[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX 2.1 Proposal - STIX Question and STIX Answer
On 23.12.2016 15:01:55, Terry MacDonald wrote: > > This proposal outlines a way that we could implement this > functionality, allowing STIX/TAXII to support requests for > information, and responses to those requests. > Hey, Terry - Nice work, man! Couple of thoughts on your proposal: * `expiry` field: Timestamp Precision was removed from STIX 2.0 based on the ballot that closed 20.12.2016 so the precision-related language can be elided. * `observables`: You can pass a list of Observable Objects in a STIX Question but since Observables don't have a UUID and you might pass an array of completely unrelated Observables inside a single STIX Question, how does a respondent indicate in a *structured* manner which `objects` in a STIX Answer correspond to which Observables in the original STIX Question? * Since `question` and `answer` are STIX SDOs, they'll be passed around via TAXII inside of a STIX Bundle. Directly embedding other SDOs inside their respective Question/Answer SDOs, which are then embedded inside a STIX Bundle seems weird. -- Cheers, Trey ++--------------------------------------------------------------------------++ Kingfisher Operations, sprl gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D ++--------------------------------------------------------------------------++ -- "In theory there is no difference between theory and practice; in practice there is." --anonymous
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]