You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The specification declares to use as the value for the id property a UUIDv3 built hashing the fullyQualifiedName with SHA-1 algorithm.
According to RFC-4122 the difference between UUIDv3 and UUIDv5 lies in the hashing algorithm used:
UUIDv3 - Uses MD5 (Message-Digest Algorithm 5)
UUIDv5 - Uses SHA-1 (Secure Hash Algorithm 1)
This is inconsistent. If we decide to use a UUIDv3 value for the id property then we must declare the use of MD5 as the hashing algorithm. If instead, If we decide to use SHA-1 hashing algorithm then we must declare that the id property is an UUIDv5
Moreover isn't clear how to generate the UUID using only the fullyQualifiedName. UUID generation requires the name of the object and its namespace. Both information can be derived by the fullyQualifiedName but it is not clearly explained how.
Solution:
The RFC-4122 suggests using SHA-1 algorithm as the preferred hashing function whenever possible. So as a solution for the inconsistency described here, we propose to adopt UUIDv5 in place of UUIDv3.
We need also to specify how to decompose the fullyQualifiedName into name and namespace to generate the UUIDv5 value. We propose to use as namespace the mesh-namespace part of the fullyQualifiedName and as name the product name plus its major version number, separated by columns.
Other considerations:
Could be useful to add a namespace property to the descriptor root entity
In general, we always talk about data products but in reality, a descriptor document describes a specific version of a data product, not the product in general. We need to clarify this important concept to avoid ambiguity in the future.
The text was updated successfully, but these errors were encountered:
In version 1.0.0 the description of every id property has been changed referring to UUID v5 in place of UUID v3. The issue is still open anyway because the ambiguity on the namespace remains.
Problem
The specification declares to use as the value for the
id
property a UUIDv3 built hashing thefullyQualifiedName
with SHA-1 algorithm.According to RFC-4122 the difference between UUIDv3 and UUIDv5 lies in the hashing algorithm used:
This is inconsistent. If we decide to use a UUIDv3 value for the
id
property then we must declare the use of MD5 as the hashing algorithm. If instead, If we decide to use SHA-1 hashing algorithm then we must declare that theid
property is an UUIDv5Moreover isn't clear how to generate the UUID using only the
fullyQualifiedName
. UUID generation requires the name of the object and its namespace. Both information can be derived by thefullyQualifiedName
but it is not clearly explained how.Solution:
The RFC-4122 suggests using SHA-1 algorithm as the preferred hashing function whenever possible. So as a solution for the inconsistency described here, we propose to adopt UUIDv5 in place of UUIDv3.
We need also to specify how to decompose the
fullyQualifiedName
into name and namespace to generate the UUIDv5 value. We propose to use asnamespace
themesh-namespace
part of thefullyQualifiedName
and as name the product name plus its major version number, separated by columns.Other considerations:
namespace
property to the descriptor root entityThe text was updated successfully, but these errors were encountered: