[Openid-specs-risc] Feedback to NIST "Implementing a ZTA" publication

Atul Tulshibagwale atul at sgnl.ai
Mon Aug 8 22:49:47 UTC 2022 

Hi all,
We had identified Issue #18 <https://github.com/openid/sse/issues/18> to
provide feedback to the NIST publication referenced above
FYI, I have submitted the following feedback, and will close the above
issue now:

   -

   In section 3.3 (Assumptions), there is no mention of any assumption of
   interoperability between products. A statement such as there is an
   expectation that products should eventually interoperate regardless of
   their vendor origin will help


   -

   In section 4.1.2 (ZTA Supporting Components), under ICAM
   -

      The bullet points for authentication and authorization management
      should be separated out. They are currently under one bullet on line 1703
      -

      There should be an additional bullet point for Continuous Access
      Evaluation, like similar bullet points under EDR/EPP and
Security Analytics
      -

   Section 4.2.1 (Build-Specific Features) describes two builds. There
   should be a discussion on how individual vendors were chosen to be a part
   of a certain build. Were there any limitations of interoperability that
   caused this choice?
   -

   Appendix D.2 (Build Architecture) defines certain flows such as “User
   Joins the Enterprise” (D.2.2.2) and “Message Flow for a Successful Resource
   Access Request” (D.2.4), but does not describe how the session management
   flows defined in the ZTA in Operation section (4.1.3) are achieved.
   -

   Appendix F has the similar issue that it defines the access request flow
   (F.2.3), but does not address the session management flow defined in the
   “ZTA in Operation” section (4.1.3)


The way to provide the feedback wasn't free form (I had to identify line
numbers, etc.) so the actual text of the feedback is slightly different
than my notes above.

Atul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20220808/6676bbd5/attachment.html>

More information about the Openid-specs-risc mailing list