[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Proposal to establish Sightings (#306) and Relationships (#291) as our official issue topics under active consideration for STIX v2.0
Ah. That makes sense.
What I meant when I included “ID format” in the list of topics was that there have been community members who have complained about the use of Qualified Names as the STIX ID format and that discussion around this question and possible alternative options
could occur. Now that we have abstracted from just XSD it likely makes sense to look into whether there are other more preferable forms.
I think the key is just to try to support the basic capabilities we have in Qnames (the ability to specify some sort of sub-identifier for the producer of the ID and some sort of sub-identifier that is globally unique within the producer sub-identifier
context).
I think the option that I heard being mentioned before was to look into URIs containing a domain name (and possibly path) as the producer sub-identifier and then the globally unique identifier (e.g., GUID/UUID) as either the end of the path or as a fragment.
I don’t recall any opinions being expressed on appropriate schemes to use or if that mattered.
I am not arguing for or against this approach but definitely think it should be part of any discussion around exploring new ID format options.
So, I guess the answer to Terry’s question is yes. ;-)
sean
From: Jerome Athias <athiasjerome@gmail.com>
Date: Thursday, October 29, 2015 at 1:35 AM To: "Barnum, Sean D." <sbarnum@mitre.org> Cc: Terry MacDonald <terry@soltra.com>, "Taylor, Marlon" <Marlon.Taylor@hq.dhs.gov>, John Wunder <jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> Subject: Re: [cti-stix] Proposal to establish Sightings (#306) and Relationships (#291) as our official issue topics under active consideration for STIX v2.0 I guess it is something like
While/when considering 'refactoring' IDs, could we consider to provide as best practice (or enforce) the use of 'domain names' as part of the IDs as a factor of identification of the source/producer.
E.g.:
ID=microsoft.com-indicator-12345
Terry would correct me if I am wrong
On Thursday, 29 October 2015, Barnum, Sean D. <sbarnum@mitre.org> wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]