OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

emergency message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: CAP Issues

Greetings all!  I have accepted the task of coordinating the 
discussion/resolution of the remaining posted issues on the CAP 
Standard.  I understand items 1-12 have been resolved and offer comments 
below on the remaining.  I am new to this TC and OASIS, so please excuse my 
lack of experience with the group.

#13 - looks 'OK', but I'm no XML guru. It seems this could be easily 
corrected.  I recommend we go with the suggestion and make this a potential 
errata candidate.

#14 - seems fine, if the language is easily corrected.  I recommend we go 
with the suggestion and make this a potential errata candidate.

#15 - if the passwords are really being passed as clear-text, then unless 
someone can make a compelling argument for why they should be left in, I 
would certainly recommend removing them.  There are enough security 
problems in this world as it is, without adding more. Given the sensitivity of
the information being transmitted, we shouldn't rely on the user to 
understand whether the password is encrypted or not. Basically, if it is 
not encrypted, we should not allow it.  It is just as reasonable to suggest 
to the recipient who was expecting an un-encrypted password that an account 
just be set up  that requires no password.  Figure more folks will want to 
chime in on this.

#16 - seems like the <certainty> values should be explicitly stated as 
*ranges* instead of the way the proposal lists them. For instance:
	observed = 100%
	50% <= likely < 100%
	0% < possible < 50%
	unlikely = 0%
If the actual enumerates can be agreed upon, and/or the notion of ranges 
adopted, then this one seems like it could be readily fixed.

#17 - Category - I guess the question is, is the issue with the fact that 
the field is optional, or that the field values are free text? Personally, 
I'd prefer to see the field values become a discrete set, but keep the 
field as optional until some more compelling reason makes us want to make 
it required. The  combination of optional and free-text makes the field 
pretty useless for any form of parsing though. Since there is a version 
number associated with the spec, just fix the list of choices for category, 
with an 'other' as the catch-all, and in later versions of the spec, add 
items as needed. If the field is optional, nobody has to use it, but when 
they do, they should select from a discrete list.

#18 - I like to have this one, but as it is written, it is not specific 
enough. Perhaps it can be tabled until a recommend list of <responseType> 
items or <instruction> items can be found that are somewhat more 
industry-standard?

This is a start at working through items 13-18.  Please respond and let's 
try to get some consensus for voting by the July 27 TC.

Regards,
Elysa Jones

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]