Re: [cti-interoperability] CTI TC <> UNH-IOL Partnership Evaluation - Read Ahead Documents

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

Having worked with the UNH lab in the past, I know that setting up this type of testing environment is not an overnight procedure. It will take several months to fully "get rolling", and even more months for all of us individual vendors to get their ducks in a row with them (agreements to sign etc). Therefore if this is something that vendors are even considering as a possibility for 2017, then we'd want to start talking with them now.

Having said that, I also agree with Allan's concern that there is no way that we should make any form of interoperability testing by UNH required to claim compliance with STIX or TAXII. In my opinion, that is simply not an option for an open standard - developers should not can't have to pay fees to support our standard. That goes against the principles of OASIS.

Any interoperability arrangement with UNH, should simply be an optional step that vendors can decide to participate in if they believe it will help their development and testing/QA processes.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Terry MacDonald ---05/18/2016 08:25:43 PM---Bret et al. I would have to agree. I don't think we're at this point yet. We should be

From: Terry MacDonald <terry.macdonald@cosive.com>
To: "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: Allan Thomson <athomson@lookingglasscyber.com>, Patrick Maroney <Pmaroney@specere.org>, Interoperability Subcommittee <cti-interoperability@lists.oasis-open.org>, OASIS CTI co-chairs <cti-committee-chairs@lists.oasis-open.org>
Date: 05/18/2016 08:25 PM
Subject: Re: [cti-interoperability] CTI TC <> UNH-IOL Partnership Evaluation - Read Ahead Documents
Sent by: <cti-interoperability@lists.oasis-open.org>

---

Bret et al.

I would have to agree. I don't think we're at this point yet. We should be nearing STIX v2.0 release (i.e. already have a draft in place) before we look at interoperability certification. This is way to premature for me.

Cheers

Terry MacDonald | Chief Product Officer

M: +61-407-203-026
E: terry.macdonald@cosive.com
W: www.cosive.com




On Thu, May 19, 2016 at 5:26 AM, Jordan, Bret <bret.jordan@bluecoat.com> wrote:

Great catch Allan....  And I agree with you... I mean, long-term, if we are successful and get a lot of vendors using STIX/TAXII/CybOX then we will probably need to do something like the WiFi Alliance.  However, I think that is a bit premature right now. 

IMO what we need is a simple way for vendors to verify that their implementations are working.. There are lots of ways this could be done... One of the many would be to produce a set of canned TLOs that a product has to consume, update the title from"Foo" to "Bar" and then republish. The check is they outputted JSON must match a certain SHA256 hash for example.  (Yes JSON makes this a bit harder as there is no strict ordering of fields on output, but you get the idea).

For data markings, you could consume a canned TLO and Marking_Definition that has is flagged as say TLP=RED and can your software alert on that, or flag it, or understand that they need to do something unique with it. Or even just flag that there is a Data_Marking on it.

I think we can come up with a series of 10-20 simple tests for the initial interoperability testing.  


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On May 18, 2016, at 12:55, Allan Thomson <athomson@lookingglasscyber.com> wrote:

I would like to bring attention to the broader community on Section 4 of the attached proposal that Pat sent out.
 
Specifically “fees”.
 
Unless I’m mistaken, this is a *significant* issue that needs to be discussed before we move forward with any such proposal.
 
This proposal is effectively going to cost the industry members a significant amount of money for testing by a 3^rd party organization that is not even involved in CTI.
 
Allan
 
From: Interoperability Subcommittee <cti-interoperability@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Date: Wednesday, May 18, 2016 at 11:44 AM
To: Interoperability Subcommittee <cti-interoperability@lists.oasis-open.org>, "cti-committee-chairs@lists.oasis-open.org" <cti-committee-chairs@lists.oasis-open.org>
Subject: [cti-interoperability] CTI TC <> UNH-IOL Partnership Evaluation - Read Ahead Documents
 
Overview
 
We are exploring the viability of a partnership between UNH-IOL and the OASIS CTI TC to fast-track the development of a suite of Interoperability and conformance tools and processes.  Initial investigation reveals solid synergies with the existing UNH-IOL Frameworks (i.e., UNH-IOL IMPACT) and the elements of CTI –TC Specifications.  The process underway here is to define the requirements and key elements of a full suite of OASIS CTI TC Standards Interoperability and Compliance Testing Framework and Service (again UNH-IOL IMPACT is a good reference model).  We need to help INH-IOL make the business case to establish the market potential for UNH-IOL to recover their investments in delivering such capabilities.  UNH-IOL efforts are ultimately funded through membership fees, testing services, and software licensing.  To codify the level of interest in the proposed Testing Framework, the CTI TC needs to provide Letters of Intent from stakeholders in the Vendor Community.
 
 
Road Map
 
(1)   We will discuss this proposal as part of the CTI-TC Interoperability Sub-Committee Meeting (May 19, 2016 17:00 UTC)
 
https://www.oasis-open.org/apps/org/workgroup/cti-interoperability/event.php?event_id=42973
 
 
(2)   We will schedule a Q&A follow-up call with UNH-IOL for all interested stakeholders.
 
(3)   Please review attached files prior to Sub-Committee Meeting (May 19, 2016 17:00 UTC)
 
 
Attachments/Read-Ahead
 
UNH-IOL CTI-TC Interoperability and Conformance Test Program
 
(1)   Proposal
(2)   Letter of Intent Template
 
 
 
Patrick Maroney
Office:  (856)983-0001
Cell:      (609)841-5104
 
<image001.png>
 
President
Integrated Networking Technologies, Inc.
PO Box 569
Marlton, NJ 08053