Should we define "Endpoint Profile" or "Profile"?

[adammontville]

Endpoint Characterization mentions a "profile" of endpoint attributes, and Endpoint Classification states that an "endpoint profile" is a form of declarative guidance used to define a class of endpoints. Do we need to explicitly define either "profile" or "endpoint profile"?

[henkbirkholz]

That is worthwhile, I think.

"Endpoint Profile" is very useful - but we have to point out that it might refer to more than one target endpoints and more than one "Endpoint Profiles" might point to a single target endpoint... depending on the information that can be acquired to compose the "Endpoint Profile". Without a well-known "trusted" (RFC4949) label, there can be this ambiguity in expressiveness.

As a reference, "Identity" from RFC4949 allows for this ambiguity.

RFC4949 references the CC protection profile. To be more aligned with CC we could pull in some reference of "security target" and therefore know what the declarative guidance side is.