[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: Location in 2.0
The fact that we are having this discussion and calling pivotal things in to question, this late in the game, really makes me question if we are actually done with STIX 2.0.
I am glad people are asking the questions, better now than post release of the standard. Perhaps we need to step back and revisit some of these things, finish up some of the fundamentally missing things, and then plan to deliver STIX 2.0 in January.
If we need to pull location out because we are not sure how it should be done, then with everything else that was life-boated, I would argue that STIX 2.0 has not met the spirit of a "minimally viable product".
Bret From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Wunder, John A. <jwunder@mitre.org>
Sent: Friday, October 14, 2016 6:18:44 AM To: Aharon Chernin; Bret Jordan (CS); Katz, Gary CTR DC3\DCCI; cti-stix@lists.oasis-open.org Subject: Re: [cti-stix] Re: Location in 2.0 FWIW I agree with you guys that fields on existing SDOs are the right way to go. I think the question for the community right now though is whether we’re confident enough in that answer
to lock it in permanently for 2.0, or whether we should wait to add location until 2.1 so we can take more time to get it right. Even if we do decide to use fields we’d also have to ask whether the current set of fields is correct or whether once we decide to add more complete location support it means deprecating
things. John From:
Aharon Chernin <achernin@soltra.com> I agree with Bret. My preference is location as a field within an existing SDO.
Before supporting the creation of an SDO I ask myself, “is there another standard that does this better? If so, I am going to reference/use/point to that standard instead”. I would have
us take a look at other standards before creating a new SDO for location.
Also, adding SDOs does not necessarily reduce complexity. In most cases, even when I support the creation of an SDO, I do so while “flinching”.
Aharon From:
<cti-stix@lists.oasis-open.org> on behalf of "Bret Jordan (CS)" <Bret_Jordan@symantec.com> Personally I feel like we constantly flirt with this line in the sand of making every field in the data model its own object with relationships linking it back. I also worry about, how do we actually build a
location object and what goes in it? It will not be a simple straight forward debate. I am guessing that it is about a 3 month debate to get right. As the email archives can attest, I am generally in favor of a flatter, simpler design. Bret From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Katz, Gary CTR
DC3\DCCI <Gary.Katz.ctr@dc3.mil> I'm not sure I completely agree with moving location to a separate SDO. We just got done a meeting where analysts were requesting that location information, such as Geo IP data
was attached to the IP and not a separate object. Now this may be just how we display it rather than how it is held in STIX, but it's something to consider. (Note: when we are attaching a geolocation to an IP we are including the date at which it resolved) |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]