OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Report object consensus

Exactly. I believe internationalisation is something we have to sort out before we do our first release of STIX v2, but it is important that we discuss this as a community. The problem is that we have a lot of other things to discuss as well! So as Rob was saying we should get through some of the basics of seeing up the new objects and how the underlying protocols work before we discuss internationalisation. 

It is important, it's just that we need to get through some of the work we have already outlined before we get to it.

Terry MacDonald

This is an important issue, and I fully believe that internationalization needs to be a part of the 2.0 spec (most likely a part of CTI Common and all the specs actually).  What Bret and others are suggesting is that we take this up in the next tranche of work that is done.  The initial piece of work we are doing is to get the actual Indicators work done, so we have a baseline. Once that is complete we can consider how to modify that to support internationalization.

Best regards,

On Feb 28, 2016, at 1:04 AM, Masuoka, Ryusuke <masuoka.ryusuke@jp.fujitsu.com> wrote:

Terry, Bret, all,


This (internationalization), I believe, is quite basic and I am very

concerned about it.

If we do not give a standard way to write CTI in different languages,

people start writing them in different ways and give a lot of headaches

as to interoperability.


Are there anyone else who (has a possibility to) write(s) CTI in

languages other than English? No concerns?






From: cti-stix@lists.oasis-open.org [cti-stix@lists.oasis-open.org] on behalf of Jordan, Bret [bret.jordan@bluecoat.com]
Sent: Saturday, February 27, 2016 6:41 AM
To: Terry MacDonald
Cc: Masuoka, Ryusuke/益岡 竜介; cti-stix@lists.oasis-open.org
Subject: Re: [cti-stix] Report object consensus

Yes, I would agree, lets add it to the next Milestone.  Our first Milestone is to get the basic of the Indicator done.  



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Feb 26, 2016, at 14:29, Terry MacDonald <terry@soltra.com> wrote:


JSON is UTF-8 as standard, so should support future internationalisation. 

At some point we need to make a decision about if, when and how we support international languages, but I think that needs to be done as it's own individual tranche. We know from our previous conversations that its not a quick add, and that the community has different concerns, so my vote would be that we schedule it as a topic in an upcoming tranche and deal with it then - and release it as part of 2.0.

I think at the moment just getting the basic structures of the objects we need should be our focus.

Terry MacDonald
Hi, John,


I have a few questions as to internationalization.


Q1. Is the data encoded in UTF-8 or some other encoding
  so that it can include Japanese and other languages?


Q2. Doesnt the title and descriptions include its language code (such as jp, en, fr, ...)?
  (It is, I believe, a good practice even if it is obvious. Automatic translation
  system can use such information.)


Q3. If I were to provide translations to the title, descriptions, and
  other human readable fields using relationships, how can I refer
  to them?


Q4. Is it possible to have, for example, titles in multiple languages
  from the start? (Ex. An Japanese entity creates a CTI piece
  with Japanese/English titles from the beginning.)






From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Wunder, John A.
Sent: Wednesday, February 24, 2016 4:36 AM
To: cti-stix@lists.oasis-open.org
Subject: [cti-stix] Report object consensus




Based on the e-mail discussion last week, it seemed like consensus was to have a list of references to content within the report object rather than to use relationships. Given that, we updated the content in the pre-draft specification, which you can find here: https://docs.google.com/document/d/1U48DOJzh2qELOEhhVWz_G6hL0Bazx1Y52wpOeR8jaVk/edit#heading=h.tmlyjpfh5924


We do still have a couple open questions:
  1. Is it better to have one list of references (as we have in the text above), or multiple lists as we do in package? In other words, do we have one field called report_contains_ref and it has references to indicators, relationships, threat actors, etc. or do we have a field for indicator_refs, another for relationship_refs, another for threat_actor_refs, etc. We’ll also need to decide on the exact field names to use in either scenario.
  2. Is there a need for a confidence field on report? It wasn’t there in 1.2, so this would be an addition, but at least Sean has noted that it would be useful.
  3. Should title be required?
  4. In STIX 1.2, there was a report intents field as a controlled vocabulary. Do we need this field, and if so, what should the list of values be? You can see this text now in the playground doc: https://docs.google.com/document/d/1wiG6RoNEFaE2lrblfgjpu3RTAJZOK2q0b5OxXCaCV14/edit#heading=h.8rupwbdhhtsj


FWIW, my answers are:
  1. Single field
  2. I can’t think of a reason to include it, but I’m not really opposed. If we do include it we just need to clearly and carefully specify what the confidence field is describing confidence for: that the collection of things are related in some way, that the collection of things belong to that title, etc.
  3. Yes.
  4. Probably useful, and we need to think about what type of values we want to put in there. The current list of values is a mess.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]