[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cacao] Comments on Playbook Requirements
Works for me. Thanks. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ From: <cacao@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com> Duncan â thanks for the comments. On #1 -> I agree with the change. It is the intention is not in the words of what you suggested that we allow such extensions not just vendor ones. We can update the rquirements in Rev #2 after the ballot closes. On #2 -> In general, I feel that this requirement is just a *should* not a must anyway. The requirements document probably overstates it as required based on the majority case. The simplest solution to making progress is that we
just change the requirement from must to a should in the next rev. If others want to add additional language on the cases you raised, please suggest the exact proposed text. Otherwise we will do the minimum edit possible to address your (valid) concerns. Regards Allan From: <cacao@lists.oasis-open.org> on behalf of "duncan sfractal.com" <duncan@sfractal.com>
I apologize that I have let my voting rights lapse. If I could have voted, I would have voted yes with comments. My comments are: In section 2.2, Interop 2, Extensions: I propose changing âSupport vendor-specific extensionsâ
to âSupport industry-specific, enterprise-specific, and vendor-specific extensionsâ. My logic is the previous bullet says âSupport
deployment and use within an enterprise consisting of different vendors. Allow sharing of playbooks between enterprises with different environments, solutions, and vendorsâ. I agree vendors will want to specify how to meet
generic needs with their specific technology (the original wording) but I think that users might also need similar customizations (enterprise-specific) and that the ISACs/ISAOs might similarly also need customizations (industry-specific). In section 2.10, Sec.2, Transport: âAll requests and responses must be conveyed over a secure (encrypted and authenticated) transport protocol
such as HTTPS (but not limited).â â I think there are more cases than specified and not all cases in all situations have same the requirements.
Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ From: <cacao@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com> As mentioned on the working call today, the Requirements and Terminology documents have been posted for ballot approval. Both documents are committee notes and are stakes in the ground on what our specifications will deliver on. The minutes from the call including the slides will be posted shortly if not already done. For anyone not on the call today we would highly encourage you review the slides as we will be delivering a draft specification at the next working call. Allan From: <workgroup_mailer@lists.oasis-open.org> on behalf of "tc_admin@oasis-open.org" <tc_admin@oasis-open.org>
"Approval of Playbook Requirements Version 1.0
WD 02 as Committee Note Draft 01" has opened.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]