[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: Object ID format
John, After talking with some folks after the f2f I think I am now on this same page with you. At least I have good company. :-) sean On 1/21/16, 9:51 AM, "cti-stix@lists.oasis-open.org on behalf of John Anderson" <cti-stix@lists.oasis-open.org on behalf of janderson@soltra.com> wrote: >Trey, > >I agree with this thought: "Threat intel is less than worthless if your adversary knows what you know." I'm not suggesting we put all our Resources in the clear with no Authorization/Authentication. That would indeed be stupid. > >However, end-to-end encryption and Auth/Auth is a solved problem for web apps. Even Federated Identity, if we want to use it. (SAML 2.0, OpenID, etc.) We can absolutely share objects via the web without the Bad Guys finding out. > >So, about "Wholesale webification of CTI is no panacea."...yes and no. Sure, the Web is no panacea. BUT...It would be unbelievably freeing to have a URL for every Object. Then, if you want to know more, just browse to it! (Assuming the publisher's server is accessible to you.) > >JSA >--------------------------------------------------------------------- >To unsubscribe from this mail list, you must leave the OASIS TC that >generates this mail. Follow this link to all your TCs in OASIS at: >https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]