OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: CTI/Council interaction on Infrastructure SDO’s

No worries, I withdraw the request. You all are in much better position to tell if you need a broader user input to resolve this issue. 

Jane is correct that I was keying off the ‘tie’ aspect of her email. I was combining it with the expressed worry that some of members were not engaging as much as previously. It was my understanding some CTI members had ‘moved’ to Standards Council because they didn’t want to be involved in all the day to day, but did want to be appraised when user (what they call non-vendor) input was desired. At least that was what several people said about CTI at the NYC Borderless Cyber meeting setting up the User’s Council. Since there hadn’t been any CTI/Council interaction as yet, I thought this might be a way to re-engage the lost sheep. But I defer to your judgement on whether you need a broader swath of user input to resolve this particular issue.

iPhone, iTypo, iApologize

Duncan Sparrell
sFractal Consulting, LLC
The closer you look, the more you see

On Fri, Nov 17, 2017 at 2:15 PM -0500, "JG on CTI-TC" <jg@ctin.us> wrote:

Duncan/Carol & All:

My take on this debate is that it would be premature for the Council to
take up an issue like this.  I think Duncan keyed off of my statement in
an earlier email about a tie vote from a Straw Man poll we took at the
F2F on the Infrastructure SDO.  That poll was non-binding and unofficial
and not necessarily indicative of the view of the entire TC membership. 
We would need to do a Ballot to gauge that; and I think it would be
premature for a Ballot on this topic as well. As Sarah Kelley noted in
her briefing on the status of the STIX 2.1 data objects during our full
TC calls yesterday, we have not even had 1 of 3 focused, time-boxed
calls within the TC on the potential for an Infrastructure SDO for 2.1. 
We should take those steps next. 

It has been my observation that the CTI TC is actually quite effective
at working through a process of reasoned debate to come to some
agreement on a path forward.  I see this proposed SDO as no different
from any of the others that we've already worked through. There does
seem to be some conflation of the idea of an Infrastructure SDO with a
re-examination of the structure of the Observed Data SDO/STIX Cyber
Observables (SCOs) relative to the other SDOs.  But, I believe, the
debate that has commenced on this topic is quite healthy.  It is helping
people to separate their thinking about STIX 2.x as an interchange
graph-based model from the idea of a database that would be used as part
of a product implementation.  Once we all align our thinking on this
matter, I think the separation of these two topics (i.e., 1. adding an
Infrastructure SDO to 2.1 and 2. elevating SCOs to top-level citizens)
will be made. Then, the path forward to an Infrastructure SDO for 2.1
will be easier to see as a Crawl, Walk, Run approach. 

I think we need to separate these issues.  An Infrastructure SDO solves
an immediate implementation problem.  The structure of SCOs within the
STIX 2.x graph model is a systemic issue that should be debated solely
on its own merits.

My 2 cents.

Jane Ginn

On 11/17/2017 9:22 AM, Trey Darley wrote:
> On 16.11.2017 08:25:41, Carol Geyer wrote:
>> Perhaps the way for the Council to approach it would be to say
>> something like "we need whatever solution y'all come up with to meet
>> the following objectives (or solve the following problems or...)"
>> rather than getting into something that sounds like "well, we vote
>> for that technical solution." In other words, have the Council
>> address the parameters of the problem rather than get into the
>> debates about how to solve it.
> All -
> There's broad consensus within the CTI TC that we *need* an
> Infrastructure SDO in STIX. There's just a lot of work ahead of us to
> define the object's properties and relationships. Unless the Council
> are able to do that work for us, it's unclear to me how their input
> will help accelerate our velocity.

Jane Ginn, MSIA, MRP
CTI TC Secretary, OASIS
Co-Founder of Cyber Threat Intelligence Network, Inc.

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]