[VOIPSA Best Practices] Expectation setting - can we agree on a document structure before the holidays?

Greg Scallan spider at tellme.com
Fri Dec 15 09:38:05 CST 2006 

Hi Dan,

	My name is Greg Scallan and I have been working in an architect
role at Tellme Networks since early 2003 (primarily VoIP architecture).
I've been a silent lurker on the VOIPSA for some time now and would like
to help on the BP document, so thanks for setting this up.  I'd be more
than happy to help as a Researcher/Reference Checker and probably as a
Reviewer too ... and my sympathies to those who volunteer for Section
Leader roles :-)

1) Everything on the development process looks good and makes sense.
Maybe add a statement in the Project Phase section about the intent
after the first version is complete, such as supporting ongoing updates
as needed?

2) On question 1, document structure, I definitely believe segmenting
into Functional Areas is the best approach, and referring to the threats
in the taxonomy that those areas cover works very nicely.  There could
be an appendix which lists the threat taxonomy and each functional
section that is relevant. Segmenting by technology components seems weak
since those components change and morph over time much more easily than
functional areas. I like the idea of interfaces, possibly as
sub-sections within the appropriate functional sections.

3) On question 2, I'd prefer a single document with relevant pointers to
sections that are more relevant for carriers versus enterprise.
Depending on how different the document looks for each, this could be an
appendix as opposed to littered throughout the BP specification. 

4) On question 4, I agree, save privacy and E911 for an appendix.  I
think it would be good to obtain volunteer SME's sooner rather than
later so for those topics to see if having such a section initially is
important enough. 

5) On question 5, I agree we should do voice only in the first pass, but
we should acknowledge somewhere in the BP that the nature of the voice
communication and how it is tied to other communication mechanisms
warrants an investigation into those best practives. 

On a separate note, what is the current status of the Security
Requirements Working Group?  It seems to me that the best practices
would follow the requirements and refer to them so it is clear not only
what threats are being handled, but which requirements are being met by
each BP solution.

Greg Scallan
Platform Architect, Engineering
Tellme Networks
www.tellme.com
908-238-1817 (w)

More information about the bestpractices mailing list