ocsf-schema icon indicating copy to clipboard operation
ocsf-schema copied to clipboard
verified publisher icon ocsf

digital_signature name mismatch between objects and dictionary.json

Open medallium opened this issue 1 year ago • 2 comments

Will it be possible to unify the "signature" (dictionary) and "digital_signature" (object)?

The object mentions that the usage for the name should be "digital_signature", but in the dictionary.json there is no entry for "digital_signature", only "signature"|"signatures" (but with type:digital_signature).

digital_signature object: https://github.com/ocsf/ocsf-schema/blob/e651e9dc9e056a236d48d5ac9c2d3e4715ef8341/objects/digital_signature.json#L2-L3

signature dictionary: https://github.com/ocsf/ocsf-schema/blob/e651e9dc9e056a236d48d5ac9c2d3e4715ef8341/dictionary.json#L4114-L4124

Just wondering if this needs to be resolved or if this is a known discrepancy between objects and dictionary.

medallium avatar Jul 29 '24 09:07 medallium

@medallium Good eye! I don't believe this is a bug, as the signature attribute's type aligns with the object's digital_signature name. However, I understand how the difference in naming between digital_signature as the object name and signature as the attribute name could be perceived as a quirk. It seems likely that the shorter attribute name signature was intentional, given its use in the OCSF framework with file.signature and osint.signatures.

I could think of two ways that would resolve the discrepancy:

  1. Non-Breaking: Rename the digital_signature object to signature, and reference it as type signature. That shouldn't have any impact on schema functionality, but the object/attribute names may be purposely distinct.
  2. Breaking: rename the signature(s) attributes to digital_signature(s). Since this would be breaking, we wouldn't aim for this one.

@floydtree do you have any additional thoughts on this?

mikeradka avatar Aug 21 '24 20:08 mikeradka

I agree, this is very much intentional and not a bug. Many objects have "instances" (think attributes of type object) which have differing names. This can be for multiple reasons, the most common one being - having a shorter named attribute to be used in the actual schema.

As a general note, in OCSF, attributes that are defined in dictionary.json are the only attributes that can be utilized in the framework. For an object to be usable in a given event class definition, it first needs to be defined in the dictionary, only then it is available to used elsewhere. You would create such attributes, with a type of the underlying, desired object. (signature of type digital_signature object)

Having said that, I don't think we need to make any changes here, but curious to understand the specific issues that @medallium may be facing and how we can alleviate those.

floydtree avatar Aug 22 '24 15:08 floydtree