Software Inventory Message and Attributes (SWIMA) for PA-TNC
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, The IESG <email@example.com>, Karen O'Donoghue <firstname.lastname@example.org>, Kathleen.Moriarty.email@example.com, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'Software Inventory Message and Attributes (SWIMA) for PA-TNC' to Proposed Standard (draft-ietf-sacm-nea-swima-patnc-04.txt) The IESG has approved the following document: - 'Software Inventory Message and Attributes (SWIMA) for PA-TNC' (draft-ietf-sacm-nea-swima-patnc-04.txt) as Proposed Standard This document is the product of the Security Automation and Continuous Monitoring Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-sacm-nea-swima-patnc/
Technical Summary This document extends "PA-TNC: A Posture Attribute (PA) Protocol Compatible with Truste Network Connect (TNC) (RFC 5792) by providing specific attributes and message exchanges to allow endpoints to report their installed software inventory information to a NEA server, as defined in "Network Endpoint Assessment (NEA): Overview and Requirements" (RFC 5209). Working Group Summary Working group consensus was clear for this draft. Document Quality This work begin in the Trusted Network Computing Group and there are implementations. The StrongSwan implementation was demonstrated at the IETF hackathon in Prague (IETF 99). Personnel Karen O'Donoghue is acting as the Document Shepherd. Kathleen is the Responsible Area Director. If the document requires IANA experts(s), insert 'The IANA Expert(s) for the registry established in section 10.4 in this document are David Waltermire and Jessica Fitzgerald-McKay.' IANA Note Section 10.4 establishes the "Software Data Model Types" registry with Specification required and expert review per RFC8126. Sections 10.1-10.3 add entries to existing registries.