Minutes draft of 2024-01-10 (informal-only) meeting

* Minutes draft of 2024-01-10 (informal-only) meeting
* Added links to the issues created

Signed-off-by: Stefan Hagen <stefan@hagen.link>

meeting-minutes/2024-01-10.md

@@ -0,0 +1,163 @@
+# 1 Opening Activities
+
+## 1-1 Opening comments (Co-Chair)
+
+OASIS follows Robert's Rules to conduct meetings and to enforce IPR policy:
+
+1. Only members and observers allowed, no guests
+1. Observers are not allowed to speak up
+
+## 1-2 Introduction of participants/roll call (Co-Chair)
+
+All participants recorded their attendance on the OASIS meeting calendar.
+All participants were kindly encouraged to register themselves to optimize the use of the shared time during the meeting in one of two ways:
+
+1. Following the link with the text "Register my attendance" on the top of the event page.
+1. Or directly visiting the per event direct "record my attendance link."
+
+### 1-2-1 Participants
+
+* Aaron Lippold, Mitre Corporation,  Chair
+* Amndeep Mann, Mitre Corporation,  Voting Member
+* Emily Rodriguez, Mitre Corporation, Voting Member
+* Mike Fraser, Sophos Ltd, Chair
+* Patrick Maroney, AT&T, Voting Member
+* Stefan Hagen, Individual, Secretary
+
+Quroum was **not** reached.
+
+### 1-2-2 Observers Present
+
+* Will Dower, Mitre Corporation, Observer (maintainer) 
+
+Note: Observers of this committee that are ready to become Members should follow the specific instructions displayed the OASIS Open Notices tab.
+
+In addition due to the informal nature of the meeting as an excemption to the OASIS rules, two guests were present:
+
+* Derick Francis, Mitre Corporation, Guest
+* George Dias, Mitre Corporation, Guest
+
+The secretary strongly encouraged George and Derrick to become members or observers soon
+
+## 1-3 Procedures for this meeting (Co-Chair)
+
+## 1-4 Approval of agenda (Co-Chair)
+
+* [Agenda](https://www.oasis-open.org/committees/document.php?document_id=98764&wg_abbrev=ohdf)
+
+The agenda was approved, but the meeting was informal, as quorum was not reached.
+
+## 1-5 Approval of previous minutes (Co-Chair)
+
+* [Minutes of 2023-03-07 Meeting #1 (inaugural)](https://github.com/oasis-tcs/ohdf/blob/main/meeting-minutes/2023-03-07.md)
+
+Approval of minutes was postponed to next quorate meeting.
+
+## 1-6 Review of action items and resolutions (Secretary)
+
+* No actions
+
+## 1-7 Identification of OHDF TC voting members (Co-Chair)
+
+### 1-7-1 Prospective members attending their first meeting
+
+* Derick Francis
+* George Dias
+
+### 1-7-2 Members attaining voting rights at the end of this meeting
+
+### 1-7-3 Members losing voting rights if they have not joined this meeting by the time it ends
+
+### 1-7-4 Members who previously lost voting rights who are attending this meeting
+
+### 1-7-5 Members who have declared a leave of absence
+
+# 2 Future Meetings
+
+## 2-1 Future meeting schedule (Co-Chair)
+
+* Proposed meeting cadence is monthly
+* Next few meetings bi-weekly to build up traction
+* The officers to come up with a calendar poll for the next meeting
+
+# 3 Liaisons
+
+None
+
+# 4 Discussion
+
+## 4-1 Current State of OHDF
+
+## 4-2 Plans for next phase of activity
+
+* Capture and formalize current OHDF schema
+  * Current suggestion: use [NIST Metaschema](https://pages.nist.gov/metaschema/)
+  * Open call for other suggestions from TC
+    * _Update after the meeting: Issue [Decide on how to describe the OHDF model and provide data format specific schemata](https://github.com/oasis-tcs/ohdf/issues/7) created_
+  * Resolves open PR on [Seed Contribution InSpecJS Schemas](https://github.com/oasis-tcs/ohdf/pull/4)
+    * Stefan explains the rationale behind the contribution 
+* Develop the next data elements to be established for OHDF v1.0 draft
+  * Current suggestions:
+    * "[Target Data](https://github.com/oasis-tcs/ohdf/issues/8)" - the system to which the OHDF data pertains
+    * "[Overall Control Status](https://github.com/oasis-tcs/ohdf/issues/9)" - dictates the "final" state of the control after all post-processing (attestations, waivers, etc.) is applied; can be used to override control state via attestations and waivers
+    * "[Run Identifier](https://github.com/oasis-tcs/ohdf/issues/10)" - a UUID of some kind to differentiate the same OHDF-formatted scan run against the same target multiple times
+      * Resolves issues raised by users regarding OHDF not having any IDs for individual runs
+    * "[Adjudicated Control](https://github.com/oasis-tcs/ohdf/issues/11)" - boolean which is flipped to True if the Overall Control Status was changed by an attestation or waiver
+      * Resolves concerns that attestations and waivers could be a "thumb on the scale" that would not be clear from the OHDF data
+    * Stefan to move these suggestions to issues and write to TC email list that these can be discussed in the next meeting
+      * _Update after the meeting: Issues created and linked to the list items above_ 
+
+## 4-3 Next datatype integration research
+
+* Current suggestion: [Integrating SBOM data into OHDF](https://github.com/oasis-tcs/ohdf/issues/13)
+  * will also be added to issues
+    * _Update after the meeting: Issue created and linked to the list item above_  
+* Open call for other suggestions from TC
+  * Aaron likes to know
+  * Stefan 
+    * likes to participate more
+    * offers to act as one of the editors of the standards to write
+    * is still not confident to grok
+      * the vision and especially the current state of the working implementations
+      * the models these are based upon
+  * Aaron offers the following links to materials to approach the subject as currently maintained by Mitre and contributors:
+    * Slides: 
+      * [The New 'Normalized' - Standardizing Security Data using the OASIS Heimdall Data Format (OHDF)](https://saf.mitre.org/The-New-Normalized-OHDF.pdf)
+    * Documentation: 
+      * [Normalize - Convert security results from all your security tools into a common data format](https://saf.mitre.org/framework/normalize/)
+      * [OHDF Converters - Converters for Normalizing Data](https://saf.mitre.org/libs/ohdf-converters)
+      * [InSpecJS - Libraries for OHDF Parsing](https://saf.mitre.org/libs/inspecjs)
+      * [TS InSpec Objects - Using TypeScript for InSpec Profile Handling](https://saf.mitre.org/libs/ts-inspec-objects)
+    * Training materials:
+      * [MITRE SAF Training - From Guidance Document to Automated Testing In No Time!](https://mitre.github.io/saf-training/)
+    * _Update after the meeting: Issue [Identify material for awareness and education](https://github.com/oasis-tcs/ohdf/issues/12) created_ 
+  * Stefan:
+    * suggests he creates a motion per TC email list for creating another GitHub repo under the oasis-open organization for marketing and tutorial 
+    * will add a few example URLs from other OASIS TCs
+  * Patrick Maroney:
+    * notes that there exist forms and advice from OASIS administration for migration material from an organization to OASIS "places"
+    * he was remembers the OASIS CTI TC having done that for STIX and TAXI documentation 
+
+# 5 Other Business
+
+* Patrick Maroney: introduces himself and details his interest in supporting the OHDF TC
+
+# 6 Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)
+
+## 6-1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair)
+
+## 6-2 Review of Decisions Reached (Secretary)
+
+* None (informal meeting)
+
+## 6-3 Review of Action Items (Secretary)
+
+* None
+
+# 7 Next Meeting
+
+  TBD
+
+# 8 Adjournment
+
+The informal meeting was adjourned