Does a repository provide data?

[djhaynes]

Currently, the definition for "repository" is:

"A repository is a specific controller type that contains functions to store information of a particular kind - typically data transported on the data plane, but potentially also data and metadata from the control and management plane. A single repository may provide the functions of more than one specific repository type (i.e. configuration baseline repository, assessment results repository, etc.)"

Furthermore, Section 3.1.4 of the Architecture draft states:

"Repository: Intermediary receiving and storing data from a Provider, and providing stored data to a Consumer. Implements both control and data plane functions. "

Given this, shouldn't the definition of "repository", in the Terminology draft, say something about providing data?

[athiasjerome]

Good point. Potentially consider also the term (Knowledge) Catalog before updating the Terminology draft.

[athiasjerome]

This could help: https://tools.ietf.org/html/draft-ietf-mile-rolie-01 4.2.4.4. Use Case: Cyber Data Repository

[henkbirkholz]

A repository is associated with the roles provider, consumer, and broker. Therefore, a repository does not only store, but also consumes and provides on the data plane. Correspondingly, a proxy is also associated with the roles provider, consumer, and broker, but does not store and only consumes and provides on the data plane (it might store data in regard to the control plane, though). A broker is (probably) associated with the role of a controller only.

The example 4.2.4.4. in https://tools.ietf.org/html/draft-ietf-mile-rolie-01 illustrates a repository without a defined interface to consume data (it might be implied, maybe?). This would be a different kind of repository - very similar to a collector that does not push SACM content, but has to be polled.

[henkbirkholz]

Jerome, could you elaborate on the term catalogue? It seems to be a synonym to the term capability used in SACM?