In the course of our work for the POC, SafeNet found the following issue.
The specification states a custom attribute can be any data type or structure. By allowing type structure, the spec allows for custom attribute hierarchies of arbitrary depth. This raises some questions regarding request processing and server storage of attributes.
One complex case is the Locate operation: if a key has a custom attribute x-A, which has a sub-attribute x-B, can clients specify x-B criteria in a Locate operation and expect the server to find matching objects? GetAttributeList returns a flat list of attribute names associated with an object. Should sub-attributes be included in this list? Can sub-attributes be independently retrieved via GetAttributes?
To simplify things, I'd like to propose we disallow custom attributes of type structure in version 1.0. Note that clients wishing to use KMIP encoding for structured custom attributes can still do so and save them using type byte string. The difference is that there is no implied obligation for the server to understand the structure.
Thanks
-Alan
The information contained in this electronic mail transmission
may be privileged and confidential, and therefore, protected
from disclosure. If you have received this communication in
error, please notify us immediately by replying to this
message and deleting it from your computer without copying
or disclosing it.