RE: [kmip] Groups - Name attribute modification to allow non-unique names uploaded

["Lockhart, Robert" <Robert.Lockhart@thalesesec.com>]

Classification: Thales e-Security INTERNAL

Bruce,

Actually I have no problem with this but for ease of use sake I would rather have Name be the non-unique and a new attribute be labeled what it is (Application Specific Name).  I think I could be happy with Nickname as long as the verbiage around the Name attribute stated it was not configurable by the server and it becomes defined as an application specific name (which I would have preferred to put under Application Specific Information except it would make our server lookup tables impossible to maintain trying to track every possible place an application could drop it).

This was basically how we solved it in P1619.3 with the three name spaces.  The first was Name - non-unique, optional and it was human readable text that an application would know about (barcode on a tape, mobile number, etc...). Second was the Application Specific Identifier - unique within a realm/domain but optional.  Lastly was the Globally Unique ID - Equivalent of the KMIP UUID attribute.

I considered doing this but the changes to the spec will be more drastic and I was trying to avoid that or at least that's the excuse I am sticking with anyway. ;')

Honestly I should have caught this earlier but I wasn't as involved when ASI was proposed thinking there was a name space defined in there for some reason.  Now I would like to get it corrected so lookups can be done on the two identifiers by clients and the administrators (folks typing at a terminal) can use the name to find what they want.

It will make a good discussion for today.

Bob L.

Robert A. (Bob) Lockhart
Chief Solution Architect - Key Management
THALES e-Security, Inc.

________________________________
From: Bruce Rich [brich@us.ibm.com]
Sent: Thursday, December 06, 2012 07:49
To: Lockhart, Robert
Cc: kmip@lists.oasis-open.org
Subject: Re: [kmip] Groups - Name attribute modification to allow non-unique names uploaded

Bob,

I am strongly opposed to this breaking change to the current protocol.

Applications today can count on the uniqueness of the Name attribute to locate a specific object in KMIP.  Your proposal robs them of that ability.  And your description is inaccurate.  Your proposal does NOT allow "easy lookups of specific objects".  It renders the process more complicated, in that it allows multiple possible answers to a question that today would yield at most one specific answer.

I would be totally OK with the introduction of a "Nickname" attribute that behaves as you described in your proposal.  Applications that wish to deal with the ambiguity of such a mechanism could then opt to use it.  I think it wrong to change the semantics of "Name" without a major protocol version change.

Bruce A Rich
brich at-sign us dot ibm dot com




From:        Robert Lockhart <Robert.Lockhart@thalesesec.com>
To:        kmip@lists.oasis-open.org
Date:        12/04/2012 08:39 AM
Subject:        [kmip] Groups - Name attribute modification to allow non-unique names uploaded
Sent by:        <kmip@lists.oasis-open.org>
________________________________



Document Name: Name attribute modification to allow non-unique names<https://www.oasis-open.org/apps/org/workgroup/kmip/document.php?document_id=47623>
________________________________
Description
Modification to make the name attribute non-unique for a standard attribute
that allows easy lookups of specific objects by a human readable name.
Download Latest Revision<https://www.oasis-open.org/apps/org/workgroup/kmip/download.php/47623/latest/kmip-spec-v1.2_name_attribute_change_proposal.doc>
Public Download Link<https://www.oasis-open.org/committees/document.php?document_id=47623&wg_abbrev=kmip>
________________________________
Submitter: Robert Lockhart
Group: OASIS Key Management Interoperability Protocol (KMIP) TC
Folder: Proposals
Date submitted: 2012-12-04 06:37:15