OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: STIX 2.0 Architecture - Relationships, Sightings, and Targeting

As I followed the list traffic over the past week or so, I couldn’t help but feel like we’re at a level of abstraction lower than we need to be. Consider the very good IndicatorType / Vocabulary discussion – I spent some time thinking about how we’ll keep track of the discussion’s outcome and the many similarly scoped discussions (See: 154 open issues [1]) that will occur as we work toward the future. I think there’s such a volume of interdependent factors that we’ll have a hard time deciding any particular issue without also consider all other open issues – something that feels a bit insurmountable given the sheer volume of topics. (Note: This is in the context of STIX 2.0 - I feel that updating the vocab for STIX 1.2.1 is a separate discussion and I am not trying to make a statement about it).

 

With that in mind, I challenged myself to come up with a higher level topic that might help us move forward. I don’t particularly care if my topic gets picked or not, but I do think we need to be a level of abstraction higher to start. IMO, a good topic for discussion would be: What should the STIX 2.0 Architecture look like?

 

The architecture was touched on in a few of the earlier cti-stix discussions (Relationships, Sightings, Targeting), which IMO makes the architecture a good candidate for early discussion. I’ve thrown together a notional diagram containing STIX 1.2 components [2] and the top level objects that have been discussed so far (please let me know if I missed yours!).

 

 

My hope is that by raising this topic we can identify dependencies, preconditions, and differences of opinion. If we need to know more about relationships before we can move forward – what are those things? As with any early stage discussion, there will be open items that can only be resolved later on; my hope is that we can reach a common starting point.

 

Thank you.

-Mark

 

P.S. In terms of following the process stated in STIX SC call, please consider this message my vote for the STIX architecture being the highest priority topic to work through.

 

[1] https://github.com/STIXProject/schemas/issues

[2] http://stixproject.github.io/data-model/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]