Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The id property description is inconsistent #66

Open
andrea-gioia opened this issue May 22, 2024 · 1 comment
Open

The id property description is inconsistent #66

andrea-gioia opened this issue May 22, 2024 · 1 comment
Assignees
Labels
📄 Error Error report

Comments

@andrea-gioia
Copy link
Contributor

andrea-gioia commented May 22, 2024

Problem

The specification declares to use as the value for the id property a UUIDv3 built hashing the fullyQualifiedName with SHA-1 algorithm.

According to RFC-4122 the difference between UUIDv3 and UUIDv5 lies in the hashing algorithm used:

  • UUIDv3 - Uses MD5 (Message-Digest Algorithm 5)
  • UUIDv5 - Uses SHA-1 (Secure Hash Algorithm 1)

This is inconsistent. If we decide to use a UUIDv3 value for the id property then we must declare the use of MD5 as the hashing algorithm. If instead, If we decide to use SHA-1 hashing algorithm then we must declare that the id property is an UUIDv5

Moreover isn't clear how to generate the UUID using only the fullyQualifiedName. UUID generation requires the name of the object and its namespace. Both information can be derived by the fullyQualifiedName but it is not clearly explained how.

Solution:

The RFC-4122 suggests using SHA-1 algorithm as the preferred hashing function whenever possible. So as a solution for the inconsistency described here, we propose to adopt UUIDv5 in place of UUIDv3.
We need also to specify how to decompose the fullyQualifiedName into name and namespace to generate the UUIDv5 value. We propose to use as namespace the mesh-namespace part of the fullyQualifiedName and as name the product name plus its major version number, separated by columns.

Other considerations:

  1. Could be useful to add a namespace property to the descriptor root entity
  2. In general, we always talk about data products but in reality, a descriptor document describes a specific version of a data product, not the product in general. We need to clarify this important concept to avoid ambiguity in the future.
@andrea-gioia andrea-gioia added the 📄 Error Error report label May 22, 2024
@andrea-gioia andrea-gioia added this to the DPDS v1.0.0 milestone May 22, 2024
@andrea-gioia andrea-gioia self-assigned this Jun 12, 2024
@andrea-gioia
Copy link
Contributor Author

In version 1.0.0 the description of every id property has been changed referring to UUID v5 in place of UUID v3. The issue is still open anyway because the ambiguity on the namespace remains.

@andrea-gioia andrea-gioia removed this from the DPDS v1.0.0 milestone Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
📄 Error Error report
Projects
None yet
Development

No branches or pull requests

1 participant