OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: A serious reference issue

Hash: SHA1


I must apologize to the TC and your editor.

To the TC for missing this issue during my initial review of the KMIP

To your editor because I promised a worked example to illustrate
another issue and due to this error, I won't be able to keep that
promise. It would require too much fixing to be feasible.

To the issue:

Take: KMIP Tape Library Profile Version 1.0,

for example.

2.2 Baseline Tape Library

KMIP clients conformant to this profile under [KMIP-SPEC]:

1. SHALL conform to the KMIP Baseline Client profile in [KMIP-PROF]

Everyone uses different abbreviations/keys so I simply missed that
[KMIP-PROF] and [KMIP-SPEC] expand to (respectively)

*****Expansion of [KMIP-PROF] and [KMIP-SPEC]*****

KMIP Baseline Client profile - KMIP-SPEC-1_0

KMIP Baseline Client profile - KMIP-SPEC-1_1

KMIP Baseline Client profile - KMIP-SPEC-1_2


KMIP Baseline Client profile - KMIP-PROF-1_0

KMIP Baseline Client profile - KMIP-PROF-1_1

KMIP Baseline Client profile - KMIP-PROF-1_2

*****/end Expansion of [KMIP-PROF] and [KMIP-SPEC]/***

OK, so I started checking each of those six documents for the "KMIP
Baseline Client profile...."


There is no "KMIP Baseline Client profile" in the following documents:

KMIP Baseline Client profile - KMIP-SPEC-1_0

KMIP Baseline Client profile - KMIP-SPEC-1_1

KMIP Baseline Client profile - KMIP-SPEC-1_2

In case you are wondering, there is no "KMIP Baseline Client profile"
in any of these documents:

KMIP Baseline Client profile - KMIP-PROF-1_0

KMIP Baseline Client profile - KMIP-PROF-1_2


Of the original six (6) documents, only

KMIP Baseline Client profile - KMIP-PROF-1_1, reports:

4.22 4.22 Basic Baseline Client KMIP Profile


A profile that consists of the tuple {Baseline Client Conformance
Clause, Basic Authentication Suite}

And if you chase the references Baseline Client Conformance Clause, it
points to:

Key Management Interoperability Protocol Specification Version 1.1. 21
September 2012. Candidate OASIS Standard 01.

a candidate OASIS standard.

One part of the difficulty is that you have cited six documents where
only one was an arguably correct reference.

Another part is that it appears you were trying to profile these
various versions collectively, with more attention to the test cases
than the prose.

I'm not saying such a profile isn't possible but as written, your
editor is right, the test cases, are the organizational principle of
these documents.

That's unfortunate because the test cases only test a limited number
of cases permitted under the prose, at least insofar as I can
determine what the prose is meant to say.

I will refrain from offering a solution at this point because the TC
will need to satisfy itself as to the facts of this issue and how it
wishes to proceed in terms of addressing this concern, should it find
it is well founded.

Hope everyone is having a great week!


PS: The collective nature of the [KMIP-PROF] and [KMIP-SPEC] citations
means that all citations of [KMIP-PROF] and [KMIP-SPEC] need to be
checked and the correct citations inserted. (Or updated, etc. as the
case may be.)

While true that some people will rely solely on the test cases, there
are people who rely upon standards as written and for such important
work as this, in these security conscious times, other people will be
checking your work very closely.

Just my opinion but I would want to remove every known basis for
criticism before I released such an important document to the public.

- -- 
Patrick Durusau
Technical Advisory Board, OASIS (TAB)
Co-Chair, OpenDocument Format TC (OASIS)
Editor, OpenDocument Format TC, Project Editor ISO/IEC 26300
Former Chair, V1 - US TAG to JTC 1/SC 34
Convener, JTC 1/SC 34/WG 3 (Topic Maps)
Co-Editor, ISO 13250-5 (Topic Maps)

Another Word For It (blog): http://tm.durusau.net
Homepage: http://www.durusau.net
Twitter: patrickDurusau
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]