[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-stix] Location - Administrative_Area (RE: [cti] Groups - OASIS-CTI-TC_WorkingSession_August8_2017.pdf uploaded)
John, all,
Thank you for your input. Sorry that I could not attend the teleconference. (I tried to continue to attend regular teleconferences when standard time started, but I got sick after attending a couple of times teleconferences starting from one o’clock in the morning. I thought I will come back to the regular teleconferences when the summer
time starts, but then it was moved to 3 o’clock in the morning and I gave up.) > We talked about the specific usage for administrative area. Nobody on the call could recall seeing them anywhere other than in AIS,
> so separate from the copyright issues the group on the working call had consensus to not reference them for administrative area.
> If anyone has some other suggestions here (I’ve
noted Ryu’s suggestion to use ISO 3166-2 here) let us know. Is it a requirement for new things to be added to STIX 2.x that many people have seen it in use?
I have not seen many of the things introduced to STIX 2.x before. I have not seen even many of the STIX 1.x elements used beyond what OpenIoC can express. … and that concerns me.
Administrative Area is actually used in AIS and I heard the users (ISACers) mention that
It would be good source for determining the CTI’s relevance to them.
But the merit would not be materialized If we do not standardize its content. (It does not have to be ISO 3166-2 as long as it is machine-understandable.) If we let people to put anything in it, it can be *Maryland*, *MD*, *US-MD*,
*The State of Maryland*, … and there will be no way for machine to determine What it really means in a robust way.
Regards, Ryu P.S. I am taking Aug. 11 – 22 off and please understand my responses may be late.
From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org]
On Behalf Of Wunder, John A. Hi Ryu, all, Thanks for the input. So everyone understands what we discussed on the working call:
-
We talked about use of ISO standards given the copyright restrictions. Given the prevalence of ISO language and country codes, the group on the working
call had consensus to mark those fields (`lang` and `country`, respectively) as “SHOULD” use the ISO standards. That will mean we create a normative reference to the ISO standards directly (i.e. not to Wikipedia or some other source…Chet has specifically suggested
that we should not work around ISO copyright, and many people agreed with him). If anyone feels we should do something different though or has some other idea, let us know.
-
We talked about the specific usage for administrative area. Nobody on the call could recall seeing them anywhere other than in AIS, so separate from
the copyright issues the group on the working call had consensus to not reference them for administrative area. If anyone has some other suggestions here (I’ve noted Ryu’s suggestion to use ISO 3166-2 here) let us know.
-
Given that we were talking through not using the ISO administrative area codes, we had a discussion about whether/how to normalize the data in administrative
area and city. We ended up taking out any of those statements (e.g. the suggestion to use the full name rather than an abbreviation) given challenges of multi-lingual countries and content. This also leaves us open to suggesting ISO 3166-2 in those fields
in a future release if we determine the normalization is needed. As usual, if anyone on the lists has a different idea here please speak up. In the meantime, the best word we have about the usage of ISO is what Mr. Hagan passed along from the ISO representative. OASIS is also planning to weigh in, but
the expectation at this point is that we’ll hear that both the language codes and the 3166 codes are under copyright and there’s no free usage. Thanks, John From: <cti-stix@lists.oasis-open.org> on behalf of "Masuoka, Ryusuke" <masuoka.ryusuke@jp.fujitsu.com> Hi,
I found the following in the minutes. ----- Rich I believe if we say country as a SHOULD
– then all will do If we are going to entertain Ryu’s
suggestion for ISO codes for Admin areas – that is A separate issue. That
is a big corpus of data ----- It (ISO codes for Aministrative_Area) is a current requirement
of AIS STIX (“AIS
STIX Profile” p. 29 -
https://www.us-cert.gov/sites/default/files/ais_files/AIS_Submission_Guidance_Appendix_A.pdf) for STIX 1.1. My suggestion is to keep it for STIX 2.x when there is Administrative_Area in the STIX. Textual address can be in the
“Street_Address”
and other fields. If it is in ISO 3166-2 (and there is no problem using ISO in the STIX standard), then it should be a great source of useful semantics for
CTI consumers to determine how relevant the CTI is for them. (I learned this from ISACers at the Cybersecurity Standards User
Council Open Forum before Borderless Cyber USA.) > That is a big corpus of data It is not really so
“big”
at all. We found a CSV file of ISO 3166-2 at
https://raw.githubusercontent.com/lukes/ISO-3166-Countries-with-Regional-Codes/master/all/all.csv and it was a matter of two hours of development to create
a UI where a user can select the country name and
then the system present the administrative area in
human understandable name for the user to select,
then to put the information (country code in ISO-3166-1 Alpha-2 and administrative area in ISO-3166-2) in STIX. Regards, Ryu From:
cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org]
On Behalf Of Jane Ginn Submitter's message
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]