OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

avdl message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [avdl] Groups - Minutes 02-12-04.txt uploaded

Hi folks,

Here are some questions and suggestions on the draft. This may be late in
the approval process for this version, but perhaps may help with the next
version of the schema.

Questions and suggestions on AVDL schema draft:

- the schema seems too complex: 2000 lines of definition, compare to 100
lines of vulnxml dtd
  (which expands to several hundred lines for an XSD schema)
  

- traversal-step
  should contain Method (e.g.POST/GET). That way, in some situations, 
  the request tag doesn't need to be supplied
  
- why is there both id and sequence number in traversal step? isn't
sequence-number sufficient?

	id="step0001" time-stamp="29.3050" sequence-number="00001"
	
- what exactly is parent-ref?
   A reference to the direct parent of this step.?: does that mean
traversal-steps can be nested?
   
- raw and parsed constitute a redundancy that may not be necessary:
	it makes implementation more complicated and storage larger.
   Wouldn't it be better to provide "raw fragments" so that only things that
can't be expressed in parsed form are provided in raw form?

- it might be better to use CDATA for raw form rather than xml tags

- what's going to be a typical size of the traversal? What have we learned
from implementations so far? 
  Do we need to optimize, by e.g. not duplicating raw and parsed form (see
above)

- user-description-type is never referenced, seems to be redundant in the
schema

- vulnerability-description exists on vulnerability-probe only.
  Perhaps there should be description available also in traversal part of
schema


~ Peter Michalek
Fortify Software


-----Original Message-----
From: kheineman@spidynamics.com [mailto:kheineman@spidynamics.com] 
Sent: Friday, February 13, 2004 12:19 PM
To: avdl@lists.oasis-open.org
Subject: [avdl] Groups - Minutes 02-12-04.txt uploaded

The document Minutes 02-12-04.txt has been submitted by Kevin Heineman
(kheineman@spidynamics.com) to the OASIS Application Vulnerability
Description Language TC document repository.

Document Description:


Download Document:  
http://www.oasis-open.org/apps/org/workgroup/avdl/download.php/5477/Minutes%
2002-12-04.txt

View Document Details:
http://www.oasis-open.org/apps/org/workgroup/avdl/document.php?document_id=5
477


PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.



To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/avdl/members/leave_workgroup.ph
p.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]