[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ekmi] SKML 1.0 Specification - Edited with questions
Arshad Noor wrote: > You've convinced me, Allen. We are building an architecture and > protocol for a new archtiecture for securing data, so it makes > sense that we try not to repeat the mistakes made by earlier > design decisions in protocols/software. > > What if I modify the <Permissions> element as follows? > > 1) Instead of making all <Permitted...> sub-elements optional, > we make them all required, and > > 2) In addition to allowing the child elements for each of the > <Permitted....> sub-elements, we add the value "Any" as a > choice and require that SO's either explicitly create some > Permission restriction, or use the keyword "Any" so they > recognize what they are doing. > > If we do that, the <Permissions> element might now look like the > following (one example which has no Permission restrictions - the > same as an empty <Permissions> element based on DRAFT 5.1): > > <Permissions> > <PermittedApplications>Any</PermittedApplications> > <PermittedDates>Any</PermittedDates> > <PermittedDays>Any</PermittedDays> > <PermittedLevels>Any</PermittedLevels> > <PermittedLocations>Any</PermittedLocations> > <PermittedNumberOfTransactions>Any</PermittedNumberOfTransactions> > <PermittedTimes>Any</PermittedTimes> > <PermittedUses>Any</PermittedUses> > </Permissions> > > Another might look like the following that restricts keys to only a > 1,000 encryption transactions and only on weekdays for one specific > application: > > <Permissions> > <PermittedApplications> > <PermittedApplication> > <ekmi:ApplicationID>10514-23</ekmi:ApplicationID> > <ekmi:ApplicationName>eCommerce Application</ekmi:ApplicationName> > <ekmi:DigestAlgorithm>http://www.w3.org/2000/09/xmldsig#sha1</ekmi:DigestAlgorithm> > <ekmi:DigestValue>NIG4bKkt4cziEqFFuOoBTM81efU=</ekmi:DigestValue> > </ekmi:PermittedApplication> > </PermittedApplications> > <PermittedDates>Any</PermittedDates> > <PermittedDays>Weekdays</PermittedDays> > <PermittedLevels>Any</PermittedLevels> > <PermittedLocations>Any</PermittedLocations> > <PermittedNumberOfTransactions>1000</PermittedNumberOfTransactions> > <PermittedTimes>Any</PermittedTimes> > <PermittedUses>Any</PermittedUses> > </Permissions> In looking at the 6.0 version, (Taken from the non-normative to make it easier to find. I've also removed the line level formating to make it easier to read in e-mail) the <Permissions> are: [b15]<ekmi:Permissions> [b16]<ekmi:PermittedApplications ekmi:any=”false”> [b17]<ekmi:PermittedApplication> [b18]<ekmi:ApplicationID>10514-23</ekmi:ApplicationID> [b19]<ekmi:ApplicationName> [b20] Payroll Application [b21]</ekmi:ApplicationName> [b22]<ekmi:ApplicationVersion>1.0</ekmi:ApplicationVersion> [b23]<ekmi:ApplicationDigestAlgorithm> [b24]http://www.w3.org/2000/09/xmldsig#sha1 [b25]</ekmi:ApplicationDigestAlgorithm> [b26] <ekmi:ApplicationDigestValue> [b27]NIG4bKkt4cziEqFFuOoBTM81efU= [b28]</ekmi:ApplicationDigestValue> [b29]</ekmi:PermittedApplication> [b30]</ekmi:PermittedApplications> [b31]<ekmi:PermittedDates ekmi:any=”false”> [b32]<ekmi:PermittedDate> [b33]<ekmi:StartDate>2008-01-01</ekmi:StartDate> [b34]<ekmi:EndDate>2008-12-31</ekmi:EndDate> [b35]</ekmi:PermittedDate> [b36]</ekmi:PermittedDates> [b37]<ekmi:PermittedDays ekmi:any=”true” xsi:nil=”true”/> [b38]<ekmi:PermittedDuration ekmi:any=”true” xsi:nil=”true”/> [b39]<ekmi:PermittedLevels ekmi:any=”true” xsi:nil=”true”/> [b40]<ekmi:PermittedLocations ekmi:any=”true” xsi:nil=”true”/> [b41]<ekmi:PermittedNumberOfTransactions ekmi:any=”true” xsi:nil=”true”/> [b42]<ekmi:PermittedTimes ekmi:any=”false”> [b43]<ekmi:PermittedTime> [b44]<ekmi:StartTime>07:00:00</ekmi:StartTime> [b45]<ekmi:EndTime>19:00:00</ekmi:EndTime> [b46]</ekmi:PermittedTime> [b47]</ekmi:PermittedTimes> [b48]<ekmi:PermittedUses ekmi:any=”true” xsi:nil=”true”/> [b49]</ekmi:Permissions> Comparing the two - your previous e-mail, and the construct you have created in 6.0 - The first is *much* easier to follow and audit. Just to use one example: <PermittedDays>Any</PermittedDays> versus: <ekmi:PermittedDays ekmi:any=”true” xsi:nil=”true”/> In the first it is very clear that "any" days are permitted and a search for "any" will find this non-restrictive element. In the second, proposed structure, a search for "any" will find both non-restrictive and restrictive elements. This results in having to understand the meaning of the whole clause rather than the simplicity of the first. If one is to search on "true", then one is in a world of hurt during an audit as there will be many clauses with "true," which means that each of them has to be parsed to see if it might not be a valid and appropriate statement. This will result in many more human errors that are avoidable with the simpler construct. The element is also over-complicated by using three sub-elements - 1) "ekmi:PermittedDays", 2) "ekmi:any" and 3) "xsi:nil" The prefixing with "ekmi" and "xsi" add a level of unneeded obscurity. Better to use a wrapper tag format on separate opening and closing lines like: <ekmi> <Permissions> <PermittedDates>Any</PermittedDates> .... </Permissions> </ekmi> As to the best way to handle the "xsi" elements, I suggest that it be by a equivalents or translation table such as: <ekmi:any> == <xsi:nil> (Here the pre-pending of the sub element makes sense and gives clarity in that it says in the ekmi construct "any" is the same as "nil" in the xsi construct.) The use of a translation table means that migrating from one construct to another for any reason can become an simple task that can be done automatically and would be very easy to ensure accuracy. If it is absolutely required that both be in the same document, then I would suggest that it be done like other SGML documents, one after another like this: <ekmi> <Permissions> <PermittedDates>Any</PermittedDates> .... </Permissions> </ekmi> .... <xsi> <(xyz element)> <(xyz element)>nil= (whatever)</(xyz element)> .... </(xyz element)> </xsi> If an application requires the ekmi information it can read it and ignore the elements of xsi that it is not prepared to understand, and vis versa. This is the default behavior in HTML and XHTML - if the application does not understand the tag it ignores it. Additionally it is not as easy to read and understand if you use self-closing tags for non-trivial objects. In HTML or XHTML it is clear that <br /> is a simple tag with only one possible meaning but in general self-closing tags are not used in more complex tags where there are multiple declared parameters and specific switches. As an example (from HTML): <td width="100%" cellpadding="12" align="left" valign="baseline" bgcolor="#ffffff"> Written documentation is almost as old as human civilization. </td> If you were to structure this like you propose it might look like this: <td width="100%" cellpadding="12" align="left" valign="baseline" bgcolor="#ffffff" WrittenDocumentation="almost as old as human civilization" /> Frankly I find that much harder to parse and understand what is happening and what is the key information being communicated. Best, Allen
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]