[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [avdl] Groups - Minutes 02-12-04.txt uploaded
Hi folks, Here are some questions and suggestions on the draft. This may be late in the approval process for this version, but perhaps may help with the next version of the schema. Questions and suggestions on AVDL schema draft: - the schema seems too complex: 2000 lines of definition, compare to 100 lines of vulnxml dtd (which expands to several hundred lines for an XSD schema) - traversal-step should contain Method (e.g.POST/GET). That way, in some situations, the request tag doesn't need to be supplied - why is there both id and sequence number in traversal step? isn't sequence-number sufficient? id="step0001" time-stamp="29.3050" sequence-number="00001" - what exactly is parent-ref? A reference to the direct parent of this step.?: does that mean traversal-steps can be nested? - raw and parsed constitute a redundancy that may not be necessary: it makes implementation more complicated and storage larger. Wouldn't it be better to provide "raw fragments" so that only things that can't be expressed in parsed form are provided in raw form? - it might be better to use CDATA for raw form rather than xml tags - what's going to be a typical size of the traversal? What have we learned from implementations so far? Do we need to optimize, by e.g. not duplicating raw and parsed form (see above) - user-description-type is never referenced, seems to be redundant in the schema - vulnerability-description exists on vulnerability-probe only. Perhaps there should be description available also in traversal part of schema ~ Peter Michalek Fortify Software -----Original Message----- From: kheineman@spidynamics.com [mailto:kheineman@spidynamics.com] Sent: Friday, February 13, 2004 12:19 PM To: avdl@lists.oasis-open.org Subject: [avdl] Groups - Minutes 02-12-04.txt uploaded The document Minutes 02-12-04.txt has been submitted by Kevin Heineman (kheineman@spidynamics.com) to the OASIS Application Vulnerability Description Language TC document repository. Document Description: Download Document: http://www.oasis-open.org/apps/org/workgroup/avdl/download.php/5477/Minutes% 2002-12-04.txt View Document Details: http://www.oasis-open.org/apps/org/workgroup/avdl/document.php?document_id=5 477 PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser. To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/avdl/members/leave_workgroup.ph p.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]