errata logo graphic

Found 1 record.

Status: Held for Document Update (1)

RFC5070, "The Incident Object Description Exchange Format", December 2007

Source of RFC: inch (sec)

Errata ID: 3333

Status: Held for Document Update
Type: Editorial

Reported By: Youki Kadobayashi
Date Reported: 2012-09-02
Held for Document Update by: Sean Turner
Date Held: 2012-09-06

Throughout the document, when it says:

As this errata involves a number of sections, original texts are also referred to in the Corrected Text below.

It should say:

#1, IncidentID includes a default value for the restriction attribute of "default" in the schema.  The specification description is updated as follows to correct the discrepancy.
Section 3.3, IncidentID:
Change from:
"  restriction
      Optional.  ENUM.  This attribute has been defined in Section 3.2."
To:
"  restriction
      Optional.  ENUM.  This attribute has been defined in Section 3.2.
      The default value is "public".


#2, In section 3.5, the UML diagram does not match the text description or schema for the minOccurs value.  It should be set to "1".  The diagram should be changed from:
"        +------------------+
         | RelatedActivity  |
         +------------------+
         | ENUM restriction |<>--{0..*}--[ IncidentID ]
         |                  |<>--{0..*}--[ URL        ]
         +------------------+

                      Figure 5: RelatedActivity Class"
To:

"        +------------------+
         | RelatedActivity  |
         +------------------+
         | ENUM restriction |<>--{1..*}--[ IncidentID ]
         |                  |<>--{1..*}--[ URL        ]
         +------------------+

                      Figure 5: RelatedActivity Class"

#3, Section 3.7.1, lists the attribute "registry" as "Required."  The default value is not specified in the schema as local, therefore the description is updated to match.  To match the schema, the definition is changed as follows:
From: 
"   registry
      Required.  ENUM.  The database to which the handle belongs.  The
      default value is 'local'.  The possible values are:"
To:
"   registry
      Optional.  ENUM.  The database to which the handle belongs.
      The possible values are:"

#4, Section 3.7.2, PostalAddress Class leverages the schema definition for MLStringType to include the "lang" attribute.  The MLStringType has this attribute as Optional.  The specification definition is updated as follows to correct the issue.
Change from: 
"   lang
      Required.  ENUM.  A valid language code per RFC 4646 [7]
      constrained by the definition of "xs:language".  The
      interpretation of this code is described in Section 6."
To:
"   lang
      Optional.  ENUM.  A valid language code per RFC 4646 [7]
      constrained by the definition of "xs:language".  The
      interpretation of this code is described in Section 6."

#5, Section 3.11, the "restriction" attribute of the History Class includes a default value of "default" in the schema.  As such, the specification definition is updated as follows.
Change from:
"   restriction
      Optional.  ENUM.  This attribute is defined in Section 3.2."
To:
"   restriction
      Optional.  ENUM.  This attribute is defined in Section 3.2.
      The default value is "default".

#6, Section 3.13, the "restriction" attribute of the Expectation Class includes a default value of "default" in the schema.  As such, the specification definition is updated as follows.
Change from:
"   restriction
      Optional.  ENUM.  This attribute is defined in Section 3.2."
To:
"   restriction
      Optional.  ENUM.  This attribute is defined in Section 3.2.
      The default value is "default".

#7, Section 3.13, the "action" attribute of the Expectation Class includes a default value of "other" in the schema.  As such, the specification definition is updated as follows.
Change from:
"   action
      Optional.  ENUM.  Classifies the type of action requested.  This
      attribute is an enumerated list with no default value."
To:
"   action
      Optional.  ENUM.  Classifies the type of action requested.  This
      attribute is an enumerated list with a default value of "other"."


#8, removed - placeholder to retain original numbering

#9, Section 3.10, a default value is specified for the "occurrence" attribute specification definition, but is not included in the schema.  The text in the specification is removed as follows to correct the discrepancy.
Change from:
"   occurrence
      Optional.  ENUM.  Specifies whether the assessment is describing
      actual or potential outcomes.  The default is "actual" and is
      assumed if not specified."
To:
"   occurrence
      Optional.  ENUM.  Specifies whether the assessment is describing
      actual or potential outcomes."


#10, Section 3.10.1, Impact Class leverages the schema definition for MLStringType to include the "lang" attribute.  The MLStringType has this attribute as Optional.  The specification definition is updated as follows to correct the issue.
Change from: 
"   lang
      Required.  ENUM.  A valid language code per RFC 4646 [7]
      constrained by the definition of "xs:language".  The
      interpretation of this code is described in Section 6."
To:
"   lang
      Optional.  ENUM.  A valid language code per RFC 4646 [7]
      constrained by the definition of "xs:language".  The
      interpretation of this code is described in Section 6."

#11, Section 3.10.1, Impact Class definition for the attribute type requires updating to match the schema listing of this attribute as "Optional".  The attribute includes a default value in the schema that should match the specification text.
Change from:
"   type
      Required.  ENUM.  Classifies the malicious activity into incident
      categories.  The permitted values are shown below.  The default
      value is "other"."
To:
"   type
      Optional.  ENUM.  Classifies the malicious activity into incident
      categories.  The permitted values are shown below.  The default
      value is "unknown"."


#12, Section 3.10.2, TimeImpact Class is inconsistent with the schema definition for the "duration" attribute.  The specification definition is updated as follows to resolve the issue.
Change from:
"   duration
      Required.  ENUM.  Defines a unit of time, that when combined with
      the metric attribute, fully describes a metric of impact that will
      be conveyed in the element content.  The permitted values are
      shown below.  The default value is "hour"."
To:
"   duration
      Optional.  ENUM.  Defines a unit of time, that when combined with
      the metric attribute, fully describes a metric of impact that will
      be conveyed in the element content.  The permitted values are
      shown below.  The default value is "hour"."

#13, Section 3.10.3, MonetaryImpact Class: "currency" attribute is inconsistent with the schema and the definition is updated as follows to correct the issue.
Change from:
"   currency
      Required.  STRING.  Defines the currency in which the monetary
      impact is expressed.  The permitted values are defined in ISO
      4217:2001, Codes for the representation of currencies and funds
      [14].  There is no default value."
To:
"   currency
      Optional.  STRING.  Defines the currency in which the monetary
      impact is expressed.  The permitted values are defined in ISO
      4217:2001, Codes for the representation of currencies and funds
      [14].  There is no default value."



#14, Section 3.10.4 Confidence Class needs a definition for the enumeration value of "unknown" to be consistent with the schema.
Change from:
"   rating
      Required.  ENUM.  A rating of the analytical validity of the
      specified Assessment.  The permitted values are shown below.
      There is no default value.

      1.  low.  Low confidence in the validity.

      2.  medium.  Medium confidence in the validity.

      3.  high.  High confidence in the validity.

      4.  numeric.  The element content contains a number that conveys
          the confidence of the data.  The semantics of this number
          outside the scope of this specification."
To:
"   rating
      Required.  ENUM.  A rating of the analytical validity of the
      specified Assessment.  The permitted values are shown below.
      There is no default value.

      1.  low.  Low confidence in the validity.

      2.  medium.  Medium confidence in the validity.

      3.  high.  High confidence in the validity.

      4.  numeric.  The element content contains a number that conveys
          the confidence of the data.  The semantics of this number
          outside the scope of this specification.

      5. unknown.  The confidence rating value is not known."

#15, Section 3.12, in the EventData Class, the "restriction" attribute includes a default value of "default" in the schema.  As such, the specification definition is updated as follows.
Change from:
"   restriction
      Optional.  ENUM.  This attribute is defined in Section 3.2."
To:
"   restriction
      Optional.  ENUM.  This attribute is defined in Section 3.2.
      The default value is "default".

#16, Section 3.15 System Class requires an update to the specification description to match the UML and schema definition for the Operating System" element as follows.
Change from:
"   OperatingSystem
      Zero or one.  The operating system running on the system."
To:
"   OperatingSystem
      Zero or more.  The operating system running on the system."

#17, Section 3.15, in the System Class, the attribute "category" is listed in the schema as Optional, so the definition in the specification requires updating as follows.
Change from:
"   category
      Required.  ENUM.  Classifies the role the host or network played
      in the incident.  The possible values are:"
To:
"   category
      Optional.  ENUM.  Classifies the role the host or network played
      in the incident.  The possible values are:"

For #18, Section 3.16.2, in the Address Class, the attribute "category" is listed in the schema as Optional, so the definition in the specification requires updating as follows.
Change from:
"   category
      Required.  ENUM.  Classifies the role the host or network played
      in the incident.  The possible values are:"
To:
"   category
      Optional.  ENUM.  Classifies the role the host or network played
      in the incident.  The possible values are:"

For #19, Section 3.16.3, NodeRole Class leverages the schema definition for MLStringType to include the "lang" attribute.  The MLStringType has this attribute as Optional.  The specification definition is updated as follows to correct the issue.
Change from: 
"   lang
      Required.  ENUM.  A valid language code per RFC 4646 [7]
      constrained by the definition of "xs:language".  The
      interpretation of this code is described in Section 6."
To:
"   lang
      Optional.  ENUM.  A valid language code per RFC 4646 [7]
      constrained by the definition of "xs:language".  The
      interpretation of this code is described in Section 6."


#20, Section 3.17 the Service Class attribute of "Application" specification description does not match the UML or schema.  The following update corrects the issue.
Change from:
"   Application
      Zero or more.  The application bound to the specified Port or
      Portlist."
To:
"   Application
      Zero or one.  The application bound to the specified Port or
      Portlist."

#21, Section 3.17 Service Class, the UML diagram and text does not match the schema for the ProtoField element.
Change from:
"   ProtoFlags
      Zero or one.  INTEGER.  A layer-4 protocol specific flag field."
To:
"   ProtoField
      Zero or one.  INTEGER.  A layer-4 protocol specific flag field."
AND update the UML diagram from:
"  +---------------------+
   | Service             |
   +---------------------+
   | INTEGER ip_protocol |<>--{0..1}--[ Port        ]
   |                     |<>--{0..1}--[ Portlist    ]
   |                     |<>--{0..1}--[ ProtoCode   ]
   |                     |<>--{0..1}--[ ProtoType   ]
   |                     |<>--{0..1}--[ ProtoFlags  ]
   |                     |<>--{0..1}--[ Application ]
   +---------------------+

                       Figure 31: The Service Class"
To:
"  +---------------------+
   | Service             |
   +---------------------+
   | INTEGER ip_protocol |<>--{0..1}--[ Port        ]
   |                     |<>--{0..1}--[ Portlist    ]
   |                     |<>--{0..1}--[ ProtoCode   ]
   |                     |<>--{0..1}--[ ProtoType   ]
   |                     |<>--{0..1}--[ ProtoField  ]
   |                     |<>--{0..1}--[ Application ]
   +---------------------+

                       Figure 31: The Service Class"

#22, Section 3.19.1 RecordData Class: the AdditionalData element's specification definition does not match the UML diagram or the schema and is updated as follows to correct the issue.
Change from:
"   AdditionalData
      Zero or one.  An extension mechanism for data not explicitly
      represented in the data model."
To:
"   AdditionalData
      Zero or more.  An extension mechanism for data not explicitly
      represented in the data model."

#23, Section 3.19.2, page 53: the definition of offsetunit should be changed to match the schema from:
"   offsetunit
      Optional.  ENUM.  Describes the units of the offset attribute.
      The default is "line".

      1.  line.  Offset is a count of lines.

      2.  binary.  Offset is a count of bytes.

      3.  ext-value.  An escape value used to extend this attribute.
          See Section 5.1."

To:

"   offsetunit
      Optional.  ENUM.  Describes the units of the offset attribute.
      The default is "line".

      1.  line.  Offset is a count of lines.

      2.  byte.  Offset is a count of bytes.

      3.  ext-value.  An escape value used to extend this attribute.
          See Section 5.1."

#24, Section 3.17.1 Application Class: for the definition for "swid", add "default="0"" to the definition to match the schema.  
Change from:
"    swid
      Optional.  STRING.  An identifier that can be used to reference
      this software."

To:
"   swid
      Optional.  STRING.  An identifier that can be used to reference
      this software, where the default value is "0"."


#25, Section 3.17.1 Application Class: the definition for the attribute "configid" requires updating to include a default value as is included in the schema.  
Change from:
"   configid
      Optional.  STRING.  An identifier that can be used to reference a
      particular configuration of this software."
To:
"   configid
      Optional.  STRING.  An identifier that can be used to reference a
      particular configuration of this software, where the default value is "0"."

Notes:

In each of the listed corrections, the schema is preferred as correct wherever possible for the updates provided. The assumption is that most existing implementations would have preferred the schema definition over the text descriptions or UML diagrams.

SPT: I removed #8 because it's a schema change and edited #17 at the request of the submitters.


Report New Errata