Re: [cti-stix] Object ID format

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

And to go back further.... I still am of the opinion that we can't codify this without TAXII.

So we have a URL in an ID.. now what? If anyone wants to make use of that, then they have to know what is expected if I issue a GET to that URL. Should it return a STIX document? A web page? A word document that is a threat report?

We have to codify this in the standard, otherwise there is no point to even having the field because everyone will put different things there. So now, we are codifying data sharing behavior over the network and STIX URL syntaxes, inside STIX, and not TAXII.

This proposal makes no sense to me as part of the ID because it is going down this path of tying STIX and TAXII together at the hip.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


"Jordan, Bret" ---01/22/2016 12:03:33 PM---Do we honestly think people are going to publish STIX content on their web servers in their DMZ / Cl

From: "Jordan, Bret" <bret.jordan@bluecoat.com>
To: John Anderson <janderson@soltra.com>
Cc: Trey Darley <trey@soltra.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date: 01/22/2016 12:03 PM
Subject: Re: [cti-stix] Object ID format
Sent by: <cti-stix@lists.oasis-open.org>

---

Do we honestly think people are going to publish STIX content on their web servers in their DMZ / Cloud?  For all of the banks on this list, do you plan on sticking STIX documents on your web server?  And making it so that the public can just surf to them?

I firmly believe that the vast majority, in the 99+% of STIX objects will NEVER be open to general web surfing..   So we are building a solution to a problem that does not exist. 


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

On Jan 22, 2016, at 07:43, John Anderson <janderson@soltra.com> wrote:

Trey,
Your concerns about immutability and versioning are still valid. It would be hard to trust a source if it is constantly "shifting the ground under our feet" by changing Resources.

URL-as-ID-over-HTTP doesn't solve those issues. I'm not sure how UUID-as-ID-via-TAXII solves them, either. Someone can always hack their own database and change the content in an Object.

So, I'd like to think immutability and versioning are orthogonal to Identity.

What URL-as-ID brings to the table is this: I can always ATTEMPT to browse to a URL, without knowing anything more about scheme, namespace, and all that jazz. And that's the Big Win I'm going for. (Without it, we get a lot more complexity, as Mark Davidson's proposal demonstrates.)

JSA
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[attachment "signature.asc" deleted by Jason Keirstead/CanEast/IBM]