[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] Goals for TAXII 2.0
Adding a bit of context, as that last mail was sent from my phone...
When we talk about hypothetical alternative STIX representations other than XML, there are obviously tradeoffs to be considered. In the case of Bret's experiment to define a more formal JSON specification than the implicit one produced by python-stix's to_dict() function, off the top of my head I recall there being no good way to handle idrefs in JSON. Similarly, while Cap’n Proto has apparent advantages (data compression, backward-compatible protocol versioning, wirespeed input validation, etc) there are concomitant disadvantages, for example the fact that things like enforcing mandatory/optional fields gets pushed up the stack to the application.
As for my comment about "for folks heavily invested in an XML-based stack, not an insignificant pill to swallow", that actually merits a thread unto itself.
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
From: cti-taxii@lists.oasis-open.org <cti-taxii@lists.oasis-open.org> on behalf of Trey Darley <trey@soltra.com>
Sent: Wednesday, July 15, 2015 07:51 To: Terry MacDonald Cc: cti-taxii@lists.oasis-open.org Subject: Re: [cti-taxii] Goals for TAXII 2.0 One of the nice benefits of serialization protocols like Cap’n Proto, Thrift, et al is that the spec, the representation, and the parser are essentially the same thing, making interoperability and versioning a relative snap. But for folks heavily invested in an XML-based stack, not an insignificant pill to swallow. Cheers, On Jul 15, 2015 5:44 AM, Terry MacDonald <terry.macdonald@threatloop.com> wrote:
Hi All,
As per earlier discussions I really think it would be beneficial to discuss some key goals that we want TAXII 2.0 to adhere to. As such I've tried to incorporate the discussions we've had over the past year or so, and distill them into the following list.
Please note, this is a 'starter for 10', just to prompt further discussion. Please do not consider it official, final, or authoritative in any way :) (I should be a lawyer).
Goals for TAXII v2.0:
Comments and improvements welcomed (nay, required :) ).
Cheers
Terry MacDonald | STIX, TAXII, CybOX Consultant Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those
of my employers.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]