Internet DRAFT - draft-montville-sacm-asset-identification
draft-montville-sacm-asset-identification
Network Working Group A. Montville, Ed.
Internet-Draft Tripwire, Inc.
Intended status: Standards Track September 23, 2012
Expires: March 27, 2013
Asset Identification
draft-montville-sacm-asset-identification-00
Abstract
Asset identification plays an important role in an organization's
ability to quickly correlate different sets of information about
assets. This document provides the necessary constructs to uniquely
identify assets based on known identifiers and/or known information
about the assets. This document describes the purpose of asset
identification, a data model for identifying assets, methods for
identifying assets, and guidance on how to use asset identification.
It also identifies a number of known use cases for asset
identification.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 27, 2013.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Montville Expires March 27, 2013 [Page 1]
�
Internet-Draft SACM Asset Identification September 2012
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Montville Expires March 27, 2013 [Page 2]
�
Internet-Draft SACM Asset Identification September 2012
1. Introduction
One of the primary requirements for performing asset management is
the ability to identify assets based on some set of data known about
them. Asset identification, the use of attributes and methods to
uniquely identify an asset, allows for correlation of data across
multiple sources, reporting of asset information across different
organizations and databases, targeted actions against specific
assets, and usage of asset data in other business processes.
Unfortunately, neither a unified method nor a published specification
for performing asset identification exists at this time. Existing
security automation specifications either do not consider asset
identification or represent identification information differently
than other specifications with which they interoperate. This means
that correlation of data relies on a transformation process between
each specification, which is expensive and unreliable. Creation of
such a unified method and specification for performing asset
identification would allow for greater interoperability, increased
capabilities, and easier implementation of asset management
processes.
This Asset Identification specification describes a framework for how
asset management processes and other specifications may identify
assets using some set of information known or generated about the
asset. It describes the data model and representation of asset
identification information and it provides requirements for consuming
and producing identification information. Requirements for usage of
asset information and requirements for how the information that
identifies assets is collected or generated are out of scope for this
specification.
For the purposes of this specification, an asset is considered to be
anything that has value to an organization. For example, computing
devices are one form of asset that many organizations track. This
specification, however, does not limit asset identification to
identifying computing devices; any type of asset may be identified.
The specification itself provides constructs for identifying many
types of assets, and users may extend the model to include other
asset types if they wish to identify asset types that are not
addressed in the specification.
It is expected that other standards, data formats, tools, processes,
and organizations will reference this specification to describe how
to represent asset identification information. This will ensure
compatibility of asset identifications among these components and
allow for improved asset management processes.
Montville Expires March 27, 2013 [Page 3]
�
Internet-Draft SACM Asset Identification September 2012
While this specification was developed to support the immediate needs
of the security automation community, it is expected that it will be
valuable in general asset management processes both inside and
outside of the security automation space.
1.1. Purpose and Scope
The purpose of this document is to define the Asset Identification
specification, a standardized model for representing and identifying
assets.
The scope of this document is to give an introduction to Asset
Identification, give guidelines on using Asset Identification,
describe the Asset Identification data model, and document
conformance requirements to comply with Asset Identification. Other
versions of Asset Identification and the associated component
specifications, including emerging specifications and future
versions, are not addressed here.
Future versions of Asset Identification will be defined in distinct
revisions of this document, each clearly labeled with a document
revision number and the appropriate Asset Identification version
number.
1.2. Audience
This specification is intended for authors of specifications that
must support asset identifications, implementers of those
specifications, system integrators composing architectures from tools
that implement those specifications, and end users who wish to
understand how these tools work.
1.3. Document Structure
The remainder of this document is organized into the following major
sections:
o Section 2 defines the terms used within this specification and
provides a list of common abbreviations.
o Section 3 describes how this specification fits with related
standards and specifications.
o Section 4 defines the conformance requirements for asset
identification.
o Section 5 gives an overview of asset identification.
Montville Expires March 27, 2013 [Page 4]
�
Internet-Draft SACM Asset Identification September 2012
o Section 6 describes the asset identification data model
constructs.
o Section 7 presents the asset identification schema.
o Appendix A recognizes the work of the original Asset
Identification specification [IR7693].
o Appendix B describes possible use cases for asset identification.
o Appendix C explains how the specification can be extended.
1.4. Document Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Both inline and indented forms use qualified names to refer to
specific XML elements. A qualified name associates a named element
with a namespace. The namespace identifies the specific XML schema
that defines (and consequently may be used to validate) the syntax of
the element instance. A qualified name declares this schema to
element association using the format prefix:element-name. The
association of prefix to namespace is defined in the metadata of an
XML document and generally will vary from document to document. In
this specification, the conventional mappings listed in Table 1-1 are
used.
+--------+------------------------------------------+---------------+
| Prefix | Namespace URI | Schema |
+--------+------------------------------------------+---------------+
| ai | urn:ietf:params:xml:ns:asset-identificat | Asset |
| | ion-1.0 | Identificatio |
| | | n1.0 |
| | | |
| core | http://scap.nist.gov/schema/reporting-co | SCAP |
| | re/1.1 | Reporting |
| | | Core 1.1 |
| | | |
| cpe-na | http://cpe.mitre.org/naming/2.0 | CPE 2.3 |
| me | | Naming |
| | | Specification |
| | | |
| xal | urn:oasis:names:tc:ciq:xsdschema:xAL:2.0 | OASIS |
| | | extensible |
| | | Address |
| | | Language |
Montville Expires March 27, 2013 [Page 5]
�
Internet-Draft SACM Asset Identification September 2012
| xnl | urn:oasis:names:tc:ciq:xsdschema:xNL:2.0 | OASIS |
| | | extensible |
| | | Name Language |
+--------+------------------------------------------+---------------+
Conventional XML Mappings
Montville Expires March 27, 2013 [Page 6]
�
Internet-Draft SACM Asset Identification September 2012
2. Terms and Abbreviations
Asset: Anything that has value to an organization, including, but
not limited to, another organization, person, computing device,
information technology (IT) system, IT network, IT circuit,
software (both an installed instance and a physical instance),
virtual computing platform (common in cloud and virtualized
computing), and related hardware (e.g., locks, cabinets,
keyboards).
Asset Identification: The use of attributes and methods to uniquely
identify an asset.
Asset Identification Element: A complete, bound expression of an
asset identification using the constructs defined in this
specification.
Circuit: A dedicated single connection between two endpoints on a
network.
Computing Device: A machine (real or virtual) for performing
calculations automatically (including, but not limited to,
computer, servers, routers, switches, etc.)
Data: Any piece of information suitable for use in a computer.
Database: A repository of information or data, which may or may not
be a traditional relational database system.
Extension Identifier: Any piece of identifying information provided
in an asset identification element that is not explicitly
defined in the Asset Identification schema.
Identifying Information: The set of an asset's attributes that may
be useful for identifying that asset, including discoverable
information about the asset and identifiers assigned to the
asset.
Matching: The process of determining whether two or more asset
identification expressions refer to the same asset.
Network: An information system(s) implemented with a collection of
interconnected components. Such components may include
routers, hubs, cabling, telecommunications controllers, key
distribution centers, and technical control devices.
Montville Expires March 27, 2013 [Page 7]
�
Internet-Draft SACM Asset Identification September 2012
Organization: An entity of any size, complexity, or positioning
within an organizational structure (e.g., a federal agency, or,
as appropriate, any of its operational elements).
Person: Any person considered as an asset by the management domain.
Relationship Identifier: Identifying information where the value is
a relationship to another asset.
Service: A set of related IT components provided in support of one
or more business processes.
Software: Computer programs and associated data that may be
dynamically written or modified during execution.
System: A discrete set of information resources organized for the
collection, processing, maintenance, use, sharing,
dissemination, or disposition of information.
Synthetic Identifier: An identifier that is assigned to an asset in
the context of some management domain.
Website: A set of related web pages that are prepared and maintained
as a collection in support of a single purpose.
2.1. Acronyms
BIOS: Basic Input/Output System
CIDR: Classless Inter-Domain Routing
CPE: Common Platform Enumeration
FQDN: Fully-Qualified Domain Name
GUID: Globally Unique Identifier
HTTP: Hypertext Transfer Protocol
IETF: Internet Engineering Task Force
IP: Internet Protocol
IT: Information Technology
Montville Expires March 27, 2013 [Page 8]
�
Internet-Draft SACM Asset Identification September 2012
ITL: Information Technology Laboratory
MAC: Media Access Control
NIST: National Institute of Standards and Technology
OASIS: Organization for the Advancement of Structured Information
Standards
RFC: Request for Comment
URI: Uniform Resource Identifier
URL: Uniform Resource Locator
W3C: World Wide Web Consortium
WFN: Well-Formed Name
xAL: Extensible Address Language
XML: Extensible Markup Language
xNL: Extensible Naming Language
XSD: XML Schema
Montville Expires March 27, 2013 [Page 9]
�
Internet-Draft SACM Asset Identification September 2012
3. Relationship to Existing Standards and Specifications
This specification defines the constructs and methods for
representing asset identification information and thus can be
leveraged by any other specification where identifying assets is
required or beneficial.
This specification uses several industry-standard mechanisms for
representing identification information and providing conformance
requirements.
Common Platform Enumeration (CPE)TM is a structured naming scheme for
information technology systems, platforms, and packages. Based upon
the generic syntax for Uniform Resource Identifiers (URI), CPE
includes a formal name format. CPE version 2.3 Well-Formed Names
(WFN) are used as software- identifying information by this
specification [CPE23].
The extensible Address Language (xAL) by the Organization for the
Advancement of Structured Information Standards (OASIS) is an XML
standard format for representing international address information
[XAL]. Asset Identification leverages xAL to represent address
information for assets.
The extensible Name Language (xNL) by OASIS is an XML standard format
for representing the names of people and organizations. [XNL] Asset
Identification leverages xNL to represent the names of people and
organizations.
Montville Expires March 27, 2013 [Page 10]
�
Internet-Draft SACM Asset Identification September 2012
4. Conformance
A product may want to claim conformance with this specification so
that users and organizations can use the product with the assurance
that the product can identify assets in a consistent and standard
manner. The ability for a product to identify assets in a standard
manner increases the likelihood of interoperability between
conforming products. This section defines the criteria for products
to claim conformance with this specification.
4.1. Product Conformance
Products are divided into two roles based on their use of asset
identification information: consumers and producers.
o Consuming products ("consumers") must be able to receive and
understand information in compliance with this specification.
o Producing products ("producers") must create asset identification
information in a format compliant with this specification.
A product may be both a consumer and producer. The following
subsections document the conformance requirements for the two types
of products.
4.1.1. Consumers
Any consuming product claiming conformance to this specification MUST
adhere to the following requirements.
o The consumer SHALL be capable of processing the identification
information represented in constructs consistent with the Asset
Identification data model without error. See Section 6.
o The consumer MAY attempt to consume constructs that are invalid
per the Asset Identification data model. See Section 6.
o The consumer MAY consume extension identifiers and use them as an
input into a matching process. See Section 5.3.4.
o The consumer MUST NOT abnormally end, crash, or otherwise be
unable to fully process asset identification elements that include
extension identifiers. It MAY ignore any information in extension
identifiers.
Montville Expires March 27, 2013 [Page 11]
�
Internet-Draft SACM Asset Identification September 2012
4.1.2. Producers
Any producing product claiming conformance to this specification MUST
adhere to the following requirements.
o The producer SHALL accurately produce the asset identification
element in XML consistent with the data model. Section 6.
o When representing identification information, the producer SHOULD
provide as much information as is sufficient to allow for a match.
See Section 5.3.
o When representing identification information, the producer MAY
provide as much or as little identifying information as allowed in
the data model per other recommendations or tool capabilities.
See Section 5.3.
o The producer MAY provide extension identifiers for any asset
identification element. See Section 5.3.4.
Montville Expires March 27, 2013 [Page 12]
�
Internet-Draft SACM Asset Identification September 2012
5. Asset Identification Overview
This section gives an overview of the Asset Identification model and
its key concepts.
5.1. Scope
In order to support the variety of use cases discussed in Appendix A,
the scope of this specification is limited to a description of how
asset management tools can represent asset identification information
when communicating it to other tools. It is out of scope of this
specification to recommend which identifiers to use or to require
that identification information be collected in a certain way or from
a certain place. Higher-level specifications, tools, and
organizations that implement Asset Identification, however, are
encouraged to make these recommendations or specify these
requirements in order to support the particular needs of their use
cases.
Additionally, the Asset Identification specification is not a
mechanism for expressing information about an asset that is not
related to asset identification. Only elements that are used for
identification are included in the core specification. Asset
Identification elements MUST NOT be used to represent information
about an asset unless it is being used to identify that asset.
5.2. Core Specification and Extension Points
The core Asset Identification specification defines eleven asset
types and definitions of how those asset types may be identified
using a set of literal attributes and relationships to other assets.
The core specification is intended to provide definitions for
commonly used asset types and identification attributes; it is not
intended to be an exhaustive list of all possible asset types and
attributes that may be used for identification. Anything explicitly
defined in the asset identification schema and the asset
identification controlled vocabulary for relationship identifiers is
considered part of the core specification.
There are several extension points in the Asset Identification data
model to allow for identification of asset types beyond what is
included in the core specification and to allow attributes or
relationships outside of the core specification to be used to
identify asset types that are included. These extension points are:
o Additional asset types may be created by inheriting from any
concrete or abstract "asset" data element in the core XML schema.
Montville Expires March 27, 2013 [Page 13]
�
Internet-Draft SACM Asset Identification September 2012
o The core asset types may be enhanced by adding elements to the
appropriate asset type as literal values in the "extended-
information" element.
o Additional relationships can be defined by creating a separate
vocabulary for relationship identifiers.
5.3. Data Model Overview
The Asset Identification data model consists of a set of asset types
and a set of information that can be provided about each asset type.
The asset types currently supported in this specification are:
+-------+
| Asset |
+-------+
|
| +--------+
+----| Person |
| +--------+
|
| +--------------+
|----| Organization |
| +--------------+
|
| +----------+
+----| IT Asset |
+----------+
|
|
| +--------+
+---------| System |
| +--------+
|
| +----------+
+---------| Software |
| +----------+
|
| +----------+
+---------| Database |
| +----------+
|
| +---------+
+---------| Network |
| +---------+
|
Montville Expires March 27, 2013 [Page 14]
�
Internet-Draft SACM Asset Identification September 2012
| +---------+
+---------| Service |
| +---------+
|
| +------+
+---------| Data |
| +------+
|
| +------------------+
+---------| Computing Device |
| +------------------+
|
| +---------+
+---------| Circuit |
| +---------+
|
| +---------+
+---------| Website |
+---------+
For the purposes of this specification the above asset types MUST be
understood as defined in Section 2.
The specification MAY be extended by Asset Identification producers
to allow for other asset types as needed; however, it is OPTIONAL for
Asset Identification consumers to support asset types not present in
the core specification.
For each asset type above, the specification has a core set of fields
that may be provided in order to identify an asset of that type. For
example, an asset of type "person" may be identified by an email
address, full name, telephone number, or birth date. Any number of
these fields may be populated in order to create an asset
identification element. Specifications, management environments,
organizations, and tool vendors implementing Asset Identification are
encouraged to recommend, restrict, or require that certain fields be
populated or not populated; however, the specification itself does
not do so.
There are several different types of information that may be used to
identify assets: literal identifiers, relationship identifiers,
synthetic identifiers, and extension identifiers. These four
identifier types are differentiated only because they are represented
differently in the data model. No identifier type is intrinsically
more or less valuable for performing asset identification than any
other identifier type.
Montville Expires March 27, 2013 [Page 15]
�
Internet-Draft SACM Asset Identification September 2012
5.3.1. Literal Identifiers
Literal identifiers are the pre-defined fields containing literal
values that may identify an asset. For example, Media Access Control
(MAC) address is an example of a literal identifier for a computing
device. Literal identifiers defined in Asset Identification MUST be
properly processed without error by Asset Identification consumers.
5.3.2. Synthetic Identifiers
Synthetic identifiers are meant to be used when a database or process
assigns an identifier. For example, an employee is often assigned an
employee identifier which may be used to track him or her across the
organization. These identifiers should be represented using the
synthetic identifier construct: the namespace denotes the management
domain for which the identifier is valid and the identifier contains
the identifier itself. Each asset type allows for a list of zero to
many synthetic identifiers. Synthetic identifiers MUST be properly
processed without error by Asset Identification consumers.
5.3.3. Relationship Identifiers
Relationship identifiers are meant to be used when an asset may be
identified based on a relationship to another asset. For example, a
system may be identified based on the fact that it is named "System
1" and it is connected to network "INTERNAL". Relationship types are
represented as a controlled vocabulary. Any relationships defined in
the Asset Identification controlled vocabulary are core and MUST be
processed without error by Asset Identification consumers.
Relationships that are defined in other controlled vocabularies are
considered extension identifiers and MAY be supported by Asset
Identification consumers.
5.3.4. Extension Identifiers
Although this specification intends to support the most common types
of information that are used to identify assets, certain users,
organizations, or use cases may find that the core model does not
support some fields that they need. Asset Identification supports a
producer's ability to provide these identifiers in any asset
identification element through extension identifiers; however, it is
OPTIONAL for consumers to process or understand these identifiers
unless some other specification requires it. Extension identifiers
may include additional literal values as well as relationship
identifiers that are outside of the Asset Identification controlled
vocabulary. Extension identifiers MUST be processed without error by
consumers; however, consumers are encouraged to ignore identifying
information that they do not understand and is not defined in the
Montville Expires March 27, 2013 [Page 16]
�
Internet-Draft SACM Asset Identification September 2012
core schema, which ensures accurate correlation.
5.4. Providing Asset Identifications
In the absence of other guidance or requirements, Asset
Identification providers SHOULD provide as much information as they
have available in the core (non-extension) asset identification
element. Bandwidth constraints, other specifications, and tool
intelligence MAY help define how much or which information SHOULD be
provided beyond this recommendation.
5.5. Consuming Asset Identifications
Asset Identification consumers MUST be able to process literal
identifiers, synthetic identifiers, relationship identifiers, and
extension identifiers without error. In this context, "process"
simply means ingest without error and optionally use as an input in
performing a matching. Asset Identification consumers SHOULD process
literal identifiers, synthetic identifiers, and relationship
identifiers and support incorporating them into a matching process.
Asset Identification consumers SHOULD NOT incorporate unknown
extended identifiers into a matching process as they may be
misleading or misunderstood.
Extended identifiers that are defined in another specification or
policy that the consumer implements MAY be supported as appropriate
and as defined by that specification or policy.
5.6. Matching
Matching is the process of determining whether or not two or more
asset identification elements are referring to the same asset.
Matching is performed across an entire asset identification element,
not across each individual property of an identifier.
Although matching identifiers is an important part of the asset
identification process, due to a wide variety of current tool
practices, organizational architectures, and the need to allow for
innovation, this specification does not provide any normative
requirements in regards to matching. Tools are free to perform
matching based on their own logic, and specifications implementing
asset identification are encouraged to provide their own
recommendations or requirements around matching.
5.7. Sample Correlation Workflow
The diagram in Figure 1 shows a sample correlation workflow,
including matching discoverable information and several synthetic
Montville Expires March 27, 2013 [Page 17]
�
Internet-Draft SACM Asset Identification September 2012
identifiers.
In this sample architecture, which is merely one example, several
tools report on information about an asset. The information is
correlated by an asset database, potentially processed or aggregated,
and then reported to a higher-level database.
+---------+ Tool 1: ASSET1 +----------+
+--| Network |------------------| Asset |
1 | | Scanner | IP: 1.2.3.4 | Database |
| +---------+ +----------+
+-------+ |
| Asset |--+
+-------+ |
| +---------+ +----------+
+--| Host |------------------| Asset |
| Scanner | IP: 1.2.3.4 | Database |
| 1 | +----------+
+---------+
2
Tool 1: ASSET1
+-------+ +---------+ Tool 2: ASSET34 +----------+
| Asset |----| Host |------------------| Asset |
+-------+ | Scanner | | Database |
| 2 | | |
+---------+ +----------+
3
Tool 1: ASSET1
+-------+ +----------+ Tool 2: ASSET34 +-----------+
| Asset |----| Asset |------------------| Reporting |
+-------+ | Database | IP: 1.2.3.4 | Database |
+----------+ +-----------+
Montville Expires March 27, 2013 [Page 18]
�
Internet-Draft SACM Asset Identification September 2012
Figure 1: Sample Correlation Workflow
In step 1, a host-based scanner is reporting on asset information
(e.g. vulnerability assessment results) using a synthetic identifier
in its own namespace and an IP address as identifying information.
Additionally, a network scanner is reporting on network events by IP
address. This allows the asset database to correlate information
coming from the network with information on the host, potentially
matching vulnerabilities discovered by the host-based scanner with
attacks against that vulnerability discovered by the network scanner.
In step 2, another host-based scanner (e.g., an asset inventory tool)
reports data using both a synthetic identifier in its own namespace
and a synthetic identifier in the first host-based tool's namespace.
This other identifier may have been collected on the system or may
have been discovered some other way; how that collection happens is
out of scope of this specification. By passing both identifiers,
however, the scanner provides enough data to the asset database to
correlate the additional inventory data with the vulnerability and
event data. Additionally, any other data reported using either the
IP address or the two synthetic identifiers will be able to be
correlated as well. Note that this specification does not require or
recommend that tools process identifiers in certain ways: for
example, an IP address may become stale after a period of time, but
it is out of scope for this specification to recommend how to deal
with that.
In step 3, the asset database provides a report to a higher-level
database. Depending on the reporting architecture, organizational
hierarchy, and reporting requirements, asset databases may want to
report on data with different sets of synthetic identifiers for each
asset. This specification does not restrict or recommend
architectures or workflows.
In the reporting architecture shown above, all known asset
identifiers for each asset are being used to report information to
the higher level. In this architecture, data provided by other tools
to the higher-level database may be correlated with the reported
data. Other options would be to only report some information to the
higher-level database or even to generate a new synthetic identifier
to perform reporting, depending on the reporting requirements and
network architectures.
Montville Expires March 27, 2013 [Page 19]
�
Internet-Draft SACM Asset Identification September 2012
6. Data Model
This section documents the data model for Asset Identification. The
XML schema that implements this data model is provided separate from
this specification.
The Asset Identification model is a fairly flat model that defines
the constructs to hold identifying information about an asset. A
limited number of asset types are defined for which model constructs
exist. In order to use the Asset Identification model:
o The user SHOULD produce an XML ai:assets or ai:asset-related
element consistent with the data model described in
Section 6.3.12.1.
o The XML element produced MUST validate against the XML schema
(XSD) for Asset Identification in Section 7. In situations where
the XML schema does not match the documented model in this
specification, the XSD takes precedence.
The following subsections formalize the logical data model. The data
contained in the subsections include prose and tables, which MUST be
interpreted as follows:
o The subsection title indicates the name for the entity being
described.
o The "INHERITS" field indicates that the element takes on all of
the properties of the inherited element in addition to the
properties defined for the element.
o The "DEFINITION" field indicates the prose description of the
text. The field MAY contain requirement words as indicated in
[RFC2119].
o The "Properties" field is broken into a four column table:
* The "Name" column indicates the name of a property that MAY or
MUST be included in the described element in accordance with
the cardinality indicated in the "Count" field.
* The "Type" column indicates the type of data that MUST be the
value for the property. There are two categories of types:
literal and element. A literal type will indicate the type of
literal. The element type will reference the name of another
element that defines the content for that property.
Montville Expires March 27, 2013 [Page 20]
�
Internet-Draft SACM Asset Identification September 2012
* The "Count" column indicates the cardinality of the property
within the element. The property MUST be included in the
element in accordance with the cardinality. If a range is
given, and "n" is the upper-bound of the range, then the upper
limit is unbounded.
* The "Definition" column defines the property in the context of
the element. The field MAY contain requirement words as
indicated in [RFC2119].
Each literal data element MAY have a "source" attribute associated
with it. The source attribute is intended to capture the source of
the information for that data element. The field SHALL be a string
type, but the value of the field is left to the content producer.
The value MAY include, but is not restricted to, a synthetic ID of
the asset that sourced the information, another ID of the source, or
a description of the source. See the XSD for additional clarity on
the "source" attribute.
Each literal data element MAY have a "timestamp" attribute associated
with it. If populated, the timestamp attribute indicates when the
data was last known to be correct for that element.
6.1. Abstract Elements
6.1.1. ai:asset
INHERITS: None.
DEFINITION: The root element from which all other asset elements
derive. This element does not represent any specific type of
asset, and therefore should only be used as a base class for
other, concrete, asset elements. Any element that claims to be
an asset element compliant with this specification SHALL
directly or indirectly inherit all of the attributes in this
element. The asset element SHALL NOT be used directly in an
asset identification instance because it is abstract.
Montville Expires March 27, 2013 [Page 21]
�
Internet-Draft SACM Asset Identification September 2012
+---------------------+----------------------+-----+----------------+
| Name | Type | Cnt | Definition |
+---------------------+----------------------+-----+----------------+
| synthetic-id | element-synthetic-id | 0-n | Holds the |
| | | | synthetic ID |
| | | | information |
| | | | for the asset. |
| | | | |
| locations | element - locations | 0-1 | Holds the |
| | | | location |
| | | | information |
| | | | where the |
| | | | asset resides. |
| | | | |
| extended-informatio | element - locations | 0-1 | Holds |
| n | | | extension |
| | | | identifiers |
| | | | for the asset. |
| | | | The content |
| | | | can be any |
| | | | well- formed |
| | | | XML defined in |
| | | | a namespace |
| | | | other than the |
| | | | Asset |
| | | | Identification |
| | | | namespace. |
| | | | |
| timestamp | literal - dateTime | 0-1 | The date and |
| | | | time when the |
| | | | information |
| | | | was last known |
| | | | to be correct. |
+---------------------+----------------------+-----+----------------+
Table 1: ai:asset Properties
6.1.2. ai:it-asset
INHERITS: ai:asset
DEFINITION: An abstract element that extends from the asset element.
it-asset is a placeholder element to carry common attributes
related to IT assets. For the current iteration of this
specification no common attributes have been identified, but
future iterations of the specification MAY contain common
attributes for IT assets. All asset elements that are
describing IT assets SHOULD extend from the it-asset element.
Montville Expires March 27, 2013 [Page 22]
�
Internet-Draft SACM Asset Identification September 2012
+------+------+-----+------------+
| Name | Type | Cnt | Definition |
+------+------+-----+------------+
| N/A | N/A | N/A | N/A |
+------+------+-----+------------+
Table 2: ai:it-asset Properties
6.2. Concrete Asset Elements
The following elements describe the data elements for the asset types
defined in this specification.
6.2.1. ai:circuit
INHERITS: ai:it-asset
DEFINITION: Captures identifying information about a circuit.
+--------------+-------------+-----+--------------------------------+
| Name | Type | Cnt | Definition |
+--------------+-------------+-----+--------------------------------+
| circuit-name | literal - | 0-1 | The name of the circuit being |
| | token | | identified. |
+--------------+-------------+-----+--------------------------------+
Table 3: ai:circuit Properties
6.2.2. ai:computing-device
INHERITS: ai:it-asset
DEFINITION: Captures identifying information about a computing
device.
Montville Expires March 27, 2013 [Page 23]
�
Internet-Draft SACM Asset Identification September 2012
+--------------------+----------------+-----+-----------------------+
| Name | Type | Cnt | Definition |
+--------------------+----------------+-----+-----------------------+
| distinguished-name | literal - | 0-1 | The X.500 |
| | token | | distinguished name of |
| | | | the computing device |
| | | | being identified. |
| | | | |
| cpe | literal - | 0-n | The Common Platform |
| | ai:cpe | | Enumeration name for |
| | | | the computing device |
| | | | being identified. |
| | | | This MUST be a |
| | | | hardware CPE. This |
| | | | MUST be a CPE 2.2 URI |
| | | | [CPE22] or CPE 2.3 |
| | | | formatted string |
| | | | [CPE23]. |
| | | | |
| connections | elements - | 0-1 | Information about a |
| | ai:connections | | network interface on |
| | | | the computing device |
| | | | being identified. |
| | | | |
| fqdn | literal - | 0-1 | The fully-qualified |
| | token | | domain name for the |
| | | | computing device |
| | | | being identified. |
| | | | |
| hostname | literal - | 0-1 | The hostname of the |
| | token | | computing device. |
| | | | |
| motherboard-guid | literal - | 0-1 | The motherboard |
| | string | | globally unique |
| | | | identifier of the |
| | | | computing device. |
+--------------------+----------------+-----+-----------------------+
Table 4: ai:computing-device Properties
6.2.3. ai:data
INHERITS: ai:asset
DEFINITION: A generic element to describe any type of data. Since
this element is generic it does not define any of its own
properties, but instead relies solely on the properties
inherited from asset.
Montville Expires March 27, 2013 [Page 24]
�
Internet-Draft SACM Asset Identification September 2012
+--------------+----------------------+-----+-----------------------+
| Name | Type | Cnt | Definition |
+--------------+----------------------+-----+-----------------------+
| synthetic-id | element-synthetic-id | 0-n | Holds the synthetic |
| | | | ID information for |
| | | | the asset. |
| | | | |
| N/A | N/A | N/A | N/A |
+--------------+----------------------+-----+-----------------------+
Table 5: ai:data Properties
6.2.4. ai:database
INHERITS: ai:it-asset
DEFINITION: Captures identifying information about a database.
+---------------+---------------+-----+-----------------------------+
| Name | Type | Cnt | Definition |
+---------------+---------------+-----+-----------------------------+
| instance-name | literal - | 0-1 | The name of the database |
| | token | | instance. |
+---------------+---------------+-----+-----------------------------+
Table 6: ai:database Properties
6.2.5. ai:network
INHERITS: ai:it-asset
DEFINITION: Captures identifying information about a network.
+--------------+------------------+---------------+-----------------+
| Name | Type | Cnt | Definition |
+--------------+------------------+---------------+-----------------+
| network-name | literal - | 0-1 | The name of the |
| | normalizedString | | network being |
| | | | identified. |
| | | | |
| ip-net-range | element - | 0-1 (if | The starting |
| | ip-net-range | ip-net-range, | and ending IP |
| | | then not | addresses for |
| | | cidr) | the range of IP |
| | | | addresses for |
| | | | the network |
| | | | being |
| | | | identified. |
Montville Expires March 27, 2013 [Page 25]
�
Internet-Draft SACM Asset Identification September 2012
| cidr | literal - token | 0-1 (if cidr, | The Classless |
| | | then not | Inter-Domain |
| | | ip-net-range) | Routing |
| | | | information for |
| | | | the network |
| | | | being |
| | | | identified. |
+--------------+------------------+---------------+-----------------+
Table 7: ai:network Properties
6.2.6. ai:organization
INHERITS: ai:asset
DEFINITION: Captures identifying information about an organization.
+-------------------+-------------------+-----+---------------------+
| Name | Type | Cnt | Definition |
+-------------------+-------------------+-----+---------------------+
| xnl:OrganisationN | element - | 0-n | The name of the |
| ameDetails | xnl:OrganisationN | | organization being |
| | ameDetails | | identified. See |
| | | | [xNL] for details |
| | | | on populating this |
| | | | element |
| | | | |
| email-address | literal - token | 0-n | An email address |
| | | | associated with the |
| | | | organization being |
| | | | identified. |
| | | | |
Montville Expires March 27, 2013 [Page 26]
�
Internet-Draft SACM Asset Identification September 2012
| telephone-number | literal - token | 0-n | A phone number |
| | | | associated with the |
| | | | organization being |
| | | | identified. For a |
| | | | North American |
| | | | number, the number |
| | | | MUST be valid and |
| | | | the format MUST be |
| | | | XXX- XXX-XXXX where |
| | | | X is a digit. For |
| | | | an international |
| | | | number, the number |
| | | | MUST begin with a |
| | | | '+' symbol, |
| | | | followed by 7 to 15 |
| | | | digits. A space |
| | | | MAY be used between |
| | | | digits, as |
| | | | appropriate. For |
| | | | example: +88 888 |
| | | | 888 8 (this is |
| | | | following the ITU-T |
| | | | E.123 notation). |
| | | | Regex: |
| | | | (([2-9][0-8]\d-[2-9 |
| | | | ]\d{2}-[0- |
| | | | 9]{4})|(\+([0-9] |
| | | | ?){6,14}[0-9])) |
| | | | |
| website-url | literal - URL | 0-n | A website |
| | | | associated with the |
| | | | organization being |
| | | | identified. |
+-------------------+-------------------+-----+---------------------+
Table 8: ai:organization Properties
6.2.7. ai:person
INHERITS: ai:asset
DEFINITION: Captures identifying information about a person.
Montville Expires March 27, 2013 [Page 27]
�
Internet-Draft SACM Asset Identification September 2012
+----------------+--------------+-----+-----------------------------+
| Name | Type | Cnt | Definition |
+----------------+--------------+-----+-----------------------------+
| xnl:PersonName | element - | 0-1 | The name of the person |
| | xnl:PersonNa | | being identified. The |
| | me | | element type is defined in |
| | | | [xNL] and SHALL be used as |
| | | | documented in that |
| | | | specification. |
| | | | |
| email-address | literal - | 0-n | An email address associated |
| | token | | with the person being |
| | | | identified. |
| | | | |
| telephone-numb | literal - | 0-n | A phone number associated |
| er | token | | with the person being |
| | | | identified. For a North |
| | | | American number, the number |
| | | | MUST be valid and the |
| | | | format MUST be XXX- |
| | | | XXX-XXXX where X is a |
| | | | digit. For an |
| | | | international number, the |
| | | | number MUST begin with a |
| | | | '+' symbol, followed by 7 |
| | | | to 15 digits. A space MAY |
| | | | be used between digits, as |
| | | | appropriate. For example: |
| | | | +88 888 888 8 (this is |
| | | | following the ITU-T E.123 |
| | | | notation). Regex: |
| | | | (([2-9][0-8]\d-[2-9]\d{2}-[ |
| | | | 0- 9]{4})|(\+([0-9] |
| | | | ?){6,14}[0-9])) |
| | | | |
| birthdate | literal - | 0-1 | The birth date of the |
| | date | | person being identified. |
+----------------+--------------+-----+-----------------------------+
Table 9: ai:person Properties
6.2.8. ai:service
INHERITS: ai:it-asset
Montville Expires March 27, 2013 [Page 28]
�
Internet-Draft SACM Asset Identification September 2012
DEFINITION: Captures identifying information about a service running
on a computing-device.
+------------+---------------+-----+--------------------------------+
| Name | Type | Cnt | Definition |
+------------+---------------+-----+--------------------------------+
| host | element - | 0-1 | The IP address or fully |
| | host | | qualified domain name of the |
| | | | host of the service. |
| | | | |
| port | literal - | 0-n | The port number that the |
| | integer | | service is bound to. |
| | | | Restricted to 0 <= x >= 65535 |
| | | | |
| port-range | element - | 0-n | The lower and upper bound |
| | ai:port-range | | (inclusive) of the range of |
| | | | ports the service is bound to. |
| | | | |
| protocol | literal - | 0-1 | The protocol used to interact |
| | string | | with the service (e.g., HTTP, |
| | | | JMS, SSH, FTP). |
+------------+---------------+-----+--------------------------------+
Table 10: ai:service Properties
6.2.9. ai:software
INHERITS: ai:it-asset
DEFINITION: Captures identifying information about a class of
software or a software instance.
+-----------------+---------+-----+---------------------------------+
| Name | Type | Cnt | Definition |
+-----------------+---------+-----+---------------------------------+
| installation-id | literal | 0-1 | Any identifier for a software |
| | - token | | instance (installation). Use |
| | | | when identifying an instance of |
| | | | software and not just the class |
| | | | of software. |
| | | | |
| cpe | literal | 0-1 | The Common Platform Enumeration |
| | - | | name for the class of software |
| | ai:cpe | | being identified. This MUST be |
| | | | a software CPE. This MUST be a |
| | | | CPE 2.2 URI [CPE22] or CPE 2.3 |
| | | | formatted string [CPE23]. |
| | | | |
Montville Expires March 27, 2013 [Page 29]
�
Internet-Draft SACM Asset Identification September 2012
| license | literal | 0-n | The license key associated with |
| | - | | the software instance |
| | string | | (installation). Use when |
| | | | identifying an instance of |
| | | | software and not just the class |
| | | | of software. |
+-----------------+---------+-----+---------------------------------+
Table 11: ELEMENT NAME PROPERTIES
6.2.10. ai:system
INHERITS: parent
DEFINITION: definition text.
+-------------+---------+-----+-------------------------------------+
| Name | Type | Cnt | Definition |
+-------------+---------+-----+-------------------------------------+
| system-name | literal | 0-n | The name of the system being |
| | - token | | identified. This property can be |
| | | | replicated as systems may have |
| | | | multiple, or abbreviated, names. |
| | | | All of the names (including |
| | | | acronyms) MAY be captured here. |
| | | | |
| version | literal | 0-1 | The version of the system being |
| | - token | | identified. |
+-------------+---------+-----+-------------------------------------+
Table 12: ai:system Properties
6.2.11. ai:website
INHERITS: parent
DEFINITION: definition text.
+-------------+--------+-----+--------------------------------------+
| Name | Type | Cnt | Definition |
+-------------+--------+-----+--------------------------------------+
| document-ro | litera | 0-1 | The absolute path to the document |
| ot | l- | | root location of the website on the |
| | token | | host. |
| | | | |
Montville Expires March 27, 2013 [Page 30]
�
Internet-Draft SACM Asset Identification September 2012
| locale | litera | 0-1 | The locale of the website |
| | l- | | represented as an RFC 5646 language, |
| | token | | and optionally, region code. |
| | | | Language and region codes SHOULD be |
| | | | in the Internet Assigned Numbers |
| | | | Authority (IANA) Language Subtag |
| | | | Registry [ILSR]. Regex: |
| | | | [a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3} |
| | | | ))? |
+-------------+--------+-----+--------------------------------------+
Table 13: ai:website Properties
6.3. Helper Elements
6.3.1. ai:synthetic-id
INHERITS: N/A
DEFINITION: Holds the synthetic identifier information for an asset.
+----------+----------+-----+---------------------------------------+
| Name | Type | Cnt | Definition |
+----------+----------+-----+---------------------------------------+
| resource | literal | 1 | A URI for the namespace in which the |
| | - URI | | identifier is governed and unique. |
| | | | |
| id | literal | 1 | The unique identifier for the asset |
| | - token | | within the resource namespace. |
+----------+----------+-----+---------------------------------------+
Table 14: ai:synthetic-id Properties
6.3.2. ai:connections
INHERITS: N/A
DEFINITION: Contains a list of ai:connection elements.
+------------+---------------+-----+--------------------------------+
| Name | Type | Cnt | Definition |
+------------+---------------+-----+--------------------------------+
| connection | element - | 1-n | Information about a network |
| | ai:connection | | interface on the computing |
| | | | device being identified. |
+------------+---------------+-----+--------------------------------+
Table 15: ai:connections Properties
Montville Expires March 27, 2013 [Page 31]
�
Internet-Draft SACM Asset Identification September 2012
6.3.3. ai:connection
INHERITS: N/A
DEFINITION: Contains information relevant to a single connection to
a network. If multiple IP addresses map to the same MAC
address, each ai:connection SHALL represent a single MAC
address-IP address pair.
+----------+-------------+-----+------------------------------------+
| Name | Type | Cnt | Definition |
+----------+-------------+-----+------------------------------------+
| ip-addre | literal-tok | 0-1 | The IP address for the connection. |
| ss | en | | IPv4 Regex: |
| | | | ([0-9]|[1-9][0-9]|1([0-9][0-9])|2( |
| | | | [0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]|1( |
| | | | [0-9][0-9])|2([0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]|1 |
| | | | ([0-9][0-9])|2([0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]| |
| | | | 1([0-9][0-9])|2([0-4][0- 9]|5[0-5] |
| | | | )) IPv6 Regex: |
| | | | ([0-9a-fA-F]{1,4}:){7}[0-9a-fA |
| | | | -F]{1,4} |
| | | | |
| mac-addr | literal - | 0-1 | The Media Access Control address |
| ess | ai:mac-addr | | for the network interface. Regex: |
| | ess-type | | ([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2} |
| | | | |
| url | literal - | 0-n | A Universal Resource Locator |
| | URL | | address for the network interface. |
| | | | |
| subnet-m | literal - | 0-1 | The subnet mask for the |
| ask | token | | connection. IPv4 Regex: |
| | | | ([0-9]|[1-9][0-9]|1([0-9][0-9])|2( |
| | | | [0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]|1( |
| | | | [0-9][0-9])|2([0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]|1 |
| | | | ([0-9][0-9])|2([0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]| |
| | | | 1([0-9][0-9])|2([0-4][0- 9]|5[0-5] |
| | | | )) IPv6 Regex: |
| | | | ([0-9a-fA-F]{1,4}:){7}[0-9a-fA |
| | | | -F]{1,4} |
| | | | |
Montville Expires March 27, 2013 [Page 32]
�
Internet-Draft SACM Asset Identification September 2012
| default- | literal - | 0-1 | The IP address for the default |
| route | token | | gateway for the connection. IPv4 |
| | | | Regex: |
| | | | ([0-9]|[1-9][0-9]|1([0-9][0-9])|2( |
| | | | [0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]|1( |
| | | | [0-9][0-9])|2([0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]|1 |
| | | | ([0-9][0-9])|2([0-4][0- |
| | | | 9]|5[0-5]))\.([0-9]|[1-9][0-9]| |
| | | | 1([0-9][0-9])|2([0-4][0- 9]|5[0-5] |
| | | | )) IPv6 Regex: |
| | | | ([0-9a-fA-F]{1,4}:){7}[0-9a-fA |
| | | | -F]{1,4} |
+----------+-------------+-----+------------------------------------+
Table 16: ELEMENT NAME PROPERTIES
6.3.4. ai:locations
INHERITS: N/A
DEFINITION: Contains a geographic coordinate system point.
+----------+---------------------+-----+----------------------------+
| Name | Type | Cnt | Definition |
+----------+---------------------+-----+----------------------------+
| location | element - one of: | 1-n | ai:location is an abstract |
| | location-point, | | element that is the root |
| | location-region, | | of the substitution group |
| | location-address | | for the elements listed in |
| | (type | | the type field. Use one |
| | xal:AddressDetails) | | of those to describe the |
| | | | location of the asset. |
| | | | xal:AddressDetails is |
| | | | defined in [xAL]. |
+----------+---------------------+-----+----------------------------+
Table 17: ai:locations Properties
6.3.5. ai:location-point
INHERITS: N/A
DEFINITION: Contains a geographic coordinate system point.
Montville Expires March 27, 2013 [Page 33]
�
Internet-Draft SACM Asset Identification September 2012
+-----------+---------+-----+---------------------------------------+
| Name | Type | Cnt | Definition |
+-----------+---------+-----+---------------------------------------+
| latitude | literal | 1 | The latitude of the point represented |
| | - | | as a number between -90 and 90. 90 = |
| | number | | 90oN, -90 = 90oS. Value constraint: |
| | | | -90 <= x <= 90 |
| | | | |
| longitude | literal | 1 | The longitude of the point |
| | - | | represented as a number between -180 |
| | number | | and 180. 180 = 180oE, -180 = 180oW. |
| | | | Value constraint: -180 < x <= 180 |
| | | | |
| elevation | literal | 0-1 | The elevation of the point |
| | - | | represented in meters above sea |
| | number | | level. A negative number would |
| | | | indicate below sea level. |
| | | | |
| radius | literal | 0-1 | The radius of a horizontal circle |
| | - | | centered on the point within which |
| | number | | the asset resides. Value constraint: |
| | | | x >= 0 |
+-----------+---------+-----+---------------------------------------+
Table 18: ai:location-point Properties
6.3.6. ai:location-region
INHERITS: N/A
DEFINITION: Contains region information.
+-------------+-------------------------+-----+---------------------+
| Name | Type | Cnt | Definition |
+-------------+-------------------------+-----+---------------------+
| region-name | literal - | 1 | The name of the |
| | normalizedString | | region. |
+-------------+-------------------------+-----+---------------------+
Table 19: ai:location-region Properties
6.3.7. ai:ip-range
INHERITS: N/A
Montville Expires March 27, 2013 [Page 34]
�
Internet-Draft SACM Asset Identification September 2012
DEFINITION: Contains a start and end IP address to create a range.
+--------------------+-----------------+-----+----------------------+
| Name | Type | Cnt | Definition |
+--------------------+-----------------+-----+----------------------+
| ip-net-range-start | element - | 1 | The start IP address |
| | ai:ip-address | | of the range |
| | | | |
| ip-net-range-end | element - | 1 | The end IP address |
| | ai:ip-address | | of the range. |
+--------------------+-----------------+-----+----------------------+
Table 20: ELEMENT NAME PROPERTIES
6.3.8. ai:ip-address
INHERITS: N/A
DEFINITION: Contains an IP address.
+-----+-------+-----+-----------------------------------------------+
| Nam | Type | Cnt | Definition |
| e | | | |
+-----+-------+-----+-----------------------------------------------+
| ip- | liter | 0-1 | An IP v4 address. Regex: |
| v4 | al - | | ([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]| |
| | toke | | 5[0- |
| | n | | 5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4 |
| | | | ][0-9]|5[0- |
| | | | 5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0- |
| | | | 4][0-9]|5[0- |
| | | | 5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0 |
| | | | -4][0-9]|5[0-5])) |
| | | | |
| ip- | liter | 0-1 | An IP v6 address. Regex: |
| v6 | al - | | ([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4} |
| | toke | | |
| | n | | |
+-----+-------+-----+-----------------------------------------------+
Table 21: ai:ip-address Properties
6.3.9. ai:port-range
Montville Expires March 27, 2013 [Page 35]
�
Internet-Draft SACM Asset Identification September 2012
INHERITS: N/A
DEFINITION: Contains a start and end port number to create a range..
+-------------+---------+-----+-------------------------------------+
| Name | Type | Cnt | Definition |
+-------------+---------+-----+-------------------------------------+
| lower-bound | literal | 1 | The lower bound (inclusive) of the |
| | - token | | range of ports. Restricted to 0 <= |
| | | | x <= 65535 |
| | | | |
| upper-bound | literal | 1 | The lower bound (inclusive) of the |
| | - token | | range of ports. Restricted to 0 <= |
| | | | x <= 65535. MUST be greater than |
| | | | lower-bound. |
+-------------+---------+-----+-------------------------------------+
Table 22: ai:port-range Properties
6.3.10. ai:host
INHERITS: N/A
DEFINITION: Holds a fully-qualified domain name or an IP address.
+------------+---------------+-------------+------------------------+
| Name | Type | Cnt | Definition |
+------------+---------------+-------------+------------------------+
| fqdn | literal - | 1 (if not | The fully-qualified |
| | token | ip-address) | domain name of the |
| | | | host. One of fqdn or |
| | | | ip-address must be |
| | | | specified |
| | | | |
| ip-address | element - | 1 (if not | The IP address of the |
| | ai:ip-address | fqdn) | host. One of fqdn or |
| | | | ip- address must be |
| | | | specified. |
+------------+---------------+-------------+------------------------+
Table 23: ai:host Properties
6.3.11. ai:cpe
Montville Expires March 27, 2013 [Page 36]
�
Internet-Draft SACM Asset Identification September 2012
INHERITS: N/A
DEFINITION: A CPE 2.2 URI [CPE22] or CPE 2.3 formatted string
[CPE23].
+------+------+-----+------------+
| Name | Type | Cnt | Definition |
+------+------+-----+------------+
| N/A | N/A | N/A | N/A |
+------+------+-----+------------+
Table 24: ai:cpe Properties
6.3.12. Relating Assets to Other Assets
While the assets modeled in Section 6.2, and their related elements,
capture the literal values helpful for identifying the respective
assets, it is often useful or necessary to define one or more
relationships between assets. Those relationships can give
additional context to the identifying algorithm in the implementing
tool.
The Asset Identification data model allows for explicit relationships
to be defined between an asset and one or more other assets. Each
relationship is defined as {subject} {predicate} {object}, where
{subject} is the asset from which the relationship begins,
{predicate} is the relationship type being established, and {object}
is one or more other assets. The predicate MUST be a qualified name
that refers to a term in a controlled vocabulary. Section 6.4.1
documents the data model to represent assets along with
relationships. Section 6.4.2 defines terms in a controlled
vocabulary for Asset Identification.
6.3.12.1. Relationship Data Model
Asset Identification defines two elements that can be leveraged by
specifications desiring to represent Asset Identification
information. The first element, ai:asset-related, SHOULD be
leveraged when the implementing specification desires to identify a
single asset while demonstrating relationships between that asset and
other assets. The second element, ai:assets, SHOULD be leveraged
when the implementing specification desires to identify multiple
assets while documenting the relationships between those assets and
other assets. The two elements are documented in the following
tables.
Montville Expires March 27, 2013 [Page 37]
�
Internet-Draft SACM Asset Identification September 2012
6.3.12.1.1. ai:asset-related
INHERITS: N/A
DEFINITION: Identifies a single asset while capturing the
relationships between that asset and other assets.
+---------------+--------------------+-----+------------------------+
| Name | Type | Cnt | Definition |
+---------------+--------------------+-----+------------------------+
| asset-ref | literal - NCName | 1 | Contains the ID value |
| | | | of an ai:asset found |
| | | | on this |
| | | | ai:asset-related |
| | | | element. The asset |
| | | | referenced from this |
| | | | property is the |
| | | | primary asset of this |
| | | | element and SHALL be |
| | | | understood to be the |
| | | | asset being identified |
| | | | by this |
| | | | ai:asset-related |
| | | | element. |
| | | | |
| relationships | element - | 0-1 | Contains the |
| | core:relationships | | relationships between |
| | | | assets identified in |
| | | | this element. |
| | | | |
| asset | element - ai:asset | 1-n | The assets captured in |
| | | | this element. This |
| | | | includes at minimum |
| | | | the primary asset |
| | | | referenced in |
| | | | asset-ref, as well as |
| | | | any additional assets |
| | | | that the primary asset |
| | | | is related to through |
| | | | a relationship. |
+---------------+--------------------+-----+------------------------+
Table 25: ai:asset-related Properties
Montville Expires March 27, 2013 [Page 38]
�
Internet-Draft SACM Asset Identification September 2012
6.3.12.1.2. ai:assets
INHERITS: N/A
DEFINITION: Identifies multiple assets as well as the relationships
between the assets.
+---------------+--------------------+-----+------------------------+
| Name | Type | Cnt | Definition |
+---------------+--------------------+-----+------------------------+
| relationships | element - | 0-1 | Contains the |
| | core:relationships | | relationships between |
| | | | assets identified in |
| | | | this element |
| | | | |
| asset | element - ai:asset | 1-n | The assets captured in |
| | | | this element. |
+---------------+--------------------+-----+------------------------+
Table 26: ai:assets Properties
6.3.12.1.3. core:relationships
INHERITS: N/A
DEFINITION: Contains a collection of relationships between the
report content and assets, report requests, and other reports.
+--------------+-------------------+-----+--------------------------+
| Name | Type | Cnt | Definition |
+--------------+-------------------+-----+--------------------------+
| relationship | element - | 1-n | Contains a relationship |
| | core:relationship | | between the subject and |
| | | | object(s) assets. |
+--------------+-------------------+-----+--------------------------+
Table 27: ELEMENT NAME PROPERTIES
6.3.12.1.4. core:relationship
INHERITS: N/A
DEFINITION: Contains a relationship between the subject and
object(s) assets.
Montville Expires March 27, 2013 [Page 39]
�
Internet-Draft SACM Asset Identification September 2012
+---------+---------+-----+-----------------------------------------+
| Name | Type | Cnt | Definition |
+---------+---------+-----+-----------------------------------------+
| ref | literal | 1-n | This element MUST identify the object |
| | - | | of this relationship by specifying the |
| | NCName | | ID of the asset. Depending on the type |
| | | | of relationship being asserted, there |
| | | | may be additional restrictions on which |
| | | | types of objects may be referenced, but |
| | | | that will be documented with the |
| | | | vocabulary term. |
| | | | |
| type | literal | 1 |  This element contains the type |
| | - QName | | of relationship that is being |
| | | | specified. The QName MUST refer to a |
| | | | term in a controlled vocabulary. The |
| | | | controlled vocabulary is identified by |
| | | | the namespace URI of the QName, and the |
| | | | term in that controlled vocabulary is |
| | | | specified by the local name of the |
| | | | QName. It is helpful, though not |
| | | | required, that when the namespace URI |
| | | | and local name are concatenated, the |
| | | | resulting URI is dereferenceable and |
| | | | points to a location that defines the |
| | | | term. |
| | | | |
| scope | literal | 0-1 | Determines how to interpret multiple |
| | - token | | ref elements in a relationship. If |
| | | | used, this element MUST contain the |
| | | | string "inclusive" or "exclusive". |
| | | | When this element is not provided, its |
| | | | default value is "inclusive". When |
| | | | "inclusive" is specified, this |
| | | | relationship should be understood to |
| | | | exist between the subject asset and the |
| | | | collection of objects identified by the |
| | | | ref elements on this relationship. |
| | | | When "exclusive" is specified, this |
| | | | relationship should be understood to |
| | | | exist between the subject asset and |
| | | | each object asset identified by the ref |
| | | | elements individually. |
| | | | |
Montville Expires March 27, 2013 [Page 40]
�
Internet-Draft SACM Asset Identification September 2012
| subject | literal | 1 | The property MUST identify the subject |
| | - | | of the relationship by specifying the |
| | NCName | | ID of the asset. Depending on the type |
| | | | of relationship being asserted, there |
| | | | may be additional restrictions on which |
| | | | type of asset may be referenced, but |
| | | | that will be documented with the |
| | | | vocabulary term. |
+---------+---------+-----+-----------------------------------------+
Table 28: core:relationship Properties
6.3.12.2. Relationship Types
Defined below are terms in a controlled vocabulary for Asset
Identification. It is OPTIONAL that content producers use the terms
defined below, but all Asset Identification compliant implementations
MUST understand the terms defined in this section. Content producers
SHOULD use these terms when possible.
All terms listed in Table 29 exist in the controlled vocabulary
identified by
http://scap.nist.gov/specifications/ai/vocabulary/relationships/1.0#.
The definition of each term can also be found at the URL created when
concatenating the URL and the term together. The table MUST be
interpreted as follows:
o The "Term" column indicates the local-name of the term being
identified.
o The "Domain" column indicates the exhaustive set of subject types
that may be referenced by a relationship of that type. A
relationship of that type MUST reference a subject of the type
indicated in "Domain" for that relationship.
o The "Range" column indicates the exhaustive set of object types
that may be referenced by a relationship of that type. A
relationship of that type MUST reference an object of the type
indicated in "Range" for that relationship.
o The "Description" column contains a prose description of the
relationship type. This column may contain requirement words as
indicated in [RFC 2119]. Those requirement words MUST be
interpreted as described in [RFC 2119] for the relationship.
Montville Expires March 27, 2013 [Page 41]
�
Internet-Draft SACM Asset Identification September 2012
+--------------------+----------------+----------------+------------+
| Term | Domain | Range | Descriptio |
| | | | n |
+--------------------+----------------+----------------+------------+
| hasTerminationDevi | ai:circuit | ai:computing-d | The |
| ce | | evice | circuit is |
| | | | terminated |
| | | | by the |
| | | | device |
| | | | |
| hasServiceProvider | ai:circuit | ai:organizatio | The |
| | | n | circuit is |
| | | | owner/oper |
| | | | ated by th |
| | | | eorganizat |
| | | | ion. |
| | | | |
| hasNetworkTerminat | ai:circuit | ai:network | The |
| ionPoint | | | circuit |
| | | | ends at |
| | | | the |
| | | | network. |
| | | | |
| servedBy | ai:database, | ai:service | The |
| | ai:website | | database |
| | | | or website |
| | | | is served |
| | | | up by the |
| | | | service. |
| | | | |
| hasServiceProvider | ai:service | ai:software | The |
| | | | service is |
| | | | provided |
| | | | by the |
| | | | software. |
| | | | |
| installedOnDevice | ai:software | ai:computing-d | The |
| | | evice | software |
| | | | is |
| | | | installed |
| | | | on the |
| | | | computing |
| | | | device. |
| | | | |
Montville Expires March 27, 2013 [Page 42]
�
Internet-Draft SACM Asset Identification September 2012
| connectedToNetwork | ai:system | ai:network | The system |
| | | | is |
| | | | connected |
| | | | to the |
| | | | network. |
| | | | |
| isOwnerOf | ai:person, | ai:it-asset | The person |
| | ai:organizatio | | or |
| | n | | organizati |
| | | | on owns th |
| | | | eIT asset. |
| | | | |
| isAdministratorOf | ai:person | ai:computing-d | The person |
| | | evice, | is the |
| | | ai:system | system |
| | | | administra |
| | | | tor of the |
| | | | computing |
| | | | device or |
| | | | system. |
| | | | |
| partOf | ai:person | ai:organizatio | The person |
| | | n | is in some |
| | | | way a part |
| | | | of the |
| | | | organizati |
| | | | on. |
| | | | |
| connectedTo | ai:computing-d | ai:system | The |
| | evice, | | computing |
| | ai:system | | device or |
| | | | system is |
| | | | connected |
| | | | to the |
| | | | system. |
+--------------------+----------------+----------------+------------+
Table 29: Controlled Vocabulary Defined for Asset Identification
Content producers that choose to use terms that are not listed in
Table 6-29, or to use other terms in addition to those listed in
Table 6-29, MAY do so while still remaining compliant to this
specification. Content producers SHALL always use terms defined in a
controlled vocabulary. The controlled vocabulary SHALL be identified
using a URI. Concatenating the controlled vocabulary URI with a term
in the vocabulary MAY create a dereferencable URI that points to a
definition for that term. This is often accomplished by using an
HTTP URL for the controlled vocabulary URI, and ending that URL in
Montville Expires March 27, 2013 [Page 43]
�
Internet-Draft SACM Asset Identification September 2012
"#" or "/". For instance, http://scap.nist.gov/specifications/ai/
vocabulary/relationships/1.0#installedOnDevice is a deferenceable
link to the definition of "installedOnDevice".
6.3.13. Guidance for Incorporating Asset Identification Elements into
Other Data Models
The following guidance applies when incorporating the Asset
Identification data model into other data models.
o If the target data model needs to include a list of assets and the
associated relationships between the assets, then the ai:assets
element SHOULD be included in the target data model. This will be
the case when the target data model will make explicit references
to assets in the asset list.
o If the target data model needs to include a single asset, but
other assets are needed to help identify that asset, then the ai:
asset-related element SHOULD be included in the target data model.
The @asset-ref attribute on ai:asset-related SHALL refer to the
specific asset that is being identified.
o If the target data model needs to include only a single asset, and
no relationships are needed to identify that asset, then the
element defining the asset MAY be included in the target data
model. While this is allowed, it is preferred that the ai:asset-
related element be included instead.
Montville Expires March 27, 2013 [Page 44]
�
Internet-Draft SACM Asset Identification September 2012
7. Asset Identification Schema
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
xmlns:core="http://scap.nist.gov/schema/reporting-core/1.1"
xmlns:xal="urn:oasis:names:tc:ciq:xsdschema:xAL:2.0"
xmlns:xnl="urn:oasis:names:tc:ciq:xsdschema:xNL:2.0"
targetNamespace="http://scap.nist.gov/schema/asset-identification/1.1"
elementFormDefault="qualified" attributeFormDefault="unqualified"
version="1.1.1" xmlns:cpe-name="http://cpe.mitre.org/naming/2.0">
<xs:annotation>
<xs:appinfo>
<schema>Asset Identification</schema>
<author>David Waltermire, Adam Halbardier, John Wunder</author>
<version>1.1.1</version>
<date>2012-02-13</date>
</xs:appinfo>
</xs:annotation>
<xs:import namespace="urn:oasis:names:tc:ciq:xsdschema:xAL:2.0"
schemaLocation="http://docs.oasis-open.org/election/external/xAL.xsd" />
<xs:import namespace="urn:oasis:names:tc:ciq:xsdschema:xNL:2.0"
schemaLocation="http://docs.oasis-open.org/election/external/xNL.xsd" />
<xs:import namespace="http://scap.nist.gov/schema/reporting-core/1.1"
schemaLocation="http://scap.nist.gov/schema/reporting-core/1.1/reporting-core_1.1.0.xsd" />
<xs:import namespace="http://cpe.mitre.org/naming/2.0"
schemaLocation="http://scap.nist.gov/schema/cpe/2.3/cpe-naming_2.3.xsd" />
<!--The following elements are first-order citizens of this model-->
<xs:element name="asset-related" type="ai:asset-identification-type">
<xs:key name="assetRelKey">
<xs:selector xpath="ai:asset" />
<xs:field xpath="@id" />
</xs:key>
<xs:keyref refer="ai:assetRelKey" name="assetRelKeyRef">
<xs:selector xpath="." />
<xs:field xpath="@asset-ref" />
</xs:keyref>
<xs:keyref refer="ai:assetRelKey" name="assetRelRefSubjKeyRef">
<xs:selector xpath="core:relationships/core:relationship" />
<xs:field xpath="@subject" />
</xs:keyref>
<xs:keyref refer="ai:assetRelKey" name="assetRelRefObjKeyRef">
<xs:selector xpath="core:relationships/core:relationship/core:ref" />
<xs:field xpath="." />
</xs:keyref>
Montville Expires March 27, 2013 [Page 45]
�
Internet-Draft SACM Asset Identification September 2012
</xs:element>
<xs:complexType name="asset-identification-type">
<xs:complexContent>
<xs:extension base="ai:assets-type">
<xs:attribute name="asset-ref" type="xs:NCName" use="required"
/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:element name="assets" type="ai:assets-type">
<xs:key name="assetsRelKey">
<xs:selector xpath="ai:asset" />
<xs:field xpath="@id" />
</xs:key>
<xs:keyref refer="ai:assetsRelKey" name="assetsRelRefSubjKeyRef">
<xs:selector xpath="core:relationships/core:relationship" />
<xs:field xpath="@subject" />
</xs:keyref>
<xs:keyref refer="ai:assetsRelKey" name="assetsRelRefObjKeyRef">
<xs:selector xpath="core:relationships/core:relationship/core:ref" />
<xs:field xpath="." />
</xs:keyref>
</xs:element>
<xs:complexType name="assets-type">
<xs:complexContent>
<xs:extension base="core:relationships-container-type">
<xs:sequence>
<xs:element name="asset" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element ref="ai:asset" />
</xs:sequence>
<xs:attribute name="id" type="xs:NCName" use="required">
<xs:annotation>
<xs:documentation>An internal ID to identify this
asset.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:anyAttribute namespace="##other">
<xs:annotation>
<xs:documentation>A placeholder so that content
creators can add attributes as
desired.</xs:documentation>
</xs:annotation>
</xs:anyAttribute>
</xs:complexType>
</xs:element>
</xs:sequence>
Montville Expires March 27, 2013 [Page 46]
�
Internet-Draft SACM Asset Identification September 2012
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:element name="asset" type="ai:asset-type" abstract="true">
<xs:annotation>
<xs:documentation>Holds identifying attributes that are common to
all assets.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="it-asset" type="ai:it-asset-type" abstract="true"
substitutionGroup="ai:asset">
<xs:annotation>
<xs:documentation>Holds identifying attributes that are common to
all IT assets</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="circuit" type="ai:circuit-type"
substitutionGroup="ai:it-asset">
<xs:annotation>
<xs:documentation>Holds identifying attributes for a
circuit.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="computing-device" type="ai:computing-device-type"
substitutionGroup="ai:it-asset">
<xs:annotation>
<xs:documentation>Holds identifying attributes for a computing
device.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="data" type="ai:data-type"
substitutionGroup="ai:asset">
<xs:annotation>
<xs:documentation>A stub element to represent the identification
of data. This element can be extended in the future for specific
types of data.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="database" substitutionGroup="ai:it-asset"
type="ai:database-type">
<xs:annotation>
<xs:documentation>Holds identifying attributes for a
database.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="network" type="ai:network-type"
substitutionGroup="ai:it-asset">
<xs:annotation>
Montville Expires March 27, 2013 [Page 47]
�
Internet-Draft SACM Asset Identification September 2012
<xs:documentation>Holds identifying attributes for a
network.</xs:documentation>
</xs:annotation>
</xs:element>
<!-- This element leverages the OASIS xNL specification which spells it as "organisation" -->
<xs:element name="organization" type="ai:organization-type"
substitutionGroup="ai:asset">
<xs:annotation>
<xs:documentation>Holds identifying attributes for an
organization.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="person" type="ai:person-type"
substitutionGroup="ai:asset">
<xs:annotation>
<xs:documentation>Holds identifying attributes for a
person.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="service" substitutionGroup="ai:it-asset"
type="ai:service-type">
<xs:annotation>
<xs:documentation>Holds identifying attributes for a
service.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="software" type="ai:software-type"
substitutionGroup="ai:it-asset">
<xs:annotation>
<xs:documentation>Holds identifying attributes for a software
installation</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="system" type="ai:system-type"
substitutionGroup="ai:it-asset">
<xs:annotation>
<xs:documentation>Holds identifying attributes for a
system.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="website" substitutionGroup="ai:it-asset"
type="ai:website-type">
<xs:annotation>
<xs:documentation>Holds identifying attributes for a
website.</xs:documentation>
</xs:annotation>
</xs:element>
<!--The following types correspond directly to the elements above-->
Montville Expires March 27, 2013 [Page 48]
�
Internet-Draft SACM Asset Identification September 2012
<xs:complexType name="asset-type" abstract="true">
<xs:sequence>
<xs:element ref="ai:synthetic-id" minOccurs="0"
maxOccurs="unbounded" />
<xs:element ref="ai:locations" minOccurs="0" />
<xs:element name="extended-information" minOccurs="0">
<xs:annotation>
<xs:documentation>This is a container to hold any addtional
identifying information for an asset, as specified by the
content creator.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:any namespace="##other" processContents="lax"
maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute ref="ai:timestamp" />
</xs:complexType>
<xs:complexType name="it-asset-type" abstract="true">
<xs:complexContent>
<xs:extension base="ai:asset-type" />
</xs:complexContent>
</xs:complexType>
<xs:complexType name="circuit-type">
<xs:complexContent>
<xs:extension base="ai:it-asset-type">
<xs:sequence>
<xs:element name="circuit-name" minOccurs="0">
<xs:annotation>
<xs:documentation>The common name for the
circult.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
Montville Expires March 27, 2013 [Page 49]
�
Internet-Draft SACM Asset Identification September 2012
</xs:complexType>
<xs:complexType name="computing-device-type">
<xs:complexContent>
<xs:extension base="ai:it-asset-type">
<xs:sequence>
<xs:element name="distinguished-name" minOccurs="0">
<xs:annotation>
<xs:documentation>The full X.500 distinguished name for
the device.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element ref="ai:cpe" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The hardware CPE name for the device
(CPE 2.2 URI or CPE 2.3 Formatted
String).</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="connections" minOccurs="0">
<xs:annotation>
<xs:documentation>The IP network interface connections
that exist for the device (regardless of if the network
interface is connected to a network or
not).</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="connection"
type="ai:network-interface-type" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>An IP network interface
connection.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" ref="ai:fqdn" />
<xs:element name="hostname" minOccurs="0">
Montville Expires March 27, 2013 [Page 50]
�
Internet-Draft SACM Asset Identification September 2012
<xs:annotation>
<xs:documentation>The hostname of the computing
device.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="ai:hostname-type">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" name="motherboard-guid">
<xs:annotation>
<xs:documentation>The motherboard globally unique
identifier of the computing device.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="data-type">
<xs:complexContent>
<xs:extension base="ai:asset-type" />
</xs:complexContent>
</xs:complexType>
<xs:complexType name="database-type">
<xs:complexContent>
<xs:extension base="ai:it-asset-type">
<xs:sequence>
<xs:element minOccurs="0" name="instance-name">
<xs:annotation>
<xs:documentation>The name of the database instance being
identified.</xs:documentation>
</xs:annotation>
<xs:complexType>
Montville Expires March 27, 2013 [Page 51]
�
Internet-Draft SACM Asset Identification September 2012
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="network-type">
<xs:complexContent>
<xs:extension base="ai:it-asset-type">
<xs:sequence>
<xs:element name="network-name" minOccurs="0">
<xs:annotation>
<xs:documentation>The name of the network as commonly
referred to.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:normalizedString">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:choice minOccurs="0">
<xs:element name="ip-net-range">
<xs:annotation>
<xs:documentation>The start and end IP addresses to
indicate the range of IP addresses covered by this
network.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="ip-net-range-start"
type="ai:ip-address-type">
<xs:annotation>
<xs:documentation>The starting IP address in the
network.</xs:documentation>
</xs:annotation>
</xs:element>
Montville Expires March 27, 2013 [Page 52]
�
Internet-Draft SACM Asset Identification September 2012
<xs:element name="ip-net-range-end"
type="ai:ip-address-type">
<xs:annotation>
<xs:documentation>The ending IP address in the
network.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="cidr">
<xs:annotation>
<xs:documentation>The classless inter-domain routing
notation for the network.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="ai:cidr-type">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:choice>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="organization-type">
<xs:complexContent>
<xs:extension base="ai:asset-type">
<xs:sequence>
<xs:element ref="xnl:OrganisationNameDetails" minOccurs="0"
maxOccurs="unbounded" />
<xs:element ref="ai:email-address" minOccurs="0"
maxOccurs="unbounded" />
<xs:element ref="ai:telephone-number" minOccurs="0"
maxOccurs="unbounded" />
<xs:element ref="ai:website-url" minOccurs="0"
maxOccurs="unbounded" />
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="person-type">
<xs:complexContent>
Montville Expires March 27, 2013 [Page 53]
�
Internet-Draft SACM Asset Identification September 2012
<xs:extension base="ai:asset-type">
<xs:sequence>
<xs:element ref="xnl:PersonName" minOccurs="0" />
<xs:element ref="ai:email-address" minOccurs="0"
maxOccurs="unbounded" />
<xs:element ref="ai:telephone-number" minOccurs="0"
maxOccurs="unbounded" />
<xs:element name="birthdate" minOccurs="0">
<xs:annotation>
<xs:documentation>The birthdate of the
person.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:date">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="service-type">
<xs:complexContent>
<xs:extension base="ai:it-asset-type">
<xs:sequence>
<xs:element minOccurs="0" name="host">
<xs:annotation>
<xs:documentation>The hostname or IP address where the
service is hosted.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:choice>
<xs:element ref="ai:fqdn" />
<xs:element ref="ai:ip-address" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="port" maxOccurs="unbounded" minOccurs="0">
<xs:annotation>
<xs:documentation>The port to which the service is
bound.</xs:documentation>
</xs:annotation>
<xs:complexType>
Montville Expires March 27, 2013 [Page 54]
�
Internet-Draft SACM Asset Identification September 2012
<xs:simpleContent>
<xs:extension base="ai:port-type">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="port-range" maxOccurs="unbounded"
minOccurs="0">
<xs:annotation>
<xs:documentation>The inclusive port range to which the
service is bound.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="lower-bound" type="ai:port-type"
use="required" />
<xs:attribute name="upper-bound" type="ai:port-type"
use="required" />
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:complexType>
</xs:element>
<xs:element name="protocol" minOccurs="0">
<xs:annotation>
<xs:documentation>The protocol used to interact with the
service.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="software-type">
<xs:complexContent>
<xs:extension base="ai:it-asset-type">
<xs:sequence>
Montville Expires March 27, 2013 [Page 55]
�
Internet-Draft SACM Asset Identification September 2012
<xs:element name="installation-id" minOccurs="0">
<xs:annotation>
<xs:documentation>Any identifier for the software instance
(installation)</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element ref="ai:cpe" minOccurs="0">
<xs:annotation>
<xs:documentation>The CPE name for the software (CPE 2.2
URI or CPE 2.3 Formatted String).</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="license" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The license key for the
software.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="system-type">
<xs:complexContent>
<xs:extension base="ai:it-asset-type">
<xs:sequence>
<xs:element name="system-name" minOccurs="0"
maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The name of the system. It is possible
Montville Expires March 27, 2013 [Page 56]
�
Internet-Draft SACM Asset Identification September 2012
that a system have multiple names, or even abbreviated
names. Each one of those names may be captured
here.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="version" minOccurs="0">
<xs:annotation>
<xs:documentation>The version of the
system.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="website-type">
<xs:complexContent>
<xs:extension base="ai:it-asset-type">
<xs:sequence>
<xs:element name="document-root" minOccurs="0">
<xs:annotation>
<xs:documentation>The absolute path to the document root
location of the website on the host.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
Montville Expires March 27, 2013 [Page 57]
�
Internet-Draft SACM Asset Identification September 2012
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="locale" minOccurs="0">
<xs:annotation>
<xs:documentation>The locale of the website represented as
an RFC 5646 language, and optionally, region
code.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="ai:locale-type">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!--The follow elements support the first-order citizen elements defined above-->
<xs:element name="cpe">
<xs:annotation>
<xs:documentation>A Common Platform Enumeration (CPE) name (CPE
2.2 URI or CPE 2.3 Formatted String).</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="ai:cpe-type">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="synthetic-id">
<xs:annotation>
<xs:documentation>Holds the synthetic ID for the
asset</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="resource" type="xs:anyURI" use="required">
<xs:annotation>
Montville Expires March 27, 2013 [Page 58]
�
Internet-Draft SACM Asset Identification September 2012
<xs:documentation>The namespace governing this synthetic
ID.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="id" type="xs:token" use="required">
<xs:annotation>
<xs:documentation>The ID of the asset within the resource
namespace.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="email-address">
<xs:annotation>
<xs:documentation>An email address</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="fqdn">
<xs:annotation>
<xs:documentation>The fully qualified domain name for the
object.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="ip-address" type="ai:ip-address-type">
<xs:annotation>
<xs:documentation>An IP address</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="location" abstract="true" />
<xs:element name="location-address" type="xal:AddressDetails"
Montville Expires March 27, 2013 [Page 59]
�
Internet-Draft SACM Asset Identification September 2012
substitutionGroup="ai:location">
<xs:annotation>
<xs:documentation>The address where an asset is
located.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="location-point" substitutionGroup="ai:location">
<xs:annotation>
<xs:documentation>The geographic point where an asset is
located.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="latitude" use="required">
<xs:annotation>
<xs:documentation>The latitude of the asset, defined between
-90 (90 degrees South, inclusive) and 90 (90 degrees North,
inclusive).</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:double">
<xs:minInclusive value="-90" />
<xs:maxInclusive value="90" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="longitude" use="required">
<xs:annotation>
<xs:documentation>The longitude of the asset, defined between
-180 (180 degrees West, exclusive) and 180 (180 degrees
East, inclusive).</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:double">
<xs:minExclusive value="-180" />
<xs:maxInclusive value="180" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="elevation" type="xs:double">
<xs:annotation>
<xs:documentation>The elevation of the asset, specified in
meters from sea level.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="radius">
<xs:annotation>
<xs:documentation>The radius of a horizontal circle centered
on the point within which the asset
Montville Expires March 27, 2013 [Page 60]
�
Internet-Draft SACM Asset Identification September 2012
resides.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:double">
<xs:minInclusive value="0" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:complexType>
</xs:element>
<xs:element name="location-region" substitutionGroup="ai:location">
<xs:annotation>
<xs:documentation>The region where an asset is
located.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:normalizedString">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="locations">
<xs:annotation>
<xs:documentation>One or more locations where this asset
resides</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="ai:location" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The base for a subtitution group for
elements that contain location
information.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="served-by" type="ai:service-type">
<xs:annotation>
<xs:documentation>The service that is serving up the
Montville Expires March 27, 2013 [Page 61]
�
Internet-Draft SACM Asset Identification September 2012
asset.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="telephone-number">
<xs:annotation>
<xs:documentation>The telephone number. For a North American
number, the number must be valid and the format must be
XXX-XXX-XXXX where X is a digit. For an international number,
the number must begin with a '+' symbol, followed by 7 to 15
digits. A space may be used between digits, as appropriate. For
example: +88 888 888 8 (this is following the ITU-T E.123
notation).</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="ai:telephone-number-type">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="website-url">
<xs:annotation>
<xs:documentation>The URL to the website.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:anyURI">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<!--The following types support the supporting elements above-->
<xs:attribute name="source" type="xs:string">
<xs:annotation>
<xs:documentation>Contains the source of the information. The
value of this field is left open to the content producer, but
MAY include a synthetic ID of the asset which sourced the
information, another ID of the source, or a description of the
source.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="timestamp" type="xs:dateTime">
Montville Expires March 27, 2013 [Page 62]
�
Internet-Draft SACM Asset Identification September 2012
<xs:annotation>
<xs:documentation>Indicates when the data was last known to be
correct.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:complexType name="ip-address-type">
<xs:sequence>
<xs:element name="ip-v4" minOccurs="0">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="ai:ipv4-type">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="ip-v6" minOccurs="0">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="ai:ipv6-type">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="network-interface-type">
<xs:sequence>
<xs:element ref="ai:ip-address" minOccurs="0">
<xs:annotation>
<xs:documentation>The IP address for this network
interface.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="mac-address" minOccurs="0">
<xs:annotation>
<xs:documentation>The MAC address associated with this network
interface.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="ai:mac-address-type">
<xs:attribute ref="ai:source" />
Montville Expires March 27, 2013 [Page 63]
�
Internet-Draft SACM Asset Identification September 2012
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="url" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>A URL in a relevant DNS server for this IP
address.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:anyURI">
<xs:attribute ref="ai:source" />
<xs:attribute ref="ai:timestamp" />
<xs:anyAttribute namespace="##other" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="subnet-mask" type="ai:ip-address-type"
minOccurs="0">
<xs:annotation>
<xs:documentation>The subnet mask address for this network
interface.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="default-route" type="ai:ip-address-type"
minOccurs="0">
<xs:annotation>
<xs:documentation>The IP address for the default gateway of
this connection.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="cidr-type">
<xs:restriction base="xs:token">
<xs:pattern
value="([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))/([0-9]|[1-2][0-9]|3[0-2])"
/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="cpe-type">
<xs:union memberTypes="cpe-name:cpe22Type cpe-name:cpe23Type" />
</xs:simpleType>
<xs:simpleType name="hostname-type">
Montville Expires March 27, 2013 [Page 64]
�
Internet-Draft SACM Asset Identification September 2012
<xs:restriction base="xs:token">
<xs:pattern value="[\w\-]+(\.[\w\-]+){0,}" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="ipv4-type">
<xs:restriction base="xs:token">
<xs:pattern
value="([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))"
/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="ipv6-type">
<xs:restriction base="xs:token">
<xs:pattern value="([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="locale-type">
<xs:restriction base="xs:token">
<xs:pattern value="[a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="mac-address-type">
<xs:restriction base="xs:token">
<xs:pattern value="([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="port-type">
<xs:restriction base="xs:integer">
<xs:minInclusive value="0" />
<xs:maxInclusive value="65535" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="telephone-number-type">
<xs:restriction base="xs:token">
<xs:pattern
value="(([2-9][0-8]\d-[2-9]\d{2}-[0-9]{4})|(\+([0-9] ?){6,14}[0-9]))"
/>
</xs:restriction>
</xs:simpleType>
</xs:schema>
Montville Expires March 27, 2013 [Page 65]
�
Internet-Draft SACM Asset Identification September 2012
8. IANA Considerations
This document uses URNs to describe an XML namespace and schema
conforming to a registry mechanism described in [RFC3688].
Registration for the IODEF namespace:
o URI: urn:ietf:params:xml:ns:asset-idetification-1.0
o Registrant Contact: See the first author of the "Author's Address"
section of this document.
o XML: None. Namespace URIs do not represent an XML specification.
o URI: urn:ietf:params:xml:schema:asset-identification-1.0
o Registrant Contact: see the first author of the "Author's Address"
section of this document.
o XML: See the "Asset Identification Schema" in ietf-montville-sacm-
asset-identification-00.
Montville Expires March 27, 2013 [Page 66]
�
Internet-Draft SACM Asset Identification September 2012
9. Security Considerations
As a data format, Asset Identification does not intrinsically have
any real security concerns - at least none are known at this time.
However, as a data format designed to be stored and transmitted
between entities within an enterprise, the fact of the matter is that
it SHOULD be used within a properly secured environment. Over time,
a significant amount of information valuable to attackers can be
gleaned from Asset Identification information (i.e. derived topology,
asset purpose and criticality, to name just two). Therefore, it is
recommended that use of Asset Identification expressions be performed
in environments providing communication security mechanisms supplying
the properties of confidentiality, data integrity, and non-
repudiation. For example, transmission over a properly configured
TLS connection would be better than being sent in the clear with no
protection.
Montville Expires March 27, 2013 [Page 67]
�
Internet-Draft SACM Asset Identification September 2012
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2396] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396,
August 1998.
[RFC5646] Phillips, A. and M. Davis, "Tags for Identifying
Languages", BCP 47, RFC 5646, September 2009.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004.
[CPE23] "NIST Interagency Report 7695, Common Platform
Enumeration: Naming Specification Version 2.3",
April 2011.
[ILSR] "IANA Language Subtag Registry".
[XAL] "Organization for the Advancement of Structured
Information Standards (OASIS) Extensible Address Language
(xAL) Version 2.0", July 2002.
[XNL] "Organization for the Advancement of Structured
Information Standards (OASIS) Extensible Naming Language
(xNL) Version 2.0", May 2002.
[IR7693] Wunder, J., Halbardier, A., and D. Waltermire,
"Specification for Asset Identification 1.1", June 2011.
10.2. Informative References
[CPE22] "Common Platform Enumeration (CPE) Specification Version
2.2", March 2009.
Montville Expires March 27, 2013 [Page 68]
�
Internet-Draft SACM Asset Identification September 2012
Appendix A. Acknowledgements
Special thanks go to John Wunder, Adam Halbardier, and David
Waltermire, and those others who participated in the definition of
the Asset Identification Specification version 1.1 [IR7693]
Montville Expires March 27, 2013 [Page 69]
�
Internet-Draft SACM Asset Identification September 2012
Appendix B. Use Cases
The following use cases describe some common asset management
processes that rely on the ability to uniquely identify assets. The
asset identification specification was developed primarily in order
to support these use cases, although the specification may be useful
for other processes or uses.
B.1. Correlation of Sensed Data
Sensor data is not limited to an automated process: user surveys,
manually entered information, and other data may also be correlated
using this Asset Identification specification. The data must be
correlated both with other manually collected data and with data
collected by automated sensors, in order to build a complete
representation of all known data about an asset.
Consistent asset identification allows data to be correlated
regardless of:
o Collection timeframe
o Data type (vulnerability scan vs. user survey)
o Manual or automated process
o Data format
In this case, the goal of asset identification is to provide as much
identifying information as possible about an asset in order to ensure
the greatest probability of matching asset data from several
different sources. Constraining which data is provided merely
reduces the possibility of a match.
B.2. Federation of Asset Databases
While many smaller organizations may only have a single asset
database, larger organizations with many asset databases may wish to
share information about assets among them. This includes:
o Peer to peer relationships, where asset data is replicated and
fused between several asset databases
o Hierarchical relationships, where an asset database is aggregated
from several lower-level databases into fewer higher-level
databases
In both use cases, asset identification facilitates detection of
Montville Expires March 27, 2013 [Page 70]
�
Internet-Draft SACM Asset Identification September 2012
duplicate asset representations, correlation of asset data across the
databases, and direct queries for asset data among tools.
In this use case, asset databases may wish to use a smaller set of
data, or even a single identifier, in order to properly federate the
asset data. For example, use of the motherboard GUID or single
synthetic ID, such as an asset tag, may be sufficient to allow asset
databases to exchange information about assets.
B.3. Directly Targeted Remediation Actions
While assessment and sensor data may be collected from all assets in
a particular organization environment without specifically
identifying a particular asset identifier, remediation actions
require a more granular identification process that directly targets
the asset using identification data. This ensures that unintended
side effects are avoided and the intended remediation action is able
to be completed successfully.
A single agent identifier or motherboard GUID allows those triggering
remediation actions to specify exactly which assets should have the
remediation applied and allows the tools to unambiguously identify
those assets in the remediation control language.
B.4. Management of Asset Data
Outside of the collection of sensor data and federation of asset
databases, asset data may be used in a variety of management
processes. This includes both further processing of asset data, such
as aggregation for the purposes of metrics collection, and display to
an end user. Both of these uses require asset identification be
present to ensure all systems are able to accurately represent the
correct assets. For purposes of aggregation, for example, asset
identification may be used to request detailed data about outliers
from the sensors that collected the data.
Montville Expires March 27, 2013 [Page 71]
�
Internet-Draft SACM Asset Identification September 2012
Appendix C. Extending the Asset Identification Specification
Although the core Asset Identification specification should satisfy
most users, some organizations may find that there are weaknesses or
missing elements in the specification. In these cases, the
organization may extend the Asset Identification specification by
extending the XML schema that defines the data model. These
extensions should be published as an XML schema to ensure that both
schema extensions and instance documents are valid.
C.1. Additional Asset Types
Some organizations may wish to identify assets that are not contained
in the valid asset list as defined in Section 5.3. To do this,
additional XML elements can be defined that extend (using the XSD
extension mechanism) an appropriate asset type (best practices entail
using the most specific asset type that captures the necessary
elements). Additional identification fields can be defined in the
schema and additional relationships can be defined by creating new
relationship types in a non-core controlled vocabulary.
C.2. Additional Literal Identifiers for Existing Asset Types
Additional literal identifiers for existing asset types may be added
by creating schema elements in the extended-information element.
Although there is no technical restriction of these fields to literal
identifiers (i.e. information that is used to identify the asset),
placing information in an asset element that does not help identify
the asset is counter to the purpose of this specification.
C.3. Additional Relationships
Organizations may also wish to identify existing or new asset types
using relationships that are not defined in the core specification.
This may be accomplished by defining and publishing a relationship
vocabulary in a separate namespace than the core Asset Identification
relationship vocabulary.
C.4. Additional Properties on Existing Data Elements
The XML schema also provides extension points on most XML elements to
allow for tracking metadata about Asset Identification information,
such as classification level, sensitivity, or other organization-
specific data. As long as Asset Identification elements are able to
validate against the core schema and conform to the requirements of
this specification, these extensions and the Asset Identification
elements are valid.
Montville Expires March 27, 2013 [Page 72]
�
Internet-Draft SACM Asset Identification September 2012
Author's Address
Adam W. Montville (editor)
Tripwire, Inc.
101 SW Main Street, Suite 1500
Portland, Oregon 98662
USA
Email: amontville@tripwire.com
Montville Expires March 27, 2013 [Page 73]
�
