Sorry for the spam, but Section 3.4.3 of GeoURI is also instructive:
3.4.3.
Location Uncertainty
The 'u' ("uncertainty") parameter indicates the amount of uncertainty
in the location as a value in meters. Where a 'geo' URI is used to
identify the location of a particular object, <uval> indicates the
uncertainty with which the identified location of the subject is
known.
The 'u' parameter is optional and it can appear only once. If it is
not specified, this indicates that uncertainty is unknown or
unspecified. If the intent is to indicate a specific point in space,
<uval> MAY be set to zero. Zero uncertainty and absent uncertainty
are never the same thing.
The single uncertainty value is applied to all dimensions given in
the URI.
Note: The number of digits of the values in <coordinates> MUST NOT be
interpreted as an indication to the level of uncertainty.
https://tools.ietf.org/html/rfc5870#page-8
So of the things we’ve talked about:
- GeoJSON does not include uncertainty/precision
- GeoURI does, and it’s optional with no default (or a default of “unspecified”)
I think it’s important to note though that our use case is different…we’re talking about location
specifically for CTI. Given that specific domain space, where IP geolocation is very common and is typically precise to a city, I also feel like optional with a default of 10km makes the most sense. Optional with no default also seems very reasonable
though.
John
From: <cti-stix@lists.oasis-open.org> on behalf of John Wunder <jwunder@mitre.org>
Date: Wednesday, July 19, 2017 at 10:43 AM
To: "Struse, Richard J." <rjs@mitre.org>, Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc: "Bret Jordan (CS)" <Bret_Jordan@symantec.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, Mark Davidson <Mark.Davidson@nc4.com>, Trey Darley <trey@newcontext.com>
Subject: Re: [cti-stix] Re: [EXT] [cti-stix] Location, latitude/longitude, and precision
Yeah I agree with Rich here, GeoJSON is far beyond a lat/lng with precision. In fact, looking through the GeoJSON specification, they don’t even include anything to indicate precision or uncertainty.
From: "Struse, Richard J." <rjs@mitre.org>
Date: Wednesday, July 19, 2017 at 10:36 AM
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc: "Bret Jordan (CS)" <Bret_Jordan@symantec.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, John Wunder <jwunder@mitre.org>, Mark Davidson <Mark.Davidson@nc4.com>, Trey Darley <trey@newcontext.com>
Subject: Re: [cti-stix] Re: [EXT] [cti-stix] Location, latitude/longitude, and precision
In all fairness, GeoJSON is a big lift in terms of implementation complexity and isn’t really comparable to one additional precision property.
Given that, how would you respond to John’s original question regarding precision?
From: <cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Wednesday, July 19, 2017 at 10:32 AM
To: Richard Struse <rjs@mitre.org>
Cc: Bret Jordan <Bret_Jordan@symantec.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, "Wunder, John A." <jwunder@mitre.org>, Mark Davidson <Mark.Davidson@nc4.com>, Trey Darley <trey@newcontext.com>
Subject: Re: [cti-stix] Re: [EXT] [cti-stix] Location, latitude/longitude, and precision
As I stated a few days ago - if we are going to start including precision then I would rather we just go back to GeoJSON which is an existing RFC supported out of the box
by many products.
Folks pressed to not use GeoJSON because they would not use all the features, and now we're talking about re-inventing things it already gives us.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
Without data, all you are is just another person with an opinion - Unknown
From: "Struse, Richard J." <rjs@mitre.org>
To: Bret Jordan <Bret_Jordan@symantec.com>, Trey Darley <trey@newcontext.com>
Cc: "Wunder, John A." <jwunder@mitre.org>, Mark Davidson <Mark.Davidson@nc4.com>, "cti-stix@lists.oasis-open.org"
<cti-stix@lists.oasis-open.org>
Date: 07/19/2017 11:02 AM
Subject: Re: [cti-stix] Re: [EXT] [cti-stix] Location, latitude/longitude, and precision
Sent by: <cti-stix@lists.oasis-open.org>
Your opinion is noted. What do others on the list think?
On 7/19/17, 9:59 AM, "Bret Jordan" <Bret_Jordan@symantec.com> wrote:
I disagree
Bret
Sent from my iPhone
> On Jul 19, 2017, at 3:39 PM, Trey Darley <trey@newcontext.com> wrote:
>
>> On 19.07.2017 12:47:55, Struse, Richard J. wrote:
>> I’ve come to believe that precision should be optional. The purist
>> in me wants the text to say that if precision is omitted, the
>> precision of the lat/long is unspecified. But I’m willing to live
>> with text that says if precision is unspecified, it defaults to 10km
>> as John-Mark originally proposed.
>>
>
> Thanks, Rich.
>
> I think this is the correct approach.
>
> --
> Cheers,
> Trey
> ++--------------------------------------------------------------------------++
> Director of Standards Development, New Context
> gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338
> ++--------------------------------------------------------------------------++
> --
> "No matter how hard you try, you can't make a baby in much less than 9
> months. Trying to speed this up *might* make it slower, but it won't
> make it happen any quicker." --RFC 1925