[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Timestamp Serialization Question
There tends to be two options for dealing with objects that have multiple timestamps and their corresponding precision. Sean and I have been talking through the pros and cons of these. We would like to get everyone's opinion. Which do you prefer, option 1 or option 2 Option 1: This option put the burden on the JSON serialization format to add an extra "_precision" field to each timestamp enabled field. This is a much flatter and easier to parse and process representation, but the con is it requires unique field names. { "type": "incident", "initial_compromise_time" : "2015-12-07T22:00:00Z", "initial_compromise_time_precision": "hour", "first_data_exfiltrated_time" : "2015-12-09T05:11:00Z", "first_data_exfiltrated_time_precision" : "minute", "incident_opened_time" : "2016-01-15T11:19:22Z", "incident_closed_time" : "2016-01-19T17:24:017Z" } Option 2: This option will require a nested object and struct to store this data and will have an extra layer of indirection for all of those times when the timestamp is at the default precision. { "type": "incident", "initial_compromise_time" : { "timestamp": "2015-12-07T22:00:00Z", "timestamp_precision": "hour" }, "first_data_exfiltrated_time" : { "timestamp": "2015-12-09T05:11:00Z", "timestamp_precision" : "minute" }, "incident_opened_time" : { "timestamp": "2016-01-15T11:19:22Z" }, "incident_closed_time" : { "timestamp": "2016-01-19T17:24:017Z" } } Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." |
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]