The TAXII v2.0 Committee Specification 01, Section 3.4.1 (Object and Collection Ranges) describes the use of the âitemsâ range unit as conforming to HTTP RFC7233:
The items range unit is defined for expressing subranges of a resource [HTTP 7233].
According to Section 3.1 of the RFC, the range unit should be specified with an equals (=) between the range unit specifier (âitemsâ) and the value set (i.e., â0-999â). However, all examples in the pagination
section of the TAXII2 specification use a space between the specifier and value set, as shown below:
GET Request
-----------------
GET .../collections/my-collection/objects/?added_after=2016-02-01T00:00:01.000Z HTTP/1.1
Range: items 0-49
Accept: application/vnd.oasis.stix+json; version=2.0
This appears to have led to inconsistent implementations of TAXII 2.0 servers. For example, the TAXII 2.0 server managed by Anomali (https://limo.anomali.com/api/v1/taxii2/feeds/collections) only accepts a
Range header that has a space between the specifier (i.e., âRange: items 0-999â, which does not conform to the RFC but does match the examples in the TAXII 2.0 specification), whereas the MITRE ATT&CK TAXII 2.0 server (https://cti-taxii.mitre.org/stix/collections)
only accepts a Range header that conforms to the RFC (i.e., âRange: items=0-999â).
Is it possible to update the examples in the TAXII 2.0 specification (and future specification versions) so that they conform to the RFC? This would eliminate the confusion and potential for additional inconsistent
implementations going forward.
Michael Daleiden
Lead System Architect
office: (407) 732-7507
mobile: (407) 923-7452
email: michael.daleiden@redlambda.com
www.redlambda.com