OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti-stix] Proposal - Top Level Relationship Object


From my observational perspective, this group quickly came to a rough consensus on a form (fields, optionality, and meaning) for a top level relationship object. Hopefully we can all agree that this rough consensus exists, even if there remain some individual nits to pick (there may not – just saying).

 

I believe there are some fundamental truths about this topic, as well as pretty much any other future-revision topic on all the lists (CybOX, STIX, TAXII). I’ll list them for the sake of being explicit:

 

-          This rough consensus on this one topic does not yet take into account all factors that may impact it. As John Wunder noted, versioning, producers, IDs, and serialization are all interrelated. Future discussions can, and probably will, change today’s discussion.

-          We need to document our current line of thinking, or else it will be lost. This group’s current line of thinking may see substantial changes in the future, or it might eventually get discarded altogether. That is OK and it is a natural part of the creative process. The prospect of change should not prevent us from writing down where we are now, because capturing the substance of this discussion is an important step.

-          Right now, process is premature. This group is brand new, and we are still learning how to work together. Process exists to improve repeatability and defend against change. I see all three subcommittees as being in a brainstorming phase, and as such I think we want change and we do not yet care for repeatability. If we are successful we will reach a point where process will be desired and necessary, but I do not think process benefits us now, at least for these discussions.

-          Trust your committee members to be thoughtful, collaborative, and open minded. The corollary here is: be thoughtful, collaborative, and open minded! If we cannot achieve this, we will fall into argumentative, defensive positions; we will build political coalitions; and we will become our own worst enemy.

 

Coming back to something concrete: We do need substantive discourse (part of which has occurred, part of which is yet to occur); we do need Conceptual Models expressed in a broadly accessible manner (I have seen one UML diagram so far); and forward progress will certainly modify and enhance these conceptual models. We just need to make sure the maintenance of conceptual models is not overly heavy, so that they can evolve with reasonable quickness.

 

I’ll close with this thought. If somebody makes a suggestion, first attempt to frame it as “something additional to get right”, even if it sounds a little bit like “a reason to not proceed”. I have personally been practicing this over the past few weeks, and it has helped me become more open minded and collaborative. Trust that the members of this group all have the same goal and want to succeed; it is this trust that forms the bedrock of this community.

 

Thank you.

-Mark

 

From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jordan, Bret
Sent: Thursday, July 30, 2015 7:51 PM
To: Patrick Maroney <Pmaroney@Specere.org>
Cc: cti-stix@lists.oasis-open.org
Subject: Re: [cti-stix] Proposal - Top Level Relationship Object

 

The screen shot is from a UML model, with some extra data for context.  Further we are having substantive discourse about this topic, if there are things that are missing in the diagram, then please bring them up and fill in the gaps. I for one would love your feedback about how to make it better.

 

I think it is also important to note how this process should probably work, given the problems we have had in the past.

 

1) We should discuss things on the list and bounce ideas back and forth until we come to some sort of stead state.

 

2) At that point I can see the current ideas being captured and archived on the wiki as a proposal to be included in the next major release

 

3) Until such a time that the next release is done, people can continue adding to or making suggestions about a said proposal on the wiki.   But at least we will have captured it.  

 

In the past we would discuss things over and over and they would never get captured, and then they would get blackholed to die. What I am trying to do here, is get us to a point where it can resemble a proposal that can make it to the wiki.  From there we can continue discussing as people come up with ideas and requests, but at least we will have something down on paper.

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

On Jul 30, 2015, at 17:21, Patrick Maroney <Pmaroney@Specere.org> wrote:

 

 Bret,

 

I appreciate and support the desire to move forward, however I need to push back on this.  The Relationships Model is a critical gap that requires, in my view, substantive discourse and conceptual modeling. 

 

I suggest to the CTI TC that:

 

(1) We should be driving towards completion of the Conceptual Models expressed in:

 

  (1.1) UML

 

  (1.2) Some form of diagrammatic representation (form TBD).

 

  (1.3) Narrative Specifications in OASIS Standards document format.

 

(2) Progress forward should modify and enhance these Conceptual Models and supportive documents.

 

 

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org

 

_____________________________
From: Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Thursday, July 30, 2015 6:17 PM
Subject: Re: [cti-stix] Proposal - Top Level Relationship Object
To: <cti-stix@lists.oasis-open.org>


Lets try and finish this up tomorrow, Friday.  I would like to see us start work on the Sighting Object the week after BH/DC.  

 

Outstanding Items:

 

1) How do we handle an unknown start / end time?  Do we just leave it blank or do we actually put in "unknown" or a zeroed out date/time?

 

2) Are these values good for the Confidence Vocab?

 

3) What should the Type Vocab be, is this really needed?

 

4) How do we handle a more elaborate object marking?  Do we add a Marking_Detail as an object like I said earlier? 

 

5) Do we really need multiple targets?  Just trying to make sure John's question gets enough focus.

 

 

<Screen Shot 2015-07-30 at 16.15.55.png>

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]