[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: TXF optional tests
|
Allan, Thanks for the update. I remember discussing this on an interop call when we decided that it made sense to address it first in the TAXII specification, so this is what I expected and works for us. I did file
an issue for it: https://github.com/oasis-tcs/cti-taxii2/issues/58. Drew Varner’s comment actually captures my feelings on it way better than my original issue writeup did. Mark, Bret…should I send an e-mail to the list to discuss this or did you want to schedule it for later? John From: Allan Thomson <athomson@lookingglasscyber.com> Remember we discussed making the authentication tests optional for the TXF persona to allow a TAXII feed to pass the test without requiring authentication support.
After further discussion in a recent interop call it was felt that until the TAXII 2.0 spec is changed to make authentication optional that the interop spec should not allow any persona of a TAXII server to pass without verifying that it can support authentication
defined as mandatory in the TAXII 2.0 spec. Therefore I undid the change to the Part 2 interop spec to make the authentication tests mandatory again for TXF. The SC agreed that if we are to change it then we need to change the TAXII spec first to make it optional and then we can update the interop document to allow optional
tests. So would you mind filing a TAXII comment on 2.1 draft version to make authentication optional? That way, we can then update a future version of interop to make
it optional once the TAXII spec is changed. Although I agree with the premise that certain products should not require authentication I feel that this is the right path to follow to make it optional in the
specification first and then Interop testing can follow the spec. Regards Allan |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]