ocsf-schema
ocsf-schema copied to clipboard
ocsf
"Patch" extends can modify core schema attributes
Summary
"Patch" extends can modify core schema attributes, potentially causing events generated with an extension to become incompatible with core OCSF schema and other private extensions.
Details
A patch extends, typically where an extension "patches" a class or object in the core schema. These are triggered by defining a class or object without a name and only an extends or where the name and extends are the same.
In the patch case, the attributes and profiles from the the patching definition (from the extension) are merged backwards to the base class or object. In other words, the patching extension definition modifies the core schema.
The problem is with the merged attributes. Existing attributes can be modified with this mechanism, potentially causing a resulting OCSF Schema that is incompatible with the core schema by, for example, changing the type of an attribute.
We should, I think, validate the these patching cases either do not modify existing attributes, or only allow backwards-compatible changes. The backwards-compatible changes approach could be tricky, so I would avoid it if possible. If needed, we will need to carefully consider what kinds of attribute changes are safe. We want extensions to be compatible with the core schema and other private extensions.
