The PWG held its November 2021 Virtual Face-to-Face Meeting on November 2-4, 2021 via Webex teleconferences. Representatives from Oki, Canon, High North, HP Inc., Kyocera Document Solutions, Lakeside Robotics, Lexmark, Ricoh, TIC, and Qualcomm attended the meetings, among others. Attendees reviewed work in progress, including drafts of a number of in-progress specifications, and discussed liaisons with partner groups. Here is a summary of the proceedings.
The F2F event began with the PWG Plenary session, which had a
reduced scope to limit the presentation time. The PWG Chair
began with the PWG Antitrust Policy, which was presented at the
start of each session at this F2F, and will be presented at the
start of all PWG teleconferences and F2F sessions going forward.
The PWG Chair then reviewed the overall state of the PWG, its
programs and initiatives, and briefly discussed upcoming
face-to-face meeting scheduling. Since this was an election
year, the PWG Chair announced the new roles for the upcoming
term. Smith Kennedy, current PWG Chair, and Jeremy Leber,
current PWG Vice Chair, will be swapping roles with Jeremy
assuming the role of PWG Chair and Smith assuming the role of PWG
Vice Chair. Ira McDonald will continue in the role of PWG
Secretary. We noted that there are
currently 752 printers certified under the PWG's IPP
Everywhere™ Self Certification program, and that as of 1 July
2021, IPP Everywhere 1.0 certifications were no longer
accepted. We discussed the PWG Steering Committee's
activities and initiatives, including progress on Process 4.0, new
policies, and recently approved documents. Officers from the IDS Workgroup
and IPP
Workgroup briefly summarized their Workgroup's status, and
PWG Liaison Officers also briefly reported on the status of our
partners' work in Linux Foundation OpenPrinting, Mopria Alliance,
and 3D Additive Manufacturing.
IPP Workgroup sessions started immediately following the plenary
session on the first day of the F2F event with the PWG Antitrust
Policy and PWG Intellectual Property Policy, followed by a status
summary of IPP Workgroup activities currently in progress.
We noted that there are 7 PWG specifications currently in various
phases of development, while Deprecating IPP Print by Reference
was the only IPP Registration currently in
development. Job Accounting with IPPv1.0 had been
recently published. We then briefly noted all of the
pending and in-process errata and wrapped up the morning session
with a discussion of the prototype-ready specifications, including
Deprecating IPP Print by Reference, IPP Encrypted Jobs and
Documents v1.0, IPP Enterprise Printing Extensions v2.0, IPP
Finishings v3.0, and IPP Production Printing Extensions v2.0.
After lunch on the first day, the IPP WG resumed the session with
a review of the interim draft of IPP/2.x Fourth Edition, which
included an errata update of PWG 5100.12-2015 with updated
document references, simplified tables and conformance
requirements, and a brief history of IPP development to explain
how we ended up with different protocol versions with the same
encoding. Day 1 concluded with a review of the initial
draft of IPP Everywhere 2.0.
Day 2 of the IPP WG began with a review of the interim draft of
IPP Driverless Printing Extensions v2.0. There was
much rejoicing that we were able to review the entire document by
lunch, and given that there were no technical changes to the
document, recommended that the next draft should be move to
prototype. After a lunch break, we held the final IPP
Workgroup session for the November 2021 F2F with a discussion of
IPP Everywhere Printer Self-Certification. This
included a discussion around how to handle new tests for 2.0,
Enterprise (which will come in 2.1) and Production (in 2.2), and
the best way to handle certification for clients, including
possibly using virtual printers. After discussing next
steps, the IPP WG closed the session for the day and for the
November F2F.
The Imaging Device Security session was held at the start of the
third day. Alan began with a brief review of the agenda, followed
by the PWG Antitrust and IP Policies. Alan then presented
the current status of the HCD iTC and its efforts to develop HCD
cPP v1.0 and HCD SD v1.0. The HCD iTC issues the first
public draft for the HCD cPP on 8/30/21 and the firstpublic draft
for the HCD SD on 10/13/21. A number of comments (85)
have been submitted against these drafts so far and are in process
of being reviewed and addressed accordingly. The
biggest issue that the HCD iTC is currently facing is how to
handle Cryptographic Erase for Solid State Drives (SSDs) or
Self-Encrypting Drives (SEDs) . The concern involves whether
or not CE is adequately covered by the two Key Destruction SFRs.
JISEC (the Japanese Scheme) and ITSCC (The Korean Scheme)
agree that CE is covered, but there is some disagreement in the
HCD iTC. A subgroup has been created by the HCD iTC to
address the CE requirements. Other HCD iTC topics included
support for RSA Key Generation, advent of ENISA Cryptographic
Certification, and others. Alan discussed the upcoming
document plans and schedule, and wrapped up the HCD iTC update
with some of his lessons learned.
Alan then briefly went into a discussion of the ENISA
Cybersecurity Certification (EUCC). The reason for discussing EUCC
was that he felt that EUCC will have significant impact on the HCD
cPP, the CC and possible HCD vendors because of many of the
provisions that are included within EUCC. Alan covered the
EUCC goals, key definitions, and scope, and discussed how the
objectives of the EUCC closely mirror the security objectives of a
HCD – protection of stored data, protection of data in transit,
access control, auditing, secure updates, availability and
security by design. Alan briefly described the EUCC
process for handling vulnerabilities, non-compliance process,
assurance maintenance, and patch management process. The
EUCC is expected to become fully operational in 1H 2022 after a
transition period, and this will have some long-term and
short-term impacts on iTCs.
To close out the session, Alan provided status on the efforts to
update the two CC Standards, ISO/IEC 15408 and
ISO/IEC18405. This included an overview of the current
3rd Edition framework, important updates included in the 4th
Edition, and an overview of the 4th Edition framework.