[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-comment] Re: [EXT] [cti-comment] TAXII2.0: Progress on Channels?
Thank you for your questions Teller. Let me try and address them:
1) The TAXII Envelope looks and feels a lot like a STIX Bundle, we did this on purpose. If you have already written code to parse a STIX Bundle, you should be able to easily reuse that code for a TAXII Envelope. The reason we did this was because TAXII needed
to add a pagination indication property and the Technical Committee wanted to remove the dependency between STIX and TAXII. Meaning, TAXII forcing the STIX Bundle to have new properties or the STIX Bundle changing and impacting TAXII. The TC wanted some
separation so that if one gets updated, the other does not need to be updated.
2) Pagination. The Item Based pagination of TAXII 2.0 proved to not work well with large and changing datasets with the RESTful nature of TAXII. This is actually a known issue in RESTful designs and there is a lot of research about this problem in the Web2.0
world. So we did not "remove" pagination, but rather changed it. Pagination in TAXII 2.1 is now controlled by a "more" property on the TAXII Envelope and
is processed by the "date added" to the TAXII Server. This has proven to be easier to code, is more performant, and generally works a lot better with large and changing datasets. While it may not cover every corner case that exists, the TC believes it covers
better than 90/10.
Do this make sense? If not, I would be willing to jump on a WebEx and walk through this with you and anyone else.
Bret
From: cti-comment@lists.oasis-open.org <cti-comment@lists.oasis-open.org> on behalf of Teller Junak <tellerj@gmail.com>
Sent: Friday, March 15, 2019 7:11 AM To: Bret Jordan Cc: cti-comment@lists.oasis-open.org Subject: [cti-comment] Re: [EXT] [cti-comment] TAXII2.0: Progress on Channels? Bret,
Thank you for sharing the latest working draft. The addition of a Taxii Envelope resource is interesting. I'm not completely sure how it differs from a STIX bundle though. Is the plan to phase out STIX bundles and emphasize the transport of STIX CTI via
TAXII instead? I'm also curious about the drop of pagination from this draft. What was the reasoning behind that?
Thanks again for sharing. I'm hoping to push my organization towards larger scale adoption of these standards, and am trying to learn as much about them as I can.
-Teller
On Mon, Mar 11, 2019 at 11:58 PM Bret Jordan <Bret_Jordan@symantec.com> wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]