-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hannes's comments #195
Comments
JSON is not in scope. |
If we are to be in |
TCG DICE Endorsement Architecture is an information model. The data model is not normative (provided in an appendix). I-D.corim makes the data model normative. |
Too confusing Ned: Throughout the TCG document It mentions, support for JSON and CBOR What has changed since then? |
I meant to say data definition (i.e., CDDL representation) is in the appendix. Appendicies are non-normative in TCG specs. The references to JSON and CBOR are in gray background text blocks which are another form of informative. Effectively, the 'wire format' is not normative. CDDL, technically isn't a wire format (so it can be described as a data modelling language). But it maps to cbor readily, so it makes a reasonable substitute for a wire-format expression. CDDL can be tweaked to allow it to describe JSON as a wire format. |
I agree that expression in CDDL can be manifested in either To this fact the specification is very clear in Section 4.4: The CoRIM schema, expressed in CDDL, is used to generate the CoRIM file that typically is rendered in CBOR [18] |
I think, this is a |
I am strongly against specifying a JSON serialisation in the IETF document. The only serialisation we should describe is CBOR. |
Please specify your reason for the |
scope creep |
Lets discuss this in our CoRIM Weekly: We need to scope out the amount of effort before concluding that it is indeed a The Benefits/PROS of including JSON is:
The CONS/Disadvantages are:
Given that we are re-jigging Verifier Algorithm and also. the spec is |
In the Abstract we state:
In the Introduction we re-state:
which is the reason why we named it Co-RIM in the first place. If there are good reasons for providing a JSON serialisation, I am sure someone will come up with a JoRIM or JRIM, or something like that at some point in the future. At present, I see no reason to add a big chunk of extra work to ourselves: I'd rather spend our precious cycles finishing the document as is. |
+1 |
Sure I understand the resistance to change. However given the fact about |
The question is who feels the pain? There is pain on the side of the verifier who now has another format to parse and map to an internal representation. If the pain point is on rim authors, the Veraison approach seems to address this by allowing authors to use JSON while the wire format is CBOR. |
Yes, Veraison approach certainly helps to some extent. However Specific use cases have |
|
I agree, extensions can be encoded in JSON! |
So, the Veraison approach is sufficient, isn't it? |
Yes, I agree, |
I think we are talking past each other. In #195 (comment) you seemed to say that Veraison's approach was lacking in the case of custom user extensions. |
Yes, I stand corrected, I just checked and comment on #195 (comment) no longer holds |
Amongst other things, the point of CoRIM is:
I could go on and on, but there is no point to force scope creep into the message representation. An exposition of JSON encoded data can easily happen (and is de-facto already happening) on the application layer. There is no reason to pull that down to the CoRIM structure. |
If that is actually a problem for a given real-world entity, I would feel quite uneasy trusting that entity to issue an endorsement in the first place, tbh. |
I'd also like to comment on that particular statement: As a contributor, I do not think that there is generic 'resistance to change' (see, for example, Thomas' proposal to simplify the core spec on a fundamental level). I do think there is valid resistance to your proposal, though. |
Clarity and other aspects raised in the issue are required for the first release of the specification! |
Recapping:
2, 3, and 5 seem actionable. Maybe the next step is to create separate issues for each and someone volunteers to do the work? |
Here are few points raised by Hannes, which are listed in sequence below, so that they are not lost and feedback incorporated.
Goal
of the document.CoMID
.language
is referred aslang
.Triples
and one should provide Examples as to how JSON Encoding will look like?The text was updated successfully, but these errors were encountered: