OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] MVP/Message Objects

If we make an email object now, and then in the future decide we should have made a base Message object with an Email extension - wouldn't that require a new major release because we'd be removing an object?


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for "Kirillov, Ivan A." ---07/07/2016 03:24:16 PM---All, We had a good discussion today on the working ca"Kirillov, Ivan A." ---07/07/2016 03:24:16 PM---All, We had a good discussion today on the working call on the topic of the Message Object. Specific

From: "Kirillov, Ivan A." <ikirillov@mitre.org>
To: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Date: 07/07/2016 03:24 PM
Subject: [cti-cybox] MVP/Message Objects
Sent by: <cti-cybox@lists.oasis-open.org>




All,

We had a good discussion today on the working call on the topic of the Message Object. Specifically, we dived into the existing Message Object proposal (thanks again to the DC3 folks for their submission!) and went over some of the potential issues with this approach:
      · Not all message types can easily be abstracted into this model
          o E.g., SMS messages have phone numbers as their sender/recipient, so would this necessitate a phone number Object?
      · Unlike the File Systems in the File Object (as an example), it would be very difficult to survey the numerous types of messages out there and come up with a representative, accurate base type
      · While an abstract Message Object reduces the amount of potential fields that are duplicated across several Objects, it could still be a very complex Object, with numerous extensions and caveats/corner cases that users would have to deal with
Therefore, Trey and I proposed an alternative of, for the July MVP release, defining a discrete Email Message Object. Such an Object is well understood and necessary for various types of cyber threat information sharing use cases (spearphishing, watering hole attacks, spambot malware, etc.). Greg Back has taken a stab at defining this Object, which can now be found in the playground [1]. It seemed like we had general (not unanimous) consensus on the call that this may be a less risky and preferable approach for the MVP release.

However, we’d like to see what others on the list think – do you see an immediate need for a Message Object as MVP, or would an Email Object be sufficient? Just to state the options more clearly:
      · Option 1: Message Object
          o We create a working group and define a Message Object that can characterize Email, Skype, etc. in time for MVP
      · Option 2: Email Message Object
          o We deliver ONLY an Email Message Object for MVP
          o We can consider revisiting the concept of the Message/Post Objects post-MVP, perhaps for the winter release if there is sufficient demand

Please let us know your thoughts – this is something that we need to make a decision on ASAP.

[1] https://docs.google.com/document/d/1P6k0uqbAYDRpYG5jjgYAKBDEc_iSG0-SGFaXgaPkqyg/edit#heading=h.ovi1p7inki1o

Regards,
Ivan


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]