Comments on TAXII v2.1 WD03

["Park, Jackie Eun" <jackieeun.park@hq.dhs.gov>]

Here are our comments on TAXII v2.1 WD03:

1)      Could OASIS TC provide more definitive information regarding the various Media Types and Ranges that are actually used by TAXII and STIX stakeholders?  WD03, Sections 3.1 and 3.6 mention defined and undefined Media Types in the Accept and Content-Type Headers as well as Media Types other than STIX.  The WD03 version of the TAXII V2.1 draft specification could be improved by leveraging the OASIS TC’s existing knowledge of its CTI sharing partner’s panoply of Object Resources.  

2)      The TAXII v2.1, WD03 is inconsistent in its direction and guidance wrt use of the Version <value> parameter.  It’s identified as both optional (see Sections 1.6.8, 1.6.8.2. 3.1, 3.2 and 3.4.1) and mandatory (Required Headers in Sections 4.1 - 4.3, 4.3.1, 5.1 -5.8, and in Appendix B).

3)      The TAXII v2.1, WD03, Section 5.7 makes the DELETE Endpoint implementation mandatory.  Recommend that the OASIS TC consider adding language to Section 5.7 that:

a.       provides flexibility for System Owners to decide what a User can do with respect to DELETING content previously POSTED/ADDED to a TAXII Collection Server

b.       addresses what data that TAXII V2.1 Users are allowed to DELETE (i.e., any data or only the User's own data)

c.       permits Users to DELETE their own Collection Object submissions within a pre-determined time window or perpetually (with specific timing TBD).

4)      Recommend rewording WD03, Section 1.6.11 to, "TAXII Servers MAY choose to remove an Object based on their own pre-determined agreement among their users in support of their Use Cases."

Regards,

 

Jackie Eun Ho Park

U.S. Department of Homeland Security

National Protection and Programs Directorate (NPPD)

Cyber Security and Communications (CS&C)

Network Security Deployment (NSD)

Office: 703-235-3063

Mobile: 443-875-5895

JackieEun.Park@hq.dhs.gov