OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Question on Versioning with 2.1

Bret – If all that changes is the schema version name changes for a specific object instance then I would tend to agree that it might be ok to not change the version information. However, I think that will cause problems across systems that are tracking that object. Its technically a difference and if the version attributes (i.e. modified timestamp) does not change then how would a downstream system detect that the object has been republished with 2.1 schema instead of 2.0. It wouldn’t.

 

In many cases, an object instance that is changed from 2.0 to 2.1 schema version presumably will introduce new attributes and/or relationships.

Therefore it *does* require a version change because the object instance has introduced new intel associated with the object instance.

 

So I come to the conclusion for consistency/sync reasons I think it is best to require a change to the modified timestamp even in the case where the only change is 2.0 to 2.1 schema.

 

Allan Thomson

CTO (+1-408-331-6646)

LookingGlass Cyber Solutions

From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Friday, April 6, 2018 at 1:08 PM
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: [cti-stix] Question on Versioning with 2.1

 

All,

 

On our editor's call today, John Wunder, Rich Piazza, and myself had a question about how to handle the new spec_version property that the TC decided to add to all objects.  

 

Question:

Does changing an object from 2.0 to 2.1 schema result in a version change?  And as such can it only be done by the object creator?

 

The knee jerk reaction I think most people will have will be similar to our initial reaction which was "yes, it requires a version change".  However, upon careful consideration, I am not sure that is a good thing.  Content should be content, regardless of how it is serialized.  Also, without allowing this, there is no good way to upgrade content in the wild.  Products will have to support older versions of STIX for a very very long time.  Further, if you do the derived relationship type, then you need something in TAXII that will say, given this relationship, go find any derived from relationships, and then walk the graph to find all of the new relationships.  This will get ugly really fast and will cause analysts to not see the whole picture. 

 

So while I think we initially thought it would be "yes", I think we might now be leaning towards "no".  But this is not a decision that we editors can make.  So we are bringing up to the TC to decide. 

 

Bret

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]