The PWG held its February 2021 Virtual Face-to-Face Meeting on February 9-11, 2021 via Webex teleconferences. Representatives from Canon, Google, High North, HP Inc., Konica Minolta, Kyocera Document Solutions, Lakeside Robotics, Lexmark, Microsoft, Qualcomm, Pharos, Ricoh, TIC, TCS and Xerox attended the meetings, among others. Attendees reviewed work in progress, including drafts of a number of in-progress specifications, and discussed liaisons with partner groups. Here is a summary of the proceedings.
The F2F event began with the PWG Plenary session, which had a
reduced scope to limit the presentation time. The PWG Chair began
with the new PWG Antitrust Policy, which was presented at the
start of each session at this F2F, and will be presented at the
start of all PWG teleconferences and F2F sessions going forward.
We then paused to note the passing of Ron Bergman, a dedicated
original member and contributor to many PWG specifications and
efforts. The PWG Chair then reviewed the overall state of the PWG,
its programs and initiatives, and briefly discussed upcoming
face-to-face meeting scheduling. We noted that there are
currently 629 printers certified under the PWG's IPP
Everywhere™ Self Certification program. We discussed the PWG
Steering Committee's activities and initiatives, including
progress on Process 4.0, new policies, and recently approved
documents. Officers from the IDS Workgroup and IPP Workgroup
briefly summarized their Workgroup's status, and PWG Liaison
Officers also briefly reported on the status of our partners' work
in Linux Foundation OpenPrinting Workgroup, Mopria Alliance, ISO
JTC1 WG12, and INCITS.
On the first day, Ira McDonald (IPP WG Co-Chair) and Mike Sweet
(IPP WG Secretary) surveyed the status of current IPP Workgroup
works in progress. The IPP Everywhere v1.1 Update 2
self-certification tool set was recently approved. The Job
Accounting with IPP v1.0 was formally approved on February 5. The
status of IPP Driverless Printing Extensions v2.0 was briefly
discussed, since a new draft was not yet published and ready for
review.
The IPP WG moved on to the Evolution of IPP/2.0 and IPP
Everywhere session, where they considered what that means from a
versioning point of view and related issues. Some possible
solutions to issues with the current IPP Everywhere v1.1 test
suite when testing streaming printers were discussed, and how that
might impact certification timing.
After a break, we discussed the IPP INFRA Cloud Proxy
Registration initiative and related work plans. The scope of the
work is likely to trigger an update to IPP Shared Infrastructure
Extensions (PWG 5100.18) and IPP System Service (PWG 5100.22).
There was much discussion and we didn't complete the topic on that
first day, so we made plans to continue the discussion the next
day once some schedule changes were made.
On the second day, after the IDS Workgroup session and a break,
the group continued the discussion about IPP INFRA Cloud Proxy
Registration. We discussed Local Printing, an expanded set of use
cases and topologies for release printing, Cloud Scan support, and
the need to project more portions of existing SNMP MIBs into the
IPP space. We didn't get to IPP Finishings v2.2, but Smith Kennedy
informed the group that the next step was to review the normative
requirements in the specification and decide on whether the new
revision was going to be a minor revision (v2.2) or a major one
(v3.0).
On the third day, the IPP Workgroup started with a review of IPP
Enterprise Printing Extensions v2.0. The group discussed the
"job-password-repertoire" and "job-password-length-supported" that
were registered several years ago, and proposed some updates to
those. The group committed to continuing the review in the next
IPP WG teleconference after the F2F.
After a break, Paul Tykodi led a review of the PWG's 3D Printing
liaisons and the guidance we will be providing to our partners. We
discussed the competition between different standards and
proprietary solutions, and the need to increase the visibility of
IPP 3D, particularly in comparison to MT Connect, which is a
low-level process-oriented machine control protocol. 3D Scanning
and work on an IPP 3D Scan specification was discussed. Since
security and privacy are being discussed more in the 3D Printing /
Additive Manufacturing community, evangelizing the existing robust
security facilities in IPP could help advertise its value. We
discussed the value in having an article written to articulate
IPP's value to 3D Printing, and will be pursuing this. Work should
also be pursued developing the 3D Printing Protection Profile. We
concluded the IPP WG sessions with next steps.
Complete minutes are available here: https://ftp.pwg.org/pub/pwg/ipp/minutes/ippv2-f2f-minutes-20210209.pdf
At the start of the second day, Alan Sukert (IDS WG Chair) led
the IDS Workgroup status and progress discussion. We went through
the current status of the weekly HCD iTC meetings held since the
last IDS Face-to-Face (F2F) Meeting in November 2020 and the
efforts to develop HCD cPP v1.0 and HCD Supporting Document (SD)
v1.0. The second internal drafts of the HCD cPP and HCD SD were
reviewed by the full HCD iTC – 15 comments were received against
the HCD cPP draft and 30 comments were received against the HCD SD
draft. All comments were addressed.
Al then led a discussion about the status of HCD iTC work to
address a major issue concerning a proposal for managing non-field
replaceable non-volatile storage. The proposal was that non-field
replaceable non-volatile storage be allowed to store key material
in clear text rather than encrypted as long as the HCD had some
type of “purge” function that would allow the key material to be
deleted when the HCD was ready to be decommissioned or moved to
another location. This proposal would be in conflict with the
requirement in the Essential Security Requirements (ESR) document
approved by the Common Criteria Development Board (CCDB) which
states that the HCD shall encrypt user document data and/or the
HCD critical data (for confidentiality protection) stored on
nonvolatile storage device if it uses nonvolatile storage device
for the purpose of storing those data and that storage of initial
data of the key chain on the nonvolatile storage device without
protection would not meet the requirement. The HCD iTC is still
determining the resolution of this issue.
Al discussed the latest status of the HCD iTC’s Network Subgroup.
This subgroup is looking at what to do in the HCD cPP/SD for the
SFRs and assurance activities for the four secure protocols –
IPsec, TLS, SSH and HTTPS, although the subgroup’s charter has
recently been expanded to look at additional SFRs and assurance
activities for dependencies of the four secure protocols. The
group discussed what to do about TLS 1.3 and TLS 1.1. The HCD iTC
had hoped to incorporate TLS 1.3 into HCD cPP/SD v1.0 but was
waiting to see what the ND iTC did about TLS 1.3 first. It turns
out that the ND iTC’s TLS Subgroup is currently stalled because
NIAP recently submitted a large set of comments against the latest
draft containing TLS 1.3 support, and many of the comments will
require time to address. Thus, the likelihood of getting a TLS 1.3
solution from the ND iTC in time for inclusion in HCD cPP/SD 1.0
seems very unlikely at this point.
Ira then covered the latest HCD Security Guidelines status. An
updated draft was not published in time to be reviewed at this
meeting, but Smith provided updates to the Wi-Fi content in
Section 4 and Ira changed much of the guidance in Section 4 as a
result. Ira plans to add some material on IPP to Section 4 as
well. Ira says he plans to have an update to the HCD Security
Guidelines with additions to Section 5 hopefully by the end of
March, and a full-content update sometime in Q3 2021.
Finally, Ira gave a Liaison Report on current standards
developments for the Trusted Computing Group (TCG), Internet
Engineering Task Force (IETF), and Linux Foundation as part of the
Plenary Session of the PWG Face-to-Face of which the IDS Session
is a part of. Ira's liaison report will become part of the IDS
Session going forward since it is mostly focused on security
related work in other groups.
Complete minutes are available here: https://ftp.pwg.org/pub/pwg/ids/minutes/ids-f2f-minutes-20210210.pdf
The next PWG Face-to-Face meeting will be held May 4-6, 2021 via Webex teleconference. Be sure to subscribe to the pwg-announce@pwg.org mailing list to receive announcements about upcoming events and event changes or check the PWG Meetings page for updates on plans for upcoming meetings.