OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: A serious reference issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings!

I must apologize to the TC and your editor.

To the TC for missing this issue during my initial review of the KMIP
drafts.

To your editor because I promised a worked example to illustrate
another issue and due to this error, I won't be able to keep that
promise. It would require too much fixing to be feasible.

To the issue:

Take: KMIP Tape Library Profile Version 1.0,
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/csprd01/kmip-tape-lib-profile-v1.0-csprd01.html

for example.

*****
2.2 Baseline Tape Library

KMIP clients conformant to this profile under [KMIP-SPEC]:

1. SHALL conform to the KMIP Baseline Client profile in [KMIP-PROF]
and [KMIP-SPEC]
*****

Everyone uses different abbreviations/keys so I simply missed that
[KMIP-PROF] and [KMIP-SPEC] expand to (respectively)

*****Expansion of [KMIP-PROF] and [KMIP-SPEC]*****

KMIP Baseline Client profile - KMIP-SPEC-1_0

KMIP Baseline Client profile - KMIP-SPEC-1_1

KMIP Baseline Client profile - KMIP-SPEC-1_2

+

KMIP Baseline Client profile - KMIP-PROF-1_0

KMIP Baseline Client profile - KMIP-PROF-1_1

KMIP Baseline Client profile - KMIP-PROF-1_2

*****/end Expansion of [KMIP-PROF] and [KMIP-SPEC]/***

OK, so I started checking each of those six documents for the "KMIP
Baseline Client profile...."

MAJOR ISSUE:

There is no "KMIP Baseline Client profile" in the following documents:

KMIP Baseline Client profile - KMIP-SPEC-1_0

KMIP Baseline Client profile - KMIP-SPEC-1_1

KMIP Baseline Client profile - KMIP-SPEC-1_2

In case you are wondering, there is no "KMIP Baseline Client profile"
in any of these documents:

KMIP Baseline Client profile - KMIP-PROF-1_0

KMIP Baseline Client profile - KMIP-PROF-1_2

**********

Of the original six (6) documents, only

KMIP Baseline Client profile - KMIP-PROF-1_1, reports:

*****
4.22 4.22 Basic Baseline Client KMIP Profile
*****

Reading:

*****
A profile that consists of the tuple {Baseline Client Conformance
Clause, Basic Authentication Suite}
*****

And if you chase the references Baseline Client Conformance Clause, it
points to:

Key Management Interoperability Protocol Specification Version 1.1. 21
September 2012. Candidate OASIS Standard 01.
http://docs.oasis-open.org/kmip/spec/v1.1/cos01/kmip-spec-v1.1-cos01.html.

a candidate OASIS standard.

One part of the difficulty is that you have cited six documents where
only one was an arguably correct reference.

Another part is that it appears you were trying to profile these
various versions collectively, with more attention to the test cases
than the prose.

I'm not saying such a profile isn't possible but as written, your
editor is right, the test cases, are the organizational principle of
these documents.

That's unfortunate because the test cases only test a limited number
of cases permitted under the prose, at least insofar as I can
determine what the prose is meant to say.

I will refrain from offering a solution at this point because the TC
will need to satisfy itself as to the facts of this issue and how it
wishes to proceed in terms of addressing this concern, should it find
it is well founded.

Hope everyone is having a great week!

Patrick

PS: The collective nature of the [KMIP-PROF] and [KMIP-SPEC] citations
means that all citations of [KMIP-PROF] and [KMIP-SPEC] need to be
checked and the correct citations inserted. (Or updated, etc. as the
case may be.)

While true that some people will rely solely on the test cases, there
are people who rely upon standards as written and for such important
work as this, in these security conscious times, other people will be
checking your work very closely.

Just my opinion but I would want to remove every known basis for
criticism before I released such an important document to the public.


- -- 
Patrick Durusau
patrick@durusau.net
Technical Advisory Board, OASIS (TAB)
Co-Chair, OpenDocument Format TC (OASIS)
Editor, OpenDocument Format TC, Project Editor ISO/IEC 26300
Former Chair, V1 - US TAG to JTC 1/SC 34
Convener, JTC 1/SC 34/WG 3 (Topic Maps)
Co-Editor, ISO 13250-5 (Topic Maps)

Another Word For It (blog): http://tm.durusau.net
Homepage: http://www.durusau.net
Twitter: patrickDurusau
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTMIjsAAoJEAudyeI2QFGofdMQANJnK53en6YcszE9T1i/gbpf
tDg9zo5/Nz2b1YFhE8XAI/HZjRsyUnqgk/uzT0FgbAIQ1kRqQRP6nDOf3z+NlhLi
UObacrvhjAoJv5fAIBX8sBpXH1oC5C/Zz2eDaYISF5jQK7eZc1JQxxINeIHgMCjK
SBwyrQWduMlBSHNPLSPOIze72Mi7TKvBZX4gm1iKpzXG0ltQ0MOSk2V37Iu48Kt2
OI4JhVz31t4ldcrrvgf3JSijziLJERqa2fI9QjML2tK9ksoj1O3J57/QSx7ypgbY
U0yp4xZmCzF0okLAkxoOToNYlxZy15igIU5o9drRgwwlzx3i6N3OH20iwJsta+PM
CkD7/4U1TGifXUqxwJis+OsoLedJ/l9maEerykX+VXaTNvOmFr+c3x+s9h4i3UVI
51JM8yhy7PoSIjoLzXzTL6uTXQZODKaxdUXiEVcc3bua8xZKyp5rSGW5mIO2CJxG
CBc0uICSuLQjaA34NBdNVfmy0f9OKH43pgdMtsEjT4e2DOtixlN6yGuJgikYw2s/
e6NIH9CBQQ5FdioH6diFZoTmSHKPml4tBw7HdpTQOT5tJHpq5roQ0LuiPavMe4MI
NWW5OWGyrkxqcoWWi/1MWy6jFfqIfuWFHubeDbh/nIwpro0s9D+Fd7uSfGBk4aFv
jHZpw7s0pxzJDp7AMO6k
=MSxQ
-----END PGP SIGNATURE-----

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]