Christopher Inacio has entered the following ballot position for draft-ietf-opsawg-ucl-acl-13: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-ucl-acl/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- * This statement seems like the IETF is making management policy decisions outside our authority; can we remove this? > 486 Users accessing an enterprise device should be strictly controlled. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to all the reviewers for the insightful comments and the authors that already responded to them; very helpful. The document shows the results of its in depth review. * Can there be a definition of “enterprise” or “enterprise device” added to Section 2. Something like: > Enterprise device: for the purposes of this document, an enterprise device is a computing device which falls under the access control domain of centrally managed authority. A personal device (bring your own device (BYOD)) may temporarily be considered an enterprise device when it is used to access resources controlled by the centrally managed authority. I can’t bring together the concepts in the document of BYOD (for example) and then the language in section 4.2.2; or I’m missing a distinction by what is meant by “enterprise device” in 4.2.2 NITS: * "R&D Regular" (in the text) doesn't exist in the table > 441 groups may share several common criteria. That is, user group > 442 criteria are not mutually exclusive. For example, the policy > 443 criteria of user groups R&D Regular and R&D BYOD may share the same > 444 set of users that belong to the R&D organization, and differ only in > 445 the type of clients (firm-issued clients vs. users' personal > 446 clients). Likewise, the same user may be assigned to different user > 447 groups depending on the time of day or the type of day (e.g., > 448 weekdays versus weekends), etc. > > 450 +============+==========+===================================+ > 451 | Group Name | Group ID | Group Description | > 452 +============+==========+===================================+ > 453 | R&D | foo-10 | R&D employees | > 454 +------------+----------+-----------------------------------+ > 455 | R&D BYOD | foo-11 | Personal devices of R&D employees | > 456 +------------+----------+-----------------------------------+ > 457 | Sales | foo-20 | Sales employees | > 458 +------------+----------+-----------------------------------+ > 459 | VIP | foo-30 | VIP employees | > 460 +------------+----------+-----------------------------------+ > > 462 Table 1: User Group Examples > _______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
