Re: [cti-stix] Object ID format

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

I would really prefer the ID be a fixed format codified in the spec, and any URL be moved to an optional "external_reference" property. Or utilize the "external_ID" property discussed previously.

Or, Brett's #2 suggestion and just have a relationship to a "collection" object.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


"Jordan, Bret" ---01/21/2016 02:32:18 PM---So the real question is, do we want to use a URI/URL or a [namespace]:[object-type]:[UUID]? What if

From: "Jordan, Bret" <bret.jordan@bluecoat.com>
To: Paul Patrick <ppatrick@isightpartners.com>
Cc: "Barnum, Sean D." <sbarnum@mitre.org>, "Wunder, John A." <jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date: 01/21/2016 02:32 PM
Subject: Re: [cti-stix] Object ID format
Sent by: <cti-stix@lists.oasis-open.org>

---

So the real question is, do we want to use a URI/URL or a [namespace]:[object-type]:[UUID]?  What if we did both?  Like maybe this:

All discreet objects in CTI MUST include an ID that defined as an object-type plus a version 4 UUID, example "indicator:104abc69-509e-4bf9-b64c-81255292c433".  You MAY also include an optional URL at the end of the ID if you want to map this object back to an actual resource found on a TAXII server, example "indicator:104abc69-509e-4bf9-b64c-81255292c433:https://taxii.somecompany.com/taxii2/collections/neat-indicators/id/104abc69-509e-4bf9-b64c-81255292c433"

OR even better..  We pull this ID UUID stuff in to TAXII land and make sure that objects can be found by their ID.  Then you do not need to include a full URL, but just collection location, example "https://taxii.somecompany.com/taxii2/collections/neat-indicators/"





Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

On Jan 21, 2016, at 09:16, Paul Patrick <ppatrick@isightpartners.com> wrote:

I’m supportive of standardizing Object ID format to be based on the form [producer-namespace]:[object-type]:[UUID], especially if that doesn’t prevent the use of URI.

I think Terry correct captured many of the concerns that I had with the F2F proposed solution and I definitely in agreement with John A. about the value of being able to use URLs.


Paul Patrick
iSIGHT Partners

[attachment "signature.asc" deleted by Jason Keirstead/CanEast/IBM]