PWG August 2022 Face-to-Face Meeting - Summary
September 6, 2022

The PWG held its August 2022 Virtual Face-to-Face Meeting on August 16-18, 2022 via Webex teleconference.  Representatives from Canon, Google, High North, HP Inc., Konica Minolta, Kyocera Document Solutions, Lakeside Robotics, Lexmark, Microsoft, Okidata, Qualcomm, Ricoh, TCS, and TIC attended the meetings, among others. Attendees reviewed work in progress, including drafts of a number of in-progress specifications, and discussed liaisons with partner groups. Here is a summary of the proceedings.

PWG Plenary

The F2F event began with the PWG Plenary session. The PWG Chair began with the PWG Antitrust Policy, which was presented at the start of each session at this F2F, as well as the PWG Intellectual Property Policy and the PWG Patent Statement.   The PWG Chair then reviewed the overall state of the PWG, its programs and initiatives, and briefly discussed upcoming face-to-face meeting scheduling.  We noted that there are currently 878 printers certified under the PWG's IPP Everywhere™ Self Certification program, and climbing, and also noted that IPP Everywhere Self Certification 1.1 update 4 was now available for beta testing.  We discussed the PWG Steering Committee's activities and initiatives, including progress on Process 4.0, policy updates, and recently approved documents. Officers from the IDS Workgroup and IPP Workgroup briefly summarized their Workgroup's status, and PWG Liaison Officers also briefly reported on the status of our partners' work in Linux Open Printing, Mopria Alliance, and a number of 3D Additive Manufacturing organizations (including AMSC, ASTM Commitee F42, INCITS, 3MF Consortium, American Concrete Institute Committee 564, PDF Association, and VDMA OPC UA for Additive Manufacturing Joint Working Group 40 450). 

Complete minutes from the plenary are available here:

Internet Printing Protocol (IPP) Workgroup

IPP Workgroup sessions began immediately following the plenary session with a status summary of IPP Workgroup activities currently in progress.  As noted, IPP/2.x Fourth Edition and IPP Everywhere 2.0 were both in Interim status, IPP Driverless Printing Extensions v2.0, IPP Encrypted Jobs and Documents v1.0, and IPP Enterprise Printing Extentions v2.0 were all in Prototype, IPP Production Printing Extenstions v2.0 was moved to stable, while IPP Everywhere Printer Self-Certification Manual v2.0 and IPP Job Extensions v2.1 were at the Initial stage.  Mike also noted that IPP Finishings v3.0, Deprecating IPP Print By Reference 1.0, and Job Accounting With IPP v1.0 were all recently published.   We then went on to briefly discuss pending IANA registrations followed by an update on IPP Everywhere Printer Self-Certification, noting that update 4 of the self cert tool was currently in beta test.   Next, we briefly reviewed the list of pending and in-progress errata, the Initial/Interim specifications, the Prototype-Ready specifications, and the one Stable specification.  Before the lunch break, we briefly reviewed the initial draft of IPP Job Extensions v2.1.

After the lunch break, the IPP sessions resumed with the status of IPP/2.x Fourth Edition and IPP Everywhere v2.0.  This led into a status update of IPP Everywhere Printer Self-Certification Manual v2.0, and some discussions around a potential new GUI front-end to the IPP Everywhere test tools.   It was noted that, while a GUI would be a useful addition, it would still be important to maintain command-line control for automation and consistency across multiple operating systems.   Mike assured that the command-line tools would still be available.  Other suggestions for the GUI would be showing prior certs, selection of subsets of tests, calendar reminders, etc.   This completed day 1 of the face-to-face.

Day 2 of the face-to-face session opened with the IPP Workgroup session for 3D Printing Liaisons.   The session began with a brief overview of existing 3D standards, including PWG 5100.21-2019: IPP 3D Printing Extensions v1.1 and PWG 5199.5-2017: PWG 3D Print Job Ticket and Associated Capabilities v1.0 (it was noted that Safe G-Code Best Practice should be added to the document list as well).  Proposed future work included IPP 3D Scan Service v1.0 to address 3D scanning, IPP 3D Production Printing Extensions v1.0 to address VDMA - OPC UA "Joint Working Group For Additive Manufacturing" efforts, and an updated PWG 3D Print Job Ticket and Associated Capabilities v2.0.   Next, we discussed recent 3D printing news, including the Additive Manufacturing Common Data Dictionary standard from ASTM, the "AM Forward" program for small and medium sized manufacturers announced by the Biden administration, and the recent ISO approval of 3D PDF with Step.  We closed out the session with a preview of upcoming 3D meetings for the remainder of 2022.

The remainder of Day 2 focused on the evolution of OAuth support for IPP.  This session began with a look at existing documents, including PWG 5199.10-2019: IPP Authentication Methods v1.0, a number of new documents from the IETF OAuth Working Group, and updated specifications from the Open ID Foundation.  We also noted that Microsoft Universal Print Service uses OAuth and Mopria has a cloud printing profile in development now.   Mike noted that the goals for PWG 5199.10 were to update for current standards and requirements, promote interoperability across multiple implementations, define the best practices, and extend the IPP authentication model where necessary.  We then took a deeper dive into the errata for PWG 5199.10 before breaking for lunch.  After lunch, discussions around OAuth continued and we reviewed work items that had been identified thus far.   Finally, we concluded day 2 with a look at the next steps, reviewing the target dates for existing work items, and noting the desire to continue the OAuth discussions via "tiger team" work group calls as well as the existing scheduled IPP work group calls.  Ira noted that the OAuth discussion will be an ongoing agenda item for quite some time.

Complete minutes available here:

Imaging Device Security (IDS) Workgroup

The Imaging Device Security session was held in the morning session of the third day.  Alan started by presenting the current status of the HCD iTC and its efforts to develop HCD cPP v1.0 and HCD SD v1.0.  Alan continued to present the new way of showing comments as per the 8/19/22 IDS F2F, showing all comments received across all drafts to date, and noted that the 2nd Public Draft of the HCP cPP had a total tally of 83 comments and the comment tally for all HCP cPP drafts to date was 359.  The 2nd Public Draft of the HCD SD had 29 total comments submitted, and the overall comment tally for all the HCD SD drafts was 131.  The resolution breakdown for each of these is available in the full meeting minutes.  Alan did note that there was a positive trend for the HCD cPP of total comments going down for each successive draft (as also noted earlier by Ira), but the HCD SD comments did not follow that same positive declining pattern.

Al then reviewed the key issues resolved in the Final Drafts of both the HCD cPP and HCD SD.  For the HCP cPP, the majority of the changes revolved around four areas, including implementation of the new FDP_UDU_EXT .1 User.DoC Unavailable SFR that replaced the former FDP_RIP.1/Overwrite SFR, implementation of the new FPT_WIPE_EXT.1 Data Wiping SFR that replaced the former FDP_RIP.1/Purge SFR, inclusion of Cryptographic Erase as a mandatory method for performing the "purge" function as defined in NIST SP 800-88r1, and allowing overwrite to apply to both wear-leveling and non-wear-leveling storage devices.  Al briefly covered a few of the other major issues resolved for the HCP cPP Final Draft before moving on to cover the same for the HCD SD.  The major HCD SD issues addressed included the TSS, Guidance and Test Assurance Activities for the new FDP_UDU_EXT.1 User.DoC Unavailable and FPT_WIPE_EXT.1 Data Wiping SFRs, revising the Test Assurance Activities for both SFR FCS_COP.1/DataEncryption and SFR FCS_COP.1/StorageEncryption to add testing of the key size of 192 bits, breaking up the Test Assurance Activities for SFR FIA_PMG_EXT.1 Extended: Password Management into two separate test cases to avoid confusion, and making several changes to the Vulnerability Analysis and Evaluation Activities for SARs sections to add missing information or to correct inaccurate information.  Al then gave a brief summary of the other outstanding issues (removal of TLS1.1, SHA-1, Cipher suites with RSA keys <2048 bits, and All RSA and DHE key exchanges).

Al next reviewed the current "Parking Lot" issues that have been pushed to the next release of the HCD cPP/SD, and noted that at this point all content for both documents is locked down.  The only changes that would necessitate new content and significant changes to existing content would be a request from JISEC, ITSCC, or NIAP, or necessitated by any new NIAP TDs to either the HCD PP or any applicable SFRs in the ND & FDF cPPs/SDs.  

Alan provided a status update on the schedule that was just revised in August to reflect the work on publishing the Final Drafts of the HCP cPP and HCD SD, and noted that things are already ~3 weeks behind schedule.  As long as all comments are in by 9/15 and no big technical issues are reported, Al noted that the best estimate was that the HCP cPP and HCD SD Version 1.0 would likely end up being published sometime around the end of September or beginning of October.  Al then gave a summary of the items that will be considered for inclusion in the HCP cPP/SD Post-v1.0.  Ira asked whether Al thought the next HCP cPP/SD version after 1.0 would be 1.1 or 2.0, and Al felt like the next version should be 1.1 in about 9 months after 1.0 is published.  

Al then spent some time talking about the HCD iTC Interpretation Team (HIT). The HIT will essentially take over maintenance of HCD cPP v1.0 and HCD SD v1.0 once they are published. The goal of the HIT is to provide timely responses to requests for interpretation (RFIs) from the CC community.  Al briefly reviewed the set of procedures that HIT uses.   Al finished the HCD iTC discussion with some more additions to the HCD iTC lessons learned he presented at the previous IDS Face-to-Face Meetings.

After wrapping up that discussion, Al presented an update to the presentation he gave at the 8/19/21 IDS F2F Meeting on the Cybersecurity Executive Order (EO 14028) of May 2021.  Al provided a summary of the key areas covered by EO 14028, and then summarized the main documents that NIST has produced to date that resulted from EO 14028 followed by a quick "deep dive" into NISTIR 8397 Guidelines on Minimum Standards for Developer Verification of Software. 

Ira McDonald then provided the latest status on the HCD Security Guidelines, stating that essentially nothing has changed since the February or August IDS Face to Faces.  For the final topic of the IDS session, Ira presented his Liaison report on current standards developments for the Trusted Computing Group (TCG) and Internet Engineering Task Force (IETF). The key points from Ira’s Liaison Report included the schedule for upcoming TCG Members Meetings, updates on a number of TCG documents (including TCG Mobile Reference Architecture 2.0, TCG MARS 1.0 Mobile Profile, TCG DICE Endorsement Architecture for Devices, GS TPS Client API/Entity Attestation Protocol/COSE Keystore - joint work, and TCG DICE Endorsement Architecture for Devices).  Next, Ira provided updates on a long list of key IETF standards activities, and finally, updates from the IRTF Crypto Forum Research Group (CFRG).

Complete minutes are available here:

Next PWG Face-to-Face Meeting

The next PWG Face-to-Face meeting will be held November 15-17 2022 via Webex teleconference. Be sure to subscribe to the mailing list to receive announcements about upcoming events and event changes or check the PWG Meetings page for updates on plans for upcoming meetings.