[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-comment] Re: [EXT] [cti-comment] TAXII2.0: Progress on Channels?
Thank youÂfor your questions Teller. Let me try and address them:
1) The TAXII Envelope looks and feels a lot like a STIX Bundle, we did this on purpose. If you have already written code to parse a STIX Bundle, you should be able to easily reuse that code for a TAXII Envelope. The reason we did this was because TAXII needed to add a pagination indication property and the Technical Committee wanted to remove the dependency between STIX and TAXII. Meaning, TAXII forcing the STIX Bundle to have new properties or the STIX Bundle changing and impacting TAXII. The TC wanted some separation so that if one gets updated, the other does not need to be updated.Â
2) Pagination. The Item Based pagination of TAXII 2.0 proved to not work well with large and changing datasets with the RESTful nature of TAXII. This is actually a known issue in RESTful designs and there is a lot of research about this problem in the Web2.0 world.ÂSo we did not "remove" pagination, but rather changed it. Pagination in TAXII 2.1 is now controlled by a "more" property on the TAXII Envelope and is processed by the "date added" to the TAXII Server. This has proven to be easier to code, is more performant, and generally works a lot better with large and changing datasets. While it may not cover every corner case that exists, the TC believes it covers better than 90/10.
Do this make sense? If not, I would be willing to jump on a WebEx and walk through this with you and anyone else.
BretÂ
Â
From: cti-comment@lists.oasis-open.org <cti-comment@lists.oasis-open.org> on behalf of Teller Junak <tellerj@gmail.com>
Sent: Friday, March 15, 2019 7:11 AM
To: Bret Jordan
Cc: cti-comment@lists.oasis-open.org
Subject: [cti-comment] Re: [EXT] [cti-comment] TAXII2.0: Progress on Channels?ÂBret,Â
Thank you for sharing the latest working draft. The addition of a Taxii Envelope resource is interesting. I'm not completely sure how it differs from a STIX bundle though. Is the plan to phase out STIX bundles and emphasize the transport of STIX CTI via TAXII instead? I'm also curious about the drop of pagination from this draft. What was the reasoning behind that?Â
Thanks again for sharing. I'm hoping to push my organization towards larger scale adoption of these standards, and am trying to learn as much about them as IÂcan.
-Teller
On Mon, Mar 11, 2019 at 11:58 PM Bret Jordan <Bret_Jordan@symantec.com> wrote:
Here is the link to the TAXII 2.1 Working Draft 06 spec.
Bret
From: Bret Jordan
Sent: Sunday, March 10, 2019 9:30 AM
To: Teller Junak
Cc: cti-comment@lists.oasis-open.org
Subject: Re: [EXT] [cti-comment] TAXII2.0: Progress on Channels?ÂTeller,
Thanks for your comments and questions. TAXII 2.1 is almost done. However, TAXII Channels will probably be a 2.2 feature instead of a 2.1 feature. TAXII 2.1 includes several fixes and improvements to 2.0 that will make implementations easier and better. ÂTAXII 2.1 Working Draft 06 is available for download from the OASIS site if you want to understand what TAXII 2.1 will more than likely be.
BretÂ
Sent from my Commodore 128D
PGP Fingerprint:Â63B4 FC53 680A 6B7D 1447 ÂF2C0 74F8 ACAE 7415 0050Hey guys,Â
I'm a really interested in the work you've beenÂdoing to develop STIX and TAXII, and I've been reading through all of your documentation to get up to speed.
I noticed that all of your 2018 dates/milestones were crossed out, and that no updates had been made to the CTI site or the TAXII documentation since May of lastÂyear. I just wanted to know if development on TAXII has stopped for some reason? Specifically, I was wondering about any progress you've made on the "Channels" front with implementing the publish and subscribe model you posted about.Â
I hope this reaches you! I think what you're doing is great.
--
Teller
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]