[Pwg-Announce] PWG Last call of HCD Assessment Attributes

[Pwg-Announce] PWG Last call of HCD Assessment Attributes

Sukert, Alan Alan.Sukert at xerox.com
Tue Jan 8 18:17:21 UTC 2013


Joe -

I reviewed the HCDE-Assessment-Attributes spec and have the following official Xerox comments (since I'm coming in new many of these may have already been discussed with the IDS WG; feel free to reject any of these comments on that basis):

1.       General comment: Some of the text has different type font from the rest of the text (e.g., Lines 301 and 308), Make sure to check all the type fonts in the document for uniformity.

2.       The following RFCs are referenced in the body of the document but are not listed in either Sections 9 or 10: [XMLTYPES] (Section 2.3, pg. 9, Line 318), [RFC2579] (Section 2.3, pg. 9, Line 321), [RFC2578] (Section 2.3, pg. 9, Line 321), [RFC3411] (Section 2.3, pg. 9, Line 321) and [RFC5646] (Section 4.1, pg. 14, description of AttributesNaturalLanguage).

3.       The following acronyms are used in the body of the document but are not defined in Section 2.4: RFC (Section 9, pg. 17, Line 525), URL (Section 4.1, pg. 14, description of TimeSource), I2C (Section 4.1, pg. 14, description of TimeSource), MFD (Section 9, pg. 17, Line 525), XML (Section 9, pg. 17, Line 526), SM (Section 6, pg. 16, Line 517)

4.       The following acronyms listed in Section 2.4 are not used anywhere else in the document: TLS and URI.

5.       Section 3.2.2, page 11, Line 419: The sentence "To mitigate this breach, IT administrators decide corporate policy is that ALL devices must..." It is not clear why 'ALL' is capitalized here because ALL is not one of the conformance technology terms discussed in Section 2.1.

6.       Section 4.1, page 13, definition of FirmwareStringVersion attribute: The second sentence uses the term "String Versions". It is not clear what is meant by this term - did you mean Firmware String Versions here?

7.       Section 4.1, page 13, definition of FirewallSetting attribute: The Data Type is listed as being an OctetArray, but the description indicates that this is a variable length field. Given that the definition of an OctetArray is a "variable number of octets containing binary data" a variable length field could be something other than octets. Please clarify the data type description of the FirewallSetting attribute.

8.       Section 5.2.2.1, page 16, Line 495: 'HCDUserApplicationVersion' should be 'UserApplicationVersion'.

9.       Section 5.2.2.3, page 16, Line 507: Since the table has been removed indicate there are no attributes that MUST be supported if the condition described is present in the HCD.

10.   Section 5.2.3, page 16, Line 512: 'CertificationStat' should be 'CertificationState'. A side comment - the other lists in Section 5.2 are alphabetical; why isn't the list in Section 5.2.3 alphabetical?

11.   The following references listed in Section 10 are not referenced anywhere else in the document: [RFC3766] and [RFC4086].

Let me know if you have any questions on my comments.

Alan

Alan Sukert
Xerox Certified Green Belt
Product Security Specialist
Alan.Sukert at xerox.com|<mailto:Alan.Sukert at xerox.com%7C> tel 585.427.1413 or 8*707-1413
MS 0111-03A | 800 Phillips Road | Webster, NY 14580

From: pwg-announce-bounces at pwg.org [mailto:pwg-announce-bounces at pwg.org] On Behalf Of Murdock, Joe
Sent: Monday, November 26, 2012 3:43 PM
To: pwg-announce at pwg.org
Subject: [Pwg-Announce] PWG Last call of HCD Assessment Attributes

All,

[This PWG Last Call starts today Monday November 26, 2012 and ends Friday January 18, 2013 at 10pm US PST.]

This is the formal announcement of the PWG Last Call for the HCD-Assessment-Attributes specification, located at:

                ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-idsattributes10-20121113.pdf

A supporting binding document (HCD-NAP) has been prototyped and is in PWG last call. The IDS WG has completed extensive review of the various revisions of this document and an IDS WG last call.

The PWG Process/3.0 requires that a quorum (30%) of PWG voting members must acknowledge a PWG Last Call (with or without comments), before any document can progress to PWG Formal Vote.  This PWG Last Call is NOT a Formal Vote but it DOES require your review acknowledgment.


HOW TO RESPOND

Send an email with *exactly* the following subject line format:
Subject: <Company Name> has reviewed the HCD-Assessment-Attributes specification and has [no] comments


WHERE TO SEND YOUR RESPONSE

Please send your response to *all* of the following email addresses (replacing "dot" with '.' and "at" with '@'):

"ids "at" pwg "dot" org (IDS WG mailing list - you must be subscribed!)
jmurdock "at" sharplabs "dot" com (Joe Murdock, IDS Chair and current HCD-Assessment-Attributes Editor)
alan.sukert "at" xerox "dot" com (Alan Sukert, IDS WG Secretary)

Note that you must be subscribed to the IDS WG mailing list to send email there - otherwise your email will be silently discarded.

Please do NOT simply reply to this note on the PWG-Announce list.

Note: The PWG Definition of the Standards Development Process Version 3.0 is located at:

                http://www.pwg.org/chair/membership_docs/pwg-process30.pdf

---------------------------------------
Joe Murdock
Principal Engineer and Researcher
Chair IEEE/ISTO Printer Working Group Imaging Device Security
Sharp Labs of America
5750 NW Pacific Rim Blvd
Camas, WA 98607
(360) 817-7542
jmurdock at sharplabs.com<mailto:jmurdock at sharplabs.com>


--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/pwg-announce/attachments/20130108/d6a0a49b/attachment-0001.html>


More information about the pwg-announce mailing list