[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: STIX 2.0 Specification Questions
Well said Greg! It’s what I have been trying to say (in my muddled way) for the past few days (see my last email). I vote for this replacement sentence!! From: Back, Greg
I wonder if what really bugs me is the passive nature of that sentence. Would it be better to say: “If a consumer has received multiple versions of an object, the consumer MUST interpret any references to that object as referring to the latest version they have received.” I still think SHOULD is better, in the RFC 2119 sense of “there may be valid reasons not to do X, but make sure you understand the full implications before not doing X”. If a consumer
wants to use an older version (for instance, they no longer trust new information from the object creator), do we really want to consider them non-conformant?
I also think that the “MAY” in the third sentence quoted is not a RFC 2119 “MAY”, but should just be “may”. Greg From: Piazza, Rich
I am uncomfortable with not using a MUST in that sentence. But I could live with a SHOULD. I would be against taking the sentence out entirely. From:
cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org]
On Behalf Of Back, Greg I dislike the idea of MUST requirements on how data is to be interpreted. Particularly if receiving a new version of a common object (such that a new version is “available”) requires
a change to how existing data is interpreted. SHOULD at most, but I wouldn’t be opposed to removing it entirely. Greg From:
cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org]
On Behalf Of Wunder, John A. Do we need a line in the specification to indicate that ID references between objects MUST always be resolved to the newest version of the object? Right now, we have text in the IDs and References section which says this: ID references resolve to an object when the value of the ID reference property (e.g.,
created_by_ref) is an exact match with the
id property of another object.
If an ID reference resolves to an object for which multiple versions exist, the reference
MUST be resolved to the latest available version of the object. ID references
MAY refer to objects to which the consumer/producer may not currently have. This specification does not address the implementation of ID reference resolution. (https://docs.google.com/document/d/1HJqhvzO35h62gQGPvghVRIAtQrZn3_J__0UcDAj-NXY/edit#) Note the sentence in red. We added that a couple weeks ago because some people felt it was not fully specified to resolve an ID reference to an object…they felt that ID
references should implicitly always resolve to the newest version of the object. On the other hand, Allan has said that resolving ID references within a tool is a function of that tool and we should not have normative requirements around it. Some tools may
want to resolve it to all versions of an object and show the full history, others may show the newest, etc. His full comment is available in the google doc. So the question is…should that sentence remain in the document? If so, is it a MUST requirement or a SHOULD requirement? |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]