[caops-wg] Issues with the Audit Guidelines Document GFD 169
Yoshio Tanaka
yoshio.tanaka at aist.go.jp
Thu Oct 21 07:52:37 CDT 2010
Hi Reimer,
Thanks for the information and sorry for the confusion.
Since I'm exhausted to write a project proposal, I'll check the
documents early next week and discuss in the CAOPs session on
Thursday.
Thanks again and best regards,
--
Yoshio Tanaka (yoshio.tanaka at aist.go.jp)
http://ninf.apgrid.org/
http://www.apgridpma.org/
From: "Reimer Karlsen-Masur, DFN-CERT" <karlsen-masur at dfn-cert.de>
Subject: Issues with the Audit Guidelines Document GFD 169
Date: Thu, 21 Oct 2010 14:45:24 +0200
Message-ID: <4CC035E4.3030803 at dfn-cert.de>
> Hi Yoshio,
> hi EUGridPMA list,
> hi CAOPS-WG,
>
> while working with the Audit Guidelines Document (GFD 169) I came across
> some surprising issues:
>
> The PDF offered from <http://www.ogf.org/documents/GFD.169.pdf> dated from
> 19.04.2010 differs from the latest .doc version available from
> <https://forge.gridforum.org/sf/go/doc4858> which is called version 10 dated
> from 20.01.2010. Both documents self-claim that they are each version 1.0.
>
> Aside some minor differences like release dates, table of contents, etc the
> PDF is missing a numbering of an audit case. The section numbering in the
> PDF is different from the one in the word doc. But immediately after section
> heading "3.1.2. CA System" in the PDF the case number (7) for "The CA
> computer where the signing of the certificates..." is missing. Inserting the
> number (7) here will introduce an off-by-one error for current numbers (7)
> to (48) being (8) to (49) after the correction.
>
> Case (49) in the current(!) PDF is actually redundant to case (50)i. and
> needs to be deleted. The requirement quoted in case (49) is no longer
> included in the IGTF-AP-Classic v4.3 and v4.2 document. Instead it became
> part of case (50)i. which is to be found in section 6 of the IGTF-AP-Classic
> document.
>
> This latter bug is also found in the .doc(!) version from 19.01.2010 except
> that the case numbering here is different again. Case (50) is the redundant
> requirement to be deleted so that cases (51) to (56) are off-by-one which
> need to be renumbered to (50) to (55) once the redundant case is deleted.
>
> Be aware that the Auditing Template document (audit check-list) available
> from <https://www.eugridpma.org/guidelines/classic> does not match its audit
> case numbers to any of the above (PDF & .doc) GFD 169 document's case numbers.
>
> That indeed got me so confused that I started to look into these issues.
>
> How can we go about getting GFD 169 fixed? I did not see any bug reporting
> mechanism on the OGF site....
>
> Thanks
>
> Reimer
> --
> Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
>
> DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-580
> Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
> Sachsenstr. 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
>
More information about the caops-wg
mailing list