On Oct 23, 2024, at 13:02, Q Misell <[email protected]> wrote:
> > Automation systems would never receive a RSC without first having sent out > > instructions about what's expected in the RSC's payload. > > Whilst this is on the surface correct, it misses the point. Consider the > following: > • > System A expects an RSC in format A > • System B is unaware of format A, and is thus unaware of the > consequences of signing an RSC in format A > • User A asks System B to create an RSC in format A > • System B happily obliges, not knowing the consequences of what it is > signing > • System A accepts the RSC from User A - even if User did not have the > required permissions within the organisational scope of System B to do so > > I suspect purpose can be derived from context in which the RSCs are > > sent/received. > > Independent systems can derive different expected purposes from context if > we're not explicit about it. I am interested in this. Customers who want to do the BYOIP onboarding dance with multiple service providers might appreciate having consistent instructions from all concerned about what payload to sign and submit. This would also make it easier to use a single toolchain for multiple providers. Seems like exactly the kind of scenario where we normally expect interop to be useful. I think it's a nice feature that signed checklists by design are flexible and payload-agnostic, but perhaps there is some benefit in specifying the format of specific documents to be used in specific circumstances (like 'BYOIP onboarding') as well. Having said all of that, this is all quite new to me and I am standing by to receive education :-) Joe _______________________________________________ GROW mailing list -- [email protected] To unsubscribe send an email to [email protected]
