Ballot Details: Approve Key Management Interoperability Protocol Usage Guide Version 1.2 as a Committee Note (CLOSED)

Ballot Question Do you approve Key Management Interoperability Protocol Usage Guide Version 1.2 [1] as a Committee Note?
Ballot Description This ballot requires a Full Majority Vote [2]. The TC roster currently lists 26 voting members. In order to pass, at least 13 members have to vote Yes.

[1] URI for the specification
http://docs.oasis-open.org/kmip/ug/v1.2/cnprd02/kmip-ug-v1.2-cnprd02.doc

[2] http://www.oasis-open.org/committees/process-2010-07-28.php#dSpecialMajority
Ballot Options
VOTING CLOSED: Tuesday, 11 November 2014 @ 11:59 pm UTC
Yes 23 95.833
No 1 4.167
Abstain 1
Open Date Wednesday, 5 November 2014 @ 12:00 am UTC
Close Date Tuesday, 11 November 2014 @ 11:59 pm UTC
Ballot Type Official, as defined by organization policies and procedures

Voting Statistics

Number of votes cast (excluding abstentions) 24
Eligible members who have voted 25 of 26 96.154%
Eligible members who have not voted 1 of 26 3.846%

Voting Summary by Option

Options with highest number of votes are bold
Option # Votes % of Total
Yes 23 95.833%
No 1 4.167%
Abstain 1

Voting Details

Voter Name Company Vote * Time (UTC) Comments
* Bartell, Jeff Fornetix Yes 2014-11-06 19:21:00
* Berglas, Anthony Cryptsoft Pty Ltd. Yes 2014-11-05 01:31:00
* Bjorkqvist, Mathias IBM Yes 2014-11-10 19:00:00
* Brand, Joseph Fornetix Yes 2014-11-06 14:18:00
* Cox, Tony Cryptsoft Pty Ltd. Yes 2014-11-05 00:11:00
* Furlong, Judith EMC Yes 2014-11-06 17:19:00
* Gleeson, Susan Oracle Yes 2014-11-05 17:35:00
* Hudson, Tim Cryptsoft Pty Ltd. Yes 2014-11-05 00:15:00
* Joseph, Mark P6R, Inc Yes 2014-11-05 16:53:00
* Kriese, Kathy Symantec Corp. Yes 2014-11-05 01:04:00
* Lockhart, Hal Oracle Yes 2014-11-05 14:47:00
* Lockhart, Robert Thales e-Security Yes 2014-11-05 01:13:00
* Peck, John IBM Yes 2014-11-11 15:54:00
* Rich, Bruce IBM Yes 2014-11-07 07:46:00
* Robbins, Warren Dell Yes 2014-11-05 20:56:00
* Saha, Saikat Oracle Yes 2014-11-05 18:51:00
* Sankuratripati, Subhash NetApp Yes 2014-11-05 14:56:00
* Soman, Amruta Cryptsoft Pty Ltd. Yes 2014-11-05 20:40:00
* Susoy, Jim P6R, Inc Yes 2014-11-05 18:32:00
* Thota, Kiran VMware, Inc. Yes 2014-11-05 17:15:00
* White, Charles Fornetix Yes 2014-11-06 18:08:00
* Zdunkiewicz, Magda Cryptsoft Pty Ltd. Yes 2014-11-05 00:20:00
* Zhu, Joshua Vormetric, Inc. Yes 2014-11-06 21:39:00
* Featherstone, David SafeNet, Inc. No 2014-11-10 19:31:00 1
* Leiseboer, John QuintessenceLabs Pty Ltd. Abstain 2014-11-05 02:34:00
* Robinson, Peter EMC --

Voter Comments

Submitter Vote Comment
Featherstone, David
SafeNet, Inc.
No Cannot support the Usage Guide as it stands primarily due to Section "3.6 Templates", whose guidance appears to perpetuate the misuse of Templates.

Both the UG and the spec itself interpret Template Managed Objects (MOs) in two conflicting ways:

__Interpretation_1__

A Template MO is a container of attributes; the contained attributes are wholly separate from a Template's "associated attributes" [i.e. separate from the attributes expressed by (and not necessarily contained by) the Template itself, such as Contact Information]. A Managed Object created via Template reference inherits the attributes contained by [rather than expressed by] the referenced Template. In this interpretation, for example, a Template may contain the Cryptographic Algorithm attribute, but cannot itself express that attribute.


__Interpretation_2__

A Template MO is a prototypical MO. The attributes expressed by the Template are indistinguishable from the attributes contained by the template -- to the degree that a Template's contained attributes essentially have no value/purpose. A Managed Object created via Template reference inherits the attributes expressed by the referenced Template [rather than the attributes contained by the referenced Template].In this interpretation, for example, a Template may express any attribute, including Cryptographic Algorithm.


I believe Interpretation-1 should be the only interpretation. In this interpretation, at most the following attributes could be _expressed_ by a Template MO: {Unique Identifier, Name, Object Type[=Template], Operation Policy Name, Original Creation Date, Initial Date, Archive Date, Last Change Date, Contact Information, Custom Attribute}. On the other hand, any "client settable" attribute could be _contained_ by a Template MO, including {Name, Object Type, Operation Policy Name, Original Creation Date, Cryptographic Algorithm, Usage Limits, etc.}. Moreover, only the attributes _contained_ by a Template MO become manifest upon referencing a Template; the attributes _expressed_ by a Template MO never become manifest upon referencing a Template and are used solely for the management of the Template MO itself.

... Dave