| The motions are binding in the same way that HTTP was picked in TAXII land. We agree that this makes the most sense for what we know and understand at this point in time so organizations that are going to start writing code can do so.. If compelling information comes up later and the community decides to revisit this debate, we can do so. But it is not open for willy-nilly changes of mind. We draw a line in the sand and say we think this represents our best options at this point in time. If we get down the road and implementers that are actually writing code come back and say, hey this will not work and we need X Y and Z, then we revisit it.
So yes, we can always readdress it until the time the standard goes out. However, we would need to make sure that we are not revisiting it willy-nilly. There are a lot of organizations that are wanting to start writing code and apps and web tools.
Thanks,
Bret Bret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
What do these motions mean, are they binding (in the sense that it’s difficult/impossible to change our mind later)? What’s the process to reach a decision on them? To what extent is that decision binding?
I agree with these statements but don’t think we’re ready for binding decisions on either of them (in particular the second). I do think it would be nice to have a non-binding decision (in the sense that we can easily change our minds later) in
order to cut off conversation on the topics until we revisit those decisions when formalizing the specifications.
(I moved this to the CTI TC list because it seems inappropriate on the users list. If I’m wrong we can move it back)
John
Sounds good...
I would like to formally make a motion that we require a default binding for STIX 2.0 and CybOX 3.0.
If this is agreed upon, then:
I would like to formally make a motion that the default binding for STIX 2.0 and CybOX 3.0 be JSON.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
Bret, I think we need to propose that STIX, CybOX, and TAXII have to require a default binding type first. Then the MTI motion could be changed to something like, “I would like to propose that we adopt JSON as the default binding”.
Aharon
We have had a good discussion here and on the wiki and I have seen a lot of people advocating for JSON to be used as the MTI. While a few other options have been tossed around and discussed they do not seem to have an advocate pushing for them nor do they
seem to have the broad support that JSON does.
Therefore, I would like to formally propose that we adopt JSON as the MTI for STIX 2.0 and CybOX 3.0.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
I think we’re wrapped around the axle a little bit on this whole topic. I’d like to try and step back and ask some basic questions:
1. Is anyone actually proposing JSON-LD as the MTI for STIX? I’ve seen the question asked, and I’ve seen lots of
discussion. Is there somebody who would like to come forward and state their opinion that JSON-LD should be the MTI for STIX?
Note: I see this question as a higher bar than asking who thinks we should consider it – IMO the recent discussion makes it clear that we are considering it
2. There was an opinion that the proposed examples (the indicator and incident idioms) wouldn’t be sufficient for comparing size and complexity. What examples
would be sufficient?
3. What toolchain is required to develop software that supports using a model without any custom code? Maybe I’m missing something, but if I have a product and
I want to add STIX support, won’t developers have to write code?
I guess at its core – I hear what people are saying about models and not programming to the data syntax, I just don’t understand how that actually works (the
more concrete the example the better, at least for me).
Thank you.
-Mark
|