Do we really need to define timestamps?

[adammontville]

Do we need this term? Or should we talk about "data object timestamp" and "event timestamp" (and thus "network event timestamp")?

[henkbirkholz]

Unfortunately, the current understanding is yes sigh because they are highly relevant in the scope of a SACM domain.

Having said that, I am have a hard time understanding the question, as the definition basically references rfc4949 and the reference is about a "data object timestamp". I.e. we are already talking about data object timestamps. We came to the conclusion that while sometimes clumsy terms, such as, "Target Endpoint Characterization Record" cannot be avoided, here we could just refer to the term timestamp and illustrate the use in the context of a SACM domain.

Is that a bad approach? We can name it "Data Object Timestamps", but I am not sure that this would solve a problem.

[adammontville]

If we need to define these and point to 4949 there's nothing wrong with that. I only observed that the 4949 definition of timestamp actually provides the definition for two specializations. If we're ok with "timestamps", that's probably fine. It just seems that in some cases we're trying very hard to be semantically precise, and in others not so much - I'm trying to understand how we choose.

[henkbirkholz]

Maybe this is less about the actual definition of a timestamp, but its semantics and application in SACM. In this case, I think we can actually do a "one-liner" definition that is a quote from a reference and than highlight a timestamp's characteristics and qualities wrt to evaluation and correlation tasks in SACM work-flows via expositional text in the terminology draft?