OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Embedded Content vs Referenced Content


Don't think we need to make motions to have discussions. 


My hope is that we think about it this way:


* If you are an object, you have an ID

* Any contextual object that needs to include another object, should be required to use an ID_REF (no embedding)

* Any object that creates relationships/groups of data should use ID_REF (no embedding)



Aharon Chernin
CTO
SOLTRA | An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647
813.470.2173 | achernin@soltra.com



From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Thursday, August 20, 2015 4:15 PM
To: cti-stix@lists.oasis-open.org
Subject: [cti-stix] Embedded Content vs Referenced Content
 
Returning the sightings thread back to its originally scheduled program. 

In the spirit of what is become our defacto core values, "one way of doing things" and "easy to understand and use", I would like to make a nominal motion that for STIX 2.0 we investigate where it makes sense to restrict objects to be either "embedded content" or "referenced content".  Further, a long these lines is to make the ID value be required where it makes sense. 

The one example is the Report Object, but I am sure all top level objects should be looked at as well.  




Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]