Re: [emergency-msg] <category> values validated?

[Art Botterell <acb@incident.com>]

Finding the most useful level of abstraction... the most productive 
balance between the "lumpers" and the "splitters"... is a trick that 
has to be pulled off separately for each distinct application.

Although I think the high-level model we use in CAP is appropriate to 
the alerting function, folks wanted a finer-grained scheme for 
routing of operational messages.  At the same time, the point wasn't 
to try to put every detail of the contained message in the 
"wrapper"... rather, we wanted to put in just enough detail to allow 
reasonably precise content-based routing decisions.

At some point it does make sense to leave final filtering to the 
individual recipient... a routing system that tries to be too precise 
eliminates false positives (messages received that aren't of 
interest) at the cost of false negatives (messages that should have 
been received, but weren't.)  Most folks seem to feel that they'd 
rather err on the side of getting too much rather than missing 
something important... we're just trying to improve the overall s/n 
figure as much as practical.

I should also point out that we created a separate "etiology" element 
for the header that allows the sender to categorize the event as 
natural / manmade / terrorist / military / under investigation... so 
we didn't have to split the event types even finer.

My only point here was that this more detailed model seemed to fit 
reasonably well into our higher-level structure... offering anecdotal 
evidence for the validity of the CAP <category> taxonomy, and that 
more precise schemes aren't necessarily incompatible.

- Art



At 1:20 AM -0700 8/24/04, Kon Wilms wrote:
>Just to play devil's advocate (please correct me if I'm wrong) - 
>Telecommunications is categorized as infrastructure. How does one 
>differentiate between a terrestrial telecommunications emergency 
>(e.g. signal jamming) and a land-line telecommunications emergency 
>(e.g. destruction of links). Must I filter the body of the message 
>for additional keywords? If so, what is the use of the granularity 
>to me? 9-1-1 calls are listed under Other, but thats really 
>telecommunications, which is listed under infrastructure. Isn't 
>cybercrime a form of information network disruption? Could we not 
>have a case of a terrorist threat category for CAP category Health 
>(targeting hospitals). The granularity created here expands the 
>reach but starts to look like spaghetti. I would hate to be either 
>the developer having to write code to 'correctly' handle this 
>granularity, or the poor shmuck at a dispatch center having to 
>create the alert. Short of having training knowing each and every 
>field, slip-ups will be widespread.
>
>You know I'm not a fan of using human language to describe elements 
>that computer language will have to post-process and categorize ;) 
>and this seems like one of those --
>
>what happens if changes have to get made to any of the specs, or 
>they are expanded and wording in existing categories is changed 
>(i.e. Road Crash gets changed to Road Accident) -- how do we tell 
>people to 'fix' their now 'legacy' code? The only way to do it is 
>with a really good regex parser, or line by line monkey-work. Heaven 
>knows a spec isn't complete the first round.
>
>Cheers
>Kon