Re: [cti-stix] Re: CTI/Council interaction on Infrastructure SDO’s

[JG on CTI-TC <jg@ctin.us>]

Duncan/Carol & All:

My take on this debate is that it would be premature for the Council to
take up an issue like this.  I think Duncan keyed off of my statement in
an earlier email about a tie vote from a Straw Man poll we took at the
F2F on the Infrastructure SDO.  That poll was non-binding and unofficial
and not necessarily indicative of the view of the entire TC membership. 
We would need to do a Ballot to gauge that; and I think it would be
premature for a Ballot on this topic as well. As Sarah Kelley noted in
her briefing on the status of the STIX 2.1 data objects during our full
TC calls yesterday, we have not even had 1 of 3 focused, time-boxed
calls within the TC on the potential for an Infrastructure SDO for 2.1. 
We should take those steps next. 

It has been my observation that the CTI TC is actually quite effective
at working through a process of reasoned debate to come to some
agreement on a path forward.  I see this proposed SDO as no different
from any of the others that we've already worked through. There does
seem to be some conflation of the idea of an Infrastructure SDO with a
re-examination of the structure of the Observed Data SDO/STIX Cyber
Observables (SCOs) relative to the other SDOs.  But, I believe, the
debate that has commenced on this topic is quite healthy.  It is helping
people to separate their thinking about STIX 2.x as an interchange
graph-based model from the idea of a database that would be used as part
of a product implementation.  Once we all align our thinking on this
matter, I think the separation of these two topics (i.e., 1. adding an
Infrastructure SDO to 2.1 and 2. elevating SCOs to top-level citizens)
will be made. Then, the path forward to an Infrastructure SDO for 2.1
will be easier to see as a Crawl, Walk, Run approach. 

I think we need to separate these issues.  An Infrastructure SDO solves
an immediate implementation problem.  The structure of SCOs within the
STIX 2.x graph model is a systemic issue that should be debated solely
on its own merits.


My 2 cents.

Jane Ginn


On 11/17/2017 9:22 AM, Trey Darley wrote:
> On 16.11.2017 08:25:41, Carol Geyer wrote:
>> Perhaps the way for the Council to approach it would be to say
>> something like "we need whatever solution y'all come up with to meet
>> the following objectives (or solve the following problems or...)"
>> rather than getting into something that sounds like "well, we vote
>> for that technical solution." In other words, have the Council
>> address the parameters of the problem rather than get into the
>> debates about how to solve it.
>>
> All -
>
> There's broad consensus within the CTI TC that we *need* an
> Infrastructure SDO in STIX. There's just a lot of work ahead of us to
> define the object's properties and relationships. Unless the Council
> are able to do that work for us, it's unclear to me how their input
> will help accelerate our velocity.
>

-- 
Jane Ginn, MSIA, MRP
CTI TC Secretary, OASIS
Co-Founder of Cyber Threat Intelligence Network, Inc.
jg@ctin.us