OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti-stix] Location - Administrative_Area (RE: [cti] Groups - OASIS-CTI-TC_WorkingSession_August8_2017.pdf uploaded)


John, all,

 

Thank you for your input. Sorry that I could not attend the teleconference.

(I tried to continue to attend regular teleconferences when standard time started,

but I got sick after attending a couple of times teleconferences starting from one o’clock

in the morning.  I thought I will come back to the regular teleconferences when the summer

time starts, but then it was moved to 3 o’clock in the morning and I gave up.)

 

> We talked about the specific usage for administrative area. Nobody on the call could recall seeing them anywhere other than in AIS,

> so separate from the copyright issues the group on the working call had consensus to not reference them for administrative area.

> If anyone has some other suggestions here (Ive noted Ryus suggestion to use ISO 3166-2 here) let us know.

 

Is it a requirement for new things to be added to STIX 2.x that  many people have seen it in use?

I have not seen many of the things introduced to STIX 2.x before.

I have not seen even many of the STIX 1.x elements used beyond what OpenIoC can express.

… and that concerns me.

 

Administrative Area is actually used in AIS and I heard the users (ISACers) mention that

It would be good source for determining the CTI’s relevance to them.

But the merit would not be materialized If we do not standardize its content.

(It does not have to be ISO 3166-2 as long as it is machine-understandable.)

If we let people to put anything in it, it can be *Maryland*, *MD*, *US-MD*,

*The State of Maryland*, … and there will be no way for machine to determine

What it really means in a robust way.

 

Regards,

 

Ryu

 

P.S.

I am taking Aug. 11 – 22 off and please understand my responses may be late.

 

 

 

From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Wunder, John A.
Sent: Wednesday, August 9, 2017 9:10 PM
To: cti-stix@lists.oasis-open.org
Subject: Re: [cti-stix] Location - Administrative_Area (RE: [cti] Groups - OASIS-CTI-TC_WorkingSession_August8_2017.pdf uploaded)

 

Hi Ryu, all,

 

Thanks for the input. So everyone understands what we discussed on the working call:

 

-          We talked about use of ISO standards given the copyright restrictions. Given the prevalence of ISO language and country codes, the group on the working call had consensus to mark those fields (`lang` and `country`, respectively) as “SHOULD” use the ISO standards. That will mean we create a normative reference to the ISO standards directly (i.e. not to Wikipedia or some other source…Chet has specifically suggested that we should not work around ISO copyright, and many people agreed with him). If anyone feels we should do something different though or has some other idea, let us know.

-          We talked about the specific usage for administrative area. Nobody on the call could recall seeing them anywhere other than in AIS, so separate from the copyright issues the group on the working call had consensus to not reference them for administrative area. If anyone has some other suggestions here (I’ve noted Ryu’s suggestion to use ISO 3166-2 here) let us know.

-          Given that we were talking through not using the ISO administrative area codes, we had a discussion about whether/how to normalize the data in administrative area and city. We ended up taking out any of those statements (e.g. the suggestion to use the full name rather than an abbreviation) given challenges of multi-lingual countries and content. This also leaves us open to suggesting ISO 3166-2 in those fields in a future release if we determine the normalization is needed. As usual, if anyone on the lists has a different idea here please speak up.

 

In the meantime, the best word we have about the usage of ISO is what Mr. Hagan passed along from the ISO representative. OASIS is also planning to weigh in, but the expectation at this point is that we’ll hear that both the language codes and the 3166 codes are under copyright and there’s no free usage.

 

Thanks,

John

 

From: <cti-stix@lists.oasis-open.org> on behalf of "Masuoka, Ryusuke" <masuoka.ryusuke@jp.fujitsu.com>
Date: Wednesday, August 9, 2017 at 4:16 AM
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: [cti-stix] Location - Administrative_Area (RE: [cti] Groups - OASIS-CTI-TC_WorkingSession_August8_2017.pdf uploaded)

 

Hi,

 

I found the following in the minutes.

 

-----

Rich

I believe if we say country as a SHOULD then all will do

If we are going to entertain Ryus suggestion for ISO codes for Admin areas

that is A separate issue. That is a big corpus of data

-----

 

It (ISO codes for Aministrative_Area) is a current requirement

of AIS STIX (AIS STIX Profile p. 29 -

https://www.us-cert.gov/sites/default/files/ais_files/AIS_Submission_Guidance_Appendix_A.pdf)

for STIX 1.1.

 

My suggestion is to keep it for STIX 2.x when there is Administrative_Area

in the STIX. Textual address can be in the Street_Address and other

fields. If it is in ISO 3166-2 (and there is no problem using ISO in the STIX

standard), then it should be a great source of useful semantics for

CTI consumers to determine how relevant the CTI is for them.

(I learned this from ISACers at the Cybersecurity Standards User

Council Open Forum before Borderless Cyber USA.)

 

> That is a big corpus of data

 

It is not really so big at all.

We found a CSV file of ISO 3166-2 at

 

  https://raw.githubusercontent.com/lukes/ISO-3166-Countries-with-Regional-Codes/master/all/all.csv

 

and it was a matter of two hours of development to create

a UI where a user can select the country name and

then the system present the administrative area in

human understandable name for the user to select,

then to put the information (country code in ISO-3166-1 Alpha-2

and administrative area in ISO-3166-2) in STIX.

 

Regards,

 

Ryu

 

From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Jane Ginn
Sent: Wednesday, August 09, 2017 7:57 AM
To: cti@lists.oasis-open.org
Subject: [cti] Groups - OASIS-CTI-TC_WorkingSession_August8_2017.pdf uploaded

 

Submitter's message
CTI TC:

Here are the notes from the working call today.

Best regards,


-- Ms. Jane Ginn

Document Name: OASIS-CTI-TC_WorkingSession_August8_2017.pdf


Description
Meeting notes from working call.
Download Latest Revision
Public Download Link


Submitter: Ms. Jane Ginn
Group: OASIS Cyber Threat Intelligence (CTI) TC
Folder: Meeting Notes
Date submitted: 2017-08-08 15:56:46

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]