-
Key: IEFRA2-82
-
Status: open
-
Source: Advanced Systems Management Group Ltd. ( Mr. Michael Abramson)
-
Summary:
"11.3 Weaknesses & Gaps
I didn't see any mention of Common Failure Scenarios or Best Practices The section clearly indicates that the IEF does not specify specific error responses and that these are left
to the implementations, the RA could still outline broad categories of failures (e.g., authentication failures, data integrity issues, network interruptions) and general best practices for handling them. Perhaps a high-level syntactical framework of errors would provide useful guidance. It is unclear if there are Logging or Auditing Expectations. This can be useful even if the specific logging mechanism are nit specified. You may want to look at The DIDO RA section on logging:
Security-focused architectures typically require logging/auditing of failed authorization attempts, missing metadata, or cryptographic key issues. Should implementations be expected to log errors for traceability?
Adding a sentence clarifying whether logging and auditing should be considered best practices would be helpful.
I noticed the reference to Sequence Diagrams Support Error Handling, but the there is little about the details of their usage. sequence diagrams but does not state whether they include error paths or failure-handling mechanisms.
● Tthe RA should at least suggest common failure points in these sequences?
● A sentence clarifying whether error scenarios are modeled in diagrams would add value." -
Reported: IEF-RA 2.0a1 — Mon, 4 Aug 2025 16:57 GMT
-
Updated: Mon, 4 Aug 2025 17:03 GMT
IEFRA2 — Weaknesses & Gaps Sec 1.7.4
- Key: IEFRA2-82
- OMG Task Force: IEF Reference Architecture 2.0 FTF