[Moims-sc] FW: [CESG] MAL PIDs spreadsheet
Mehran Sarkarati
Mehran.Sarkarati at esa.int
Tue Jul 26 15:12:17 UTC 2022
Dear SM&C WG,
In attachment you’ll find the presentation that Peter Shames, the SEA area director delivered to CESG on a dedicated meeting on the topic of our MAL blue book CESG approval for Agency Review.
Peter had raised 21 PIDs as condition for his approval of the MAL book to start the Agency Review.
We had reviewed in the WG these PIDs and dispositioned them, accepting basically most of them and asking for a meeting to go through them.
The WG was not of the opinion that the raised PIDs were too dramatic or substantial and we considered them easy to fix with editorial changes.
In response to our request for a meeting to go through the PID resolutions, Peter sent an email, opening a generic discussions regarding MAL being too abstract to be a Blue Book and suggested we should consider making it a Magenta Book.
I escalated through our Area Director the matter to the CESG, requesting a focused discussion on the PIDs to achieve a satisfactory closure of the raised conditions by Peter, so that MAL BB can go to the Agency Review, instead of having yet once again a very high level discussion.
CESG met last Monday to discuss the matter and the way forward. Mario Merri as MOIMS area director and myself as WG chair delivered a presentation, which you will find also attached.
In the meeting Peter presented to the CESG members the following message (see the attached presentation)
1. The quality of our Blue Book is so bad that it does not pass for going to the Agency Review. Here mainly the deficiencies he listed are:
* Missing clear definition of terms in the BB
* Missing references: Although this is unchanged from the last two published versions of the BB
* Vague Definitions: Mainly the MAL Object was used as an example
* PICS: Saying what we have in the book “is a joke”
2. Security: Saying it is not acceptable that our BB says “Security and in particular Access Contorl is someone else’s job”.
3. The high-level discussion regarding the MAL BB to be too abstract to be implementable, hence it should be a MB
The conclusion of the meeting was
1. The SM&C WG shall review all the PIDs again in detail and update the book where applicable accordingly. For this Peter has provided an additional column in the attached Excel file to this email. I have met with Cesar and have asked him to give this a thorough attention and to update the book according to Peter’s additional comments. As we discussed in the dedicated meeting of the WG, we agreed with most of Peter comments and can update the book accordingly. Some of his comments were more questions than comments. We answered them but we can add some text to be more explicit. Some of the PIDs were raised on deleted part of the book due to his misunderstanding of the MS Word change tracking. In the meeting last Monday, Peter used the Excel file to tell CESG that we have rejected 8 of his 21 PIDs. Ignoring the fact that 3 of them were his misunderstanding and related to deleted parts of the document and two were duplicated questions that we answered positively (e.g. is XML allowed?) but the PIDs did not need any change of the book. Nonetheless, we should put as much as possible effort to remove any ambiguity and take this as an opportunity to review again with more caution Peter’s presentation and update the BB, in order to remove any doubts about the points he has raised in the PIDs. It was agreed that two other Area Directors shall also review the book and Peter’s PIDs. So we may receive additional comments that we should equally take seriously. Cesar will send a new updated version of the BB in the course of the next week. I will setup a WG meeting for the week after. I will be on leave and given the Summer holiday period, I know some of you will be away as well. Nonetheless I took the action to complete this process with the WG before end August. We also agreed to hold a meeting with Peter to go through his PIDs and the updates in the BB and verify their closure. If any of the PIDs cannot be concluded, Mario would escalate again to CESG. Then the CESG would then meet once more and go through the open PIDs one by one. If no conclusion can be achieved in that one meeting, the CESG chair would escalate then to the CMC.
2. For the Security, the comments were the same that Peter had raised on the reference book. We had back then answered them and had extensive discussions with escalation. After meeting with the Security WG the final conclusion was to add examples of some concrete deployments to our Green Blook and add a reference in the MB to the chapter in the Green Book. In the CESG meeting, I explained the logic (again) that MAL does not make any assumption on the technology and the level of sophistication of the Access Control. That it is a pure deployment choice. Many of our missions today do not have any access control over the S2G link. Some other missions do have extensive security requirements of end to end encryption and content based access control. Now if the Access Control does not exist, or if it only checks a text based user name/password or it uses a certificate to authenticate and a Access Management System a la LDAP or god knows what is the choice and the job of the Access Control and not that of the MAL. To MAL this is all transparent. For MAL it is important to define a clear and understandable interface, through which all of these choices can be plugged in and this is what the MAL BB defines in a simple manner. Peter stated in the CESG meeting that if we had written few sentences explaining exactly this, he would be happy. So I asked Cesar to do exactly that.
3. The CESG and its chairman concluded clearly in the meeting and in the follow up emails that the high level discussion of abstraction vs concrete and the discussion of BB vs MB is not on the table and is a no go. MAL has been published as BB twice by CCSDS and it’s update is a BB project that is approved by the CMC and it is as a BB in the charter of SM&C WG and CESG chair said very clearly that he considers this discussion “inappropriate” and does not accept further discussions with this regard.
So, next steps are
* To receive the updated book from Cesar next week, review it carefully against the PIDs and the additional comments provided by Peter in the extra column and the presentation.
* Then to have a meeting in the week 8 Aug to go one by one through the PIDs with the WG and confirm the agreement of the WG to each PID resolution and the respective update.
* To call for a meeting with Peter (and the other Area Directors, if they provide additional comments) in the week of 15 Aug and go through the PID resolutions one by one can confirm their closure or identify the ones for which Peter would not agree to our resolution.
Kind Regards
Mehran
This message is intended only for the recipient(s) named above. It may contain proprietary information and/or protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received this e-mail in error, please notify the sender immediately. ESA applies appropriate organisational measures to protect personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (dpo at esa.int).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/moims-sc/attachments/20220726/4ed313c5/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SEA MO MAL document analysis 11Jul22.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 3740405 bytes
Desc: SEA MO MAL document analysis 11Jul22.pptx
URL: <http://mailman.ccsds.org/pipermail/moims-sc/attachments/20220726/4ed313c5/attachment-0003.pptx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MAL BB Responses to CESG_Comments-SEA 12Jul22.xlsx
Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Size: 20285 bytes
Desc: MAL BB Responses to CESG_Comments-SEA 12Jul22.xlsx
URL: <http://mailman.ccsds.org/pipermail/moims-sc/attachments/20220726/4ed313c5/attachment-0001.xlsx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MAL AR.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 335928 bytes
Desc: MAL AR.pptx
URL: <http://mailman.ccsds.org/pipermail/moims-sc/attachments/20220726/4ed313c5/attachment-0004.pptx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MOIMS AD Intro.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 111676 bytes
Desc: MOIMS AD Intro.pptx
URL: <http://mailman.ccsds.org/pipermail/moims-sc/attachments/20220726/4ed313c5/attachment-0005.pptx>
More information about the MOIMS-SC
mailing list