search

tnc-ba / strongTNC

BYOD TNC Database Management Tool
GNU Affero General Public License v3.0
0 stars 0 forks source link

Add support for 'Targeted Requests' to swidGenerator #71

Closed d22 closed 10 years ago

d22 commented 10 years ago

As of the document, "SWID Message and Attributes for IF-M" by the TCG Trusted Network Connect, we need to implement support for the usecase of "Targeted Requests".

This means our tool should be able to deliver SWID tags which are requested by an IMV, the key for the requested tags ist the tag id, which consists of the regid and the uniqueid of a SWID tag.

cfaessler commented 10 years ago

Page 17: Targeted requests cannot target specific SWID tag instances, but instead they target every instance of the tags matching the requested tag identifiers. When responding to a targeted request, a SWID-IMC MUST return applicable results for every instance of the identified tags.

Note that targeted requests identify the SWID tags relevant to the request only through SWID tag identifiers for those tags. This specification does not support arbitrary, parameterized querying of tags. For example, one cannot request all tags from a certain software publisher, or all tags created by a particular tag author. Targeted requests only allow one to request specific tags (as identified by their tag identifiers) and receive a response that is limited to the named tags.

cfaessler commented 10 years ago

According to that we could provide a filter function in the generator (maybe with regex/wildcards) main.py --match "regid.2004-03.org.strongswan" main.py --match "NetworkManager" thus we dont need to parse Tag-ID's

d22 commented 10 years ago

As far as I see, the instance thing is not relevant for us, as we guaranteed have only one instance per tag. My understanding is, that with targeted requests, a tag must be clearly identified, but the tagid can match several instances. It is not possible to get another tag than requested.

d22 commented 10 years ago

Usecase as in #63

cfaessler commented 10 years ago

@d22 please review, thx

cfaessler commented 10 years ago

I did not implement regex check to the new --match parameter (like we did for --regid and --entity). I thought its not needed, what do you think?

d22 commented 10 years ago

No, I don't think it's necessary, either way it matches or it doesen't. I think we should only check the parameters if it's used as a part of the generated output.

d22 commented 10 years ago

Review is done. Two comments, otherwise good!