Re: CRM Updates, remaining work items for HTTPS Spec

[Dave Lemire <dave.lemire@g2-inc.com>]

Addressing work items (1) and (2) from the previous email, I have created a new PR, #62 (https://github.com/oasis-tcs/openc2-impl-https/pull/62) that addresses those items. This is the PR to align Section 1.x with the updated common content from the SLPF. In doing this I cancelled several other PRs that were overlapping and were superseded by the common content. I've updated the CRM accordingly to track how those issues were addressed.

Regarding work item (3), if you search the current working draft (https://github.com/oasis-tcs/openc2-impl-https/blob/working-pr01/openc2-impl-https-v1.0.md) for "x-" you'll find 8 instances that put SHALL / MUST language against populating the "x-correlation-id". Currently it says to use the OpenC2 command-id. As best I can tell the IC-SC consensus at this point is to retain that language but reference the request-id instead. I still need to do a PR to update the description of the content to align with the type change for identifiers to string in the L-Spec and update all of the examples accordingly (I'm inclined to either plug in UUIDs or just use something like id-12345 than keep the current base64url-encoded examples).

Dave

--

David P. Lemire, CISSP

G2, Inc. (AÂHuntington Ingalls company)
 OpenC2 Technical Committee Secretary
 OpenC2 Implementation Considerations SC Co-chair
 Contractor support to NSA
Email: dave.lemire@g2-inc.com
WorkÂ(301) 575-5190 |ÂMobile (240) 938-9350

On Thu, Feb 14, 2019 at 11:30 AM Dave Lemire <dave.lemire@g2-inc.com> wrote:

I've cleaned up the HTTPS Transfer Spec CRM. Primarily the shading in the Resolution Summary column (H) is:Â

â changed to green for matters I believe are complete,Â

â changed to red for rejected comments.Â

â left in the default blue / white for Lingering section 1 issues are stillÂ

â changed to two yellows for things I think are substantially complete but may still need some fine tuning to align with the Language Spec.

CRM is at https://docs.google.com/spreadsheets/d/15RUBgNRoSZzuxhCt5TPX46qU5m9uPYbWkOHUbjNwH54/edit#gid=0

At this point I believe the following actions are needed to complete implementation of PR01 comments in the HTTPS Specification:

1) Identify and cancel any PRs that are addressed by the commonality changes to Section 1 of the SLPF AP (PR #68 there) that will be copied into the Language and HTTPS specs

2) Update and apply any remaining PRs against Section 1 material that is unique to the HTTPS Spec

3) Create a new PR for HTTPS-29 to align the encoding of request-id carried in X-Correlation-ID with the decision in the Language Spec to encode identifiers as JSON strings

4) Determine if there are any lingering changes associated with the resolution of the command-id / request-id or if the existing text is acceptable.

Please let me know if you think I've overlooked anything.

-- cross-posted to Slack and IC-SC mail list.

Dave

--

David P. Lemire, CISSP

G2, Inc. (AÂHuntington Ingalls company)
 OpenC2 Technical Committee Secretary
 OpenC2 Implementation Considerations SC Co-chair
 Contractor support to NSA
Email: dave.lemire@g2-inc.com
WorkÂ(301) 575-5190 |ÂMobile (240) 938-9350