[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-comment] cti-taxii: Inconsistent examples for Range header in TAXII v2.0 Committee Specification 01
Michael â I will note that neither of those servers mentioned have passed the STIXPreferred certification for TAXII 2.0 certification. Improving the specs will always be done where we can and we appreciate your feedback but Iâm making you aware that the STIXPreferred certification program will help in this regard a lot too. Please consider the STIXPreferred program for your software and any software you are considering integrating with. Allan Thomson CTI Interop/STIXPreferred Co-Chair. From: <cti-comment@lists.oasis-open.org> on behalf of Michael Daleiden <michael.daleiden@redlambda.com> The TAXII v2.0 Committee Specification 01, Section 3.4.1 (Object and Collection Ranges) describes the use of the âitemsâ range unit as conforming to HTTP RFC7233: The items range unit is defined for expressing subranges of a resource [HTTP 7233]. According to Section 3.1 of the RFC, the range unit should be specified with an equals (=) between the range unit specifier (âitemsâ) and the value set (i.e., â0-999â). However, all examples in the pagination
section of the TAXII2 specification use a space between the specifier and value set, as shown below: GET Request ----------------- GET .../collections/my-collection/objects/?added_after=2016-02-01T00:00:01.000Z HTTP/1.1 Range: items 0-49 Accept: application/vnd.oasis.stix+json; version=2.0 This appears to have led to inconsistent implementations of TAXII 2.0 servers. For example, the TAXII 2.0 server managed by Anomali (https://limo.anomali.com/api/v1/taxii2/feeds/collections) only accepts a
Range header that has a space between the specifier (i.e., âRange: items 0-999â, which does not conform to the RFC but does match the examples in the TAXII 2.0 specification), whereas the MITRE ATT&CK TAXII 2.0 server (https://cti-taxii.mitre.org/stix/collections)
only accepts a Range header that conforms to the RFC (i.e., âRange: items=0-999â). Is it possible to update the examples in the TAXII 2.0 specification (and future specification versions) so that they conform to the RFC? This would eliminate the confusion and potential for additional inconsistent
implementations going forward.
email: michael.daleiden@redlambda.com |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]