I apologize but I will not be able to attend the F2F so I am submitting a comment on the language specification via email. Unlike my other email, this is likely to take more than 2 minutes to discuss in the
F2F as it is an objection to a proposed normative change. Dave Kemp proposed to add
The value of the id field, if present, MUST equal the value of the request_id message field described in section 3.2.
to section 3.3.1. You can read Dave and I arguing back and forth in the google doc comments and apologies to all who have listened to our arguments in the LSC meetings, but I would like to express my objection
via email since I can t be at the F2F where this will hopefully be decided.
I don t see the value of making the command-id be the same as transport fields.
We d previously agreed to have an optional command-id as a field in the openc2 command. I am being specific in saying in the openc2 command as there has been much discussion on the topic of an openc2 command
having metadata associated with it (sometime called header information) that may have common components with transport elements. I am particularly concerned with the field called command-id that is a peer field to action/target/etc.
There are two main uses that have been discussed wrt command-id
(1) correlating command/response and
(2) canceling a previously issued command, particularly one that hasn t been executed yet (eg with a future start-time or with duration that isn t over yet).
I strongly believe the command content (ie the JSON in the block with action/target/id/etc) should not be dependent on information provided by transport. The statement above requires the command-id be dependent
on the request-id which is tied to the HTTPS X-Correlation-ID field (or equivalent for other transports). I have several issues on this. First and foremost is I think the command-id should be created by the openc2 producer first thing and not be dependent
on anything provided by the transport layer. If they must use the same value (I m not convinced they must) then I think the transport should be dependent on the command, not vice versa (ie don t approve statement above in the LS but add it to the transport
specs saying HTTPS X-Correlation-ID field must equal command-id). I d prefer they be independent but if they have to be the same, make command producer the creator. I am fine wth X-Correlation-ID field being used to correlate https (or equivalent) request/response
if it is independent of command-id. For the purposes of the delete command I think the unique command id should be used (ie for purpose (2) eg deleting the command).
I will go with the will of the group since I do want these standards to be adopted, but I do feel strongly they would be better with the command being transport-agnostic (which I feel this change would break).
Since I can not be present, I would like if someone could object to this change for me and at least get it to require other proponents. Ie so a straw poll not just of who objects but who supports vs who doesn t care. No one objects (since Duncan not present)
is different than 10 people think it should be that way. If more people want it than don t (it it s more than a 1-0 vote),I ll concede.
Apologies again for missing the F2F but my conflicting trip has been planned with friends for 2 years and I could not change it when the F2F was scheduled for the same time.
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more at
http://vsre.info /