Closed adammontville closed 6 years ago
The declarative guidance on password length is indeed not an endpoint attribute. The actual length of a password (which hopefully cannot be inferred for security reasons) would be an endpoint attribute.
Not every Information Element is an Endpoint Attribute.
Aha! Ok, now things are starting to shape differently in my mind. Thank you.
At present the definition of Endpoint Attribute begins with: "In the context of SACM, endpoint attributes are information elements..." Information Element is defined as "a representation of information about...objects of interest", and it is pointed out that Information Elements are part of our Information Model (building blocks, in fact). Does this, to anyone else, seem as though we are stating the "Endpoint Attribute" is an "Information Element"?
Concretely, the endpoint attribute "password length" is not actually on the endpoint, but is an information element in our information model with value 14.
Is there a way to define Endpoint Attribute without relying on how we intend to model it?