Objects should be generic, with roles
colesmj opened this issue · comments
Today, we have object types:
- Element
- Server
- Client
- Process
- Asset
- Lambda
It seems that a Server, Client, and Lambda are all specializations of Process or Asset, and really represent the "role" of each; role is really determined by the specific use - a server is the sink for a dataflow, the source is a client. But when describing an object, until the dataflows are determined, why force users to know ahead of time which one they need? Also, a client or server may be a server or a client, based on other data flows...
An alternative suggestion: create a generic "node" (Asset may be the right object already available), and allow assignment of properties that are generic. If roles are needed, assigning a role may add attributes specific to the role(s) added at runtime.
This approach helps with constructing models based on less-than-perfect knowledge of the system.
Fully agree! I still have a hard time telling how Process and Server are different...
I still have a hard time telling how Process and Server are different...
Same. I have a collection of microservice applications where the element is both a Server and a Process. I created ServerProcess
class in the model py file to get both annotation sets/threat eval.
I agree. I have an excel document with sheets for each object type and its annotations. I started going thru all annotations and capturing notes for things I'd like to move, rename, or need clarification on. I have work I would like to do on the threat lib but I want to get a handle on the model first.