[caops-wg] Issues with the Audit Guidelines Document GFD 169

Yoshio Tanaka yoshio.tanaka at aist.go.jp
Wed Oct 27 07:09:04 CDT 2010 

Hi Reimer and all,

I have checked the guidelines documents (GFD.169.pdf and .doc version
10 which is available on GridForge), and .doc files in my note PC.
I understand that this inconsistency is definitely due to by my
careless mistakes.

1. .doc version on Grid Forge (AuditGuidelines-Jan20_2010.doc) is not
   the latest version.  This file does not include table of contents.
   I have the newer version (dated April 13) which includes the table
   of contents.  But I did not upload this .doc file on the GridForge.
   This is my first mistake.

2. Unfortunately, when I inserted the table of contents, I made a
   mistake for numbering auditing items.  I unintentionally deleted
   the number for item (7).  But I converted the .doc file to PDF and
   submitted the PDF file for OGF Editor for publication as GFD.169.
   This is my second mistake and the reason of the problem which
   Reimer pointed out as below:

> PDF is missing a numbering of an audit case. The section numbering in the
> PDF is different from the one in the word doc. But immediately after section
> heading "3.1.2. CA System" in the PDF the case number (7) for "The CA
> computer where the signing of the certificates..." is missing. Inserting the

I have fixed the two problems (missing item (7) and redundancy of
items (50) and (51).
The .doc file of the revised version 1.1 is uploaded on the GridForge.

PDF version is attached in this email.  It would be appreciated if you
check the document so that we can confirm the document is ok before
asking OGF Editors to replace GFD.169.

Thanks,

--
Yoshio Tanaka (yoshio.tanaka at aist.go.jp)
http://ninf.apgrid.org/
http://www.apgridpma.org/



From: "Reimer Karlsen-Masur, DFN-CERT" <karlsen-masur at dfn-cert.de>
Subject: Issues with the Audit Guidelines Document GFD 169
Date: Thu, 21 Oct 2010 14:45:24 +0200
Message-ID: <4CC035E4.3030803 at dfn-cert.de>

> Hi Yoshio,
> hi EUGridPMA list,
> hi CAOPS-WG,
> 
> while working with the Audit Guidelines Document (GFD 169) I came across
> some surprising issues:
> 
> The PDF offered from <http://www.ogf.org/documents/GFD.169.pdf> dated from
> 19.04.2010 differs from the latest .doc version available from
> <https://forge.gridforum.org/sf/go/doc4858> which is called version 10 dated
> from 20.01.2010. Both documents self-claim that they are each version 1.0.
> 
> Aside some minor differences like release dates, table of contents, etc the
> PDF is missing a numbering of an audit case. The section numbering in the
> PDF is different from the one in the word doc. But immediately after section
> heading "3.1.2. CA System" in the PDF the case number (7) for "The CA
> computer where the signing of the certificates..." is missing. Inserting the
> number (7) here will introduce an off-by-one error for current numbers (7)
> to (48) being (8) to (49) after the correction.
> 
> Case (49) in the current(!) PDF is actually redundant to case (50)i. and
> needs to be deleted. The requirement quoted in case (49) is no longer
> included in the IGTF-AP-Classic v4.3 and v4.2 document. Instead it became
> part of case (50)i. which is to be found in section 6 of the IGTF-AP-Classic
> document.
> 
> This latter bug is also found in the .doc(!) version from 19.01.2010 except
> that the case numbering here is different again. Case (50) is the redundant
> requirement to be deleted so that cases (51) to (56) are off-by-one which
> need to be renumbered to (50) to (55) once the redundant case is deleted.
> 
> Be aware that the Auditing Template document (audit check-list) available
> from <https://www.eugridpma.org/guidelines/classic> does not match its audit
> case numbers to any of the above (PDF & .doc) GFD 169 document's case numbers.
> 
> That indeed got me so confused that I started to look into these issues.
> 
> How can we go about getting GFD 169 fixed? I did not see any bug reporting
> mechanism on the OGF site....
> 
> Thanks
> 
> Reimer
> -- 
> Dipl.-Inform. Reimer Karlsen-Masur (PKI Team),   Phone   +49 40 808077-615
> 
> DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-580
> Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
> Sachsenstr. 5,   20097 Hamburg/Germany,   CEO: Dr. Klaus-Peter Kossakowski
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AuditGuidelines-Oct27_2010.pdf
Type: application/pdf
Size: 281119 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/caops-wg/attachments/20101027/55fa02d1/attachment-0001.pdf

More information about the caops-wg mailing list