[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-users] MTI Binding
John, First, my assertion that RDF/JSON-LD or something like it will be needed is predicated on the point of the thread – that we need a single “MTI” for CTI. That
would imply that this MTI fully covers all the possible CTI documents for all purposes and viewpoints within scope. Further, that this scope is mostly unchanged. The simplistic examples presented to not exercise this scope. If, on the other hand, the desire is to define many small, granular and purpose-specific exchange schemas (e.g. a list of suspect IP addresses from a single
party), then something like “raw” JSON (or simpler XML) may be sufficient, if such a granular exchange schema were somehow mapped to a more comprehensive data model. These purpose specific schemas seem like the idea of a “profile”, but much more granular than
TAXII. With that in mind, to more specifically answer your question, at minimum: ·
JSON-LD does not assist with parsing, it assists in interpreting what you parse. ·
JSON-LD provides a standards (W3C) based schema (RDF Schema) and a way to bind to that schema: “Context” ·
JSON-LD provides a way to identify elements (globally, using URI) ·
JSON-LD provides a way to reference elements (globally, using URI) ·
JSON-LD provides a way to query data (SPARQL) ·
There is more, but that would seem a good start. Note that the current XML representation of STIX does all of the above as well, perhaps not as simply, but it does so we can consider them requirements. I can’t
imagine an MTI being viable without these capabilities. It would seem to be a very bad idea to start with raw JSON and start adding such capabilities in an ad-hoc way. RE:
{ ‘type’: ‘indicator’, ‘content-type’: ‘snort-signature’, ‘signature’: ‘alert any any’}, Would JSON-LD (or something like it) take the place of the JSON listed above? JSON-LD would (optionally) add marking to define where the text strings: {‘type’, ‘indicator’, ‘content-type’,
‘snort-signature’, ‘signature’, ‘alert any any’} are defined and what they mean. It is not “converted” to JSON, it is JSON. JSON is just nested pairs of name/value strings. “LD” defines the content of some of the strings. -Cory From: Wunder, John A. [mailto:jwunder@mitre.org]
I read through that site and to be honest I’m still a little bit confused about what advantages it offers us as an exchange format vs. a binding to raw JSON.
It looks more complicated and harder to parse…what does that extra complexity gain us? (I don’t mean this to be confrontational, would just like to see it explained) From:
Shawn Riley Mark-
It might be of interest to check out http://json-ld.org/ which contains documentation, specification info, and a JSON-LD playground.
It's maintained by the W3C so fairly up to date. Shawn On Fri, Oct 2, 2015 at 9:42 AM, Davidson II, Mark S <mdavidson@mitre.org> wrote: How does something like JSON-LD fit into the serialization discussion? For the MTI format discussion
we are talking about the thing that products will send to each other (I think, anyway). I did some quick reading on RDF / JSON-LD (complete newbie, forgive my ignorance), and I didn’t get a clear picture on how it would fit. For instance, as a completely trivial example, imagine a tool sending indicators out to sensors: { ‘type’: ‘indicator’, ‘content-type’: ‘snort-signature’, ‘signature’: ‘alert any any’} Would JSON-LD (or something like it) take the place of the JSON listed above? Or would JSON-LD get
automagically translated into something that takes the place of the JSON listed above? Or am I completely off-base in my questions? Thank you. -Mark
From: John K. Smith [mailto:jsmith@liveaction.com]
Just my 2 cents … having used RDF, TTL etc for security ontologies, I think leveraging something like JSON-LD will help better adoption by broader group.
Seems like
schema.org is using JSON-LD but I’m not sure to what extent.
Thanks,
JohnS
From:cti-users@lists.oasis-open.org
[mailto:cti-users@lists.oasis-open.org]
On Behalf Of Shawn Riley
Just wanted to share a couple links that might be of interest here for RDF translation.
RDFLib is a Python library for working with RDF, a simple yet powerful language for representing information.
JSON-LD parser and serializer plugins for RDFLib (Python 2.5+)
Here is a online example of a RDF to multi-format translator.
On Thu, Oct 1, 2015 at 1:39 PM, Cory Casanave <cory-c@modeldriven.com> wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]