|
I agree with Magnus. The terms integrity and authenticity are in wide use. Provenance isn’t (yet)?
LL
On May 28, 2024, at 10:04 AM, Magnus Nyström <magnusn@xxxxxxxxx> wrote:
Thanks Carsten. It could be that I am not familiar with the terminology used in the SDF area, but "provenance" is not a term that I immediately would have recognized as covering authenticity and integrity. This is just a suggestion, but perhaps you could
consider changing
FROM
|
Implementations need to ascertain the provenance (and thus authenticity and integrity) |
TO
Implementations need to ascertain the authenticity and integrity (i.e., provenance)
But, leaving that to you and the team to decide.
No concerns from my side,
/M
|
On Mon, May 27, 2024 at 10:56 PM Carsten Bormann < cabo@xxxxxxx> wrote:
Hi Magnus,
thank you for this review.
A couple of quick comments to your specific items:
> - The Security Considerations section mentions the possible need for
> confidentiality of an SDF model ("There may be confidentiality requirements on
> SDF models, both on their content and on the fact that a specific model is used
> in a particular Thing or environment"). Couldn't there also be a need for
> integrity/authenticity of a given SDF model? The document is silent on this.
Actually, we use (twice) a much stronger word: provenance.
This combines integrity and authentication with some appraisal (or at least policy) of how the data from the authenticated source can be used.
We are not pointing to a specific mechanism here, as that is likely to be ecosystem specific.
We could, however, explicitly remind the reader that provenance has integrity and authenticity as a prerequisite.
A minimal change in:
https://github.com/ietf-wg-asdf/SDF/pull/157
> -
> Related to the previous point, was it ever discussed to allow for an integrity
> or authenticity value accompanying or being part of an SDFThing instance?
Given the role of SDF as a hub format, SDF needs to be agnostic to the kinds of integrity protection and authenticity that is used with it. Embedding a model into an SDFThing instance is certainly one way to provide this information in a way that could make
use of protection already available for the Thing in general. It is more likely, though, that a Thing will provide a reference to its model that is stored somewhere else. That would be described in a model using an extension such as that proposed in [1]
(if it is offered as an affordance from an instance) or possibly [2]. (These are likely to become WG documents after the current rechartering.)
[1]: https://datatracker.ietf.org/doc/draft-bormann-asdf-sdftype-link/
[2]: https://datatracker.ietf.org/doc/draft-laari-asdf-relations/
Grüße, Carsten
--
-- Magnus
--
last-call
mailing list -- last-call@xxxxxxxx
To
unsubscribe send an email to last-call-leave@xxxxxxxx
|
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
