| Ballot: Approve Key Management Interoperability Protocol Usage Guide Version 1.2 as a Committee Note |
Company:SafeNet, Inc. |
Vote:No |
Comment:Cannot support the Usage Guide as it stands primarily due to Section "3.6 Templates", whose guidance appears to perpetuate the misuse of Templates.
Both the UG and the spec itself interpret Template Managed Objects (MOs) in two conflicting ways:
__Interpretation_1__
A Template MO is a container of attributes; the contained attributes are wholly separate from a Template's "associated attributes" [i.e. separate from the attributes expressed by (and not necessarily contained by) the Template itself, such as Contact Information]. A Managed Object created via Template reference inherits the attributes contained by [rather than expressed by] the referenced Template. In this interpretation, for example, a Template may contain the Cryptographic Algorithm attribute, but cannot itself express that attribute.
__Interpretation_2__
A Template MO is a prototypical MO. The attributes expressed by the Template are indistinguishable from the attributes contained by the template -- to the degree that a Template's contained attributes essentially have no value/purpose. A Managed Object created via Template reference inherits the attributes expressed by the referenced Template [rather than the attributes contained by the referenced Template].In this interpretation, for example, a Template may express any attribute, including Cryptographic Algorithm.
I believe Interpretation-1 should be the only interpretation. In this interpretation, at most the following attributes could be _expressed_ by a Template MO: {Unique Identifier, Name, Object Type[=Template], Operation Policy Name, Original Creation Date, Initial Date, Archive Date, Last Change Date, Contact Information, Custom Attribute}. On the other hand, any "client settable" attribute could be _contained_ by a Template MO, including {Name, Object Type, Operation Policy Name, Original Creation Date, Cryptographic Algorithm, Usage Limits, etc.}. Moreover, only the attributes _contained_ by a Template MO become manifest upon referencing a Template; the attributes _expressed_ by a Template MO never become manifest upon referencing a Template and are used solely for the management of the Template MO itself.
... Dave |
|
