[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: Embedded Content vs Referenced Content
Aharon/John/Bret:
Aharon's suggestion is an elegant solution for the ID vs ID_REF problem set. Should we put this on the Issue-tracker on GitHub for STIX 2.0?
Jane Ginn, MSIA, MRP
Cyber Threat Intelligence Network, Inc.
jg@ctin.us
On Aug 21, 2015, at 08:50, Wunder, John A. <jwunder@mitre.org> wrote:I agree with all of Aharon's points. This will make some content slightly more wordy/complicated for producers, but MUCH simpler for consumers. And, across all users, it would make it easier to understand.
JohnFrom: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Aharon Chernin <achernin@soltra.com>
Sent: Friday, August 21, 2015 8:13:54 AM
To: Jordan, Bret; cti-stix@lists.oasis-open.org
Subject: [cti-stix] Re: Embedded Content vs Referenced ContentDon't think we need to make motions to have discussions.My hope is that we think about it this way:* If you are an object, you have an ID* Any contextual object that needs to include another object, should be required to use an ID_REF (no embedding)* Any object that creates relationships/groups of data should use ID_REF (no embedding)Aharon Chernin
CTOSOLTRA | An FS-ISAC & DTCC Company18301 Bermuda green DrTampa, fl 33647813.470.2173 | achernin@soltra.comFrom: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Thursday, August 20, 2015 4:15 PM
To: cti-stix@lists.oasis-open.org
Subject: [cti-stix] Embedded Content vs Referenced ContentReturning the sightings thread back to its originally scheduled program.In the spirit of what is become our defacto core values, "one way of doing things" and "easy to understand and use", I would like to make a nominal motion that for STIX 2.0 we investigate where it makes sense to restrict objects to be either "embedded content" or "referenced content". Further, a long these lines is to make the ID value be required where it makes sense.The one example is the Report Object, but I am sure all top level objects should be looked at as well.Thanks,BretBret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTOBlue Coat SystemsPGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]