Official CPE Dictionary - metadata changes; status

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Official CPE Dictionary - metadata changes; status

McCormick, Christopher [USA]
CPE Community,

NIST is planning to change how the 'status' attribute contained within the NIST metadata extension of the CPE Dictionary is populated.  At the current time names contained within the Official CPE Dictionary have a status value of either 'DRAFT' or 'FINAL'.  NIST will change the status of all names contained in the Official CPE Dictionary to a status of 'FINAL'. This message serves as an advance notice of this change and provides an opportunity to the CPE community to answer the question:

Will employing this status change adversely affect consumers of the CPE Dictionary?

Another notice will be issued with a specific date for when the change will take effect after the community has had an opportunity to voice any concerns.  Please provide feedback on this list or directly to NIST at [hidden email] by Friday, September 16, 2011.

Thank you,

Chris
Reply | Threaded
Open this post in threaded view
|

Re: Official CPE Dictionary - metadata changes; status

Brant Cheikes

I’d be interested in hearing from the vendor community regarding potential impacts of this change on existing implementations.  That said, the proposal begs the question, what information is the “status” metadata field intended to convey, and how is that information intended to be used?

 

Here’s an argument for maintaining a meaningful distinction between “candidate” (draft) and “approved” (final) names.  Suppose we were to establish a mechanism (e.g., a web service) whereby authorized agents could directly submit new names to the Official Dictionary.  (Imagine we federated authority for name generation to approved entities, such as software publishers and trusted third parties.)  The web service would perform minimal syntactic and semantic validation of names, then enter them immediately into the Official Dictionary with a status of DRAFT.  This would alert authorities within NIST to (eventually) review those names, but in the interim they would be considered valid and usable.  The DRAFT status would serve as a flag to dictionary consumers, that any name marked as DRAFT could, at a moment’s notice, change to FINAL (when approved) or instead be deprecated and replaced with a vetted and FINAL name.

 

Such an approach could serve not only to give the “status” field real meaning, remove possible bottlenecks to dictionary growth, and start building on the foundation (laid in the CPE 2.3 Dictionary specification) for so-called “extended” CPE dictionaries.

 

Cheers,

/Brant

 

Brant A. Cheikes
The MITRE Corporation
202 Burlington Road, M/S K302
Bedford, MA 01730-1420
Tel. 781-271-7505; Cell. 617-694-8180; Fax. 781-271-2352

 

From: Mccormick, Christopher [USA] [mailto:[hidden email]]
Sent: Tuesday, August 30, 2011 9:15 AM
To: cpe-discussion-list CPE Community Forum
Subject: [CPE-DISCUSSION-LIST] Official CPE Dictionary - metadata changes; status

 

CPE Community,

NIST is planning to change how the 'status' attribute contained within the NIST metadata extension of the CPE Dictionary is populated.  At the current time names contained within the Official CPE Dictionary have a status value of either 'DRAFT' or 'FINAL'.  NIST will change the status of all names contained in the Official CPE Dictionary to a status of 'FINAL'. This message serves as an advance notice of this change and provides an opportunity to the CPE community to answer the question:

Will employing this status change adversely affect consumers of the CPE Dictionary?

Another notice will be issued with a specific date for when the change will take effect after the community has had an opportunity to voice any concerns.  Please provide feedback on this list or directly to NIST at [hidden email] by Friday, September 16, 2011.

Thank you,

Chris


smime.p7s (4K) Download Attachment