the idea of internally-generated might not be commonly understood…
- inset new task between 16 and 17:
Task 17: Conduct Risk Assessment
[Peter:] OK – but we do need an example, IMO…
- NO example needed for the original 16 or 17. Delete Example box.
[Peter:] Agree for original 17, but for 16, I think we need some text to clarify Goal and Context – and probably an example: this could be
the lynchpin Task of the whole methodology…. I think te example text you provide at the end of the message is a good basis…
- Task15:
Identify the Services that conform to and satisfy
implement the identified privacy controls.
I would like to use the word ‘implement’ above; shows we have passed over into the operational phase, even at
a high level.
Delete the “conform to and satisfy”.
[Peter:] Hmmm, not sure – sometimes privacy controls are expressed in less-than formal language and more like policy directives or needs
– in applying and using the appropriate PMRM service(s) there will sometimes still need to be someone/thing assessing/checking certifying even, that the service truly does conform – I don’t think enough privacy controls are directly implementable, they are
in the ‘ecosystem’ space rather than the system space (to use some SOA RAF language).
Example (based on the previous Tasks/Examples):
Example (input/output from Task 11)
Internally Generated PI:
Current EV location logged by EV On-Board system
Outgoing PI:
Current EV location transmitted to Utility Load Scheduler System
Conversion to operational Services:
Log EV Location -
Validation: EV On-Board System checks that location is not previously rejected by EV owner
If Location is previously rejected, then
Enforcement: notify the Owner and/or the Utility
Interaction: Communication of EV Location to EV On-Board System
Usage: EV On-Board System records EV Location in secure storage, together with agreements
EV Location transmitted to Utility Load Scheduler System (ULSS) –
Interaction: Communication established between EV Location and ULSS
Security: authenticate the ULSS site; secure the transmission
Certification: ULSS checks the credentials of the EV On-Board System
Validation: Validate the EV Location against accepted locations
Usage: ULSS records the EV Location, together with agreements
[Peter:]
Good, thanks
- Task 16:
Identify the Functions that satisfy the selected Services
Example (see Example in Task 15)
Usage: EV On-Board System records EV Location in secure storage, together with agreements
Function: Encrypt the EV Location and Agreements, store in on-board solid-state drive
EV Location transmitted to Utility Load Scheduler System (ULSS) –
Interaction: Communication established between EV Location and ULSS
Security: authenticate the ULSS site; secure the transmission
Function: Establish a TLS/SSL communication between EV Location and ULSS,
which includes mechanisms for authentication of the source/destination
[Peter:] Good – we do need to explicitly map these to the specific PMRM services as described and named, so that readers can follow…
Michael
From: Michael Willett
[mailto:mwillett@nc.rr.com]
Sent: Friday, March 09, 2012 10:11 AM
To: 'Peter F Brown'; 'Dawn Jutla'; 'Sabo, John T'
Subject: PMRM Draft - next steps
Good progress in the TC telecom. Strong support for going forward.
The next steps involve resolving the open comments and missing
elements in the latest version, then submit for an electronic TC ballot
to publish as a Committee Draft.
I am drafting the Example for the assign Service section, but
in a separate one-page doc.
Who should have the pen for consolidation of the inputs? Peter?
We want to get to the voting draft quickly.
Michael