OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Proposal - Simplify UUID Requirements/Language


This is very simple, very clean and removes the arbitrary limitation to UUIDv4.


I would still prefer to define one identifier for all objects rather than having a separate deterministic-id spec but if we are not going to reach consensus on that then I prefer Patâs proposed change to the spec for identifier.


Sean Barnum

Principal Architect


M: 703.473.8262

E: sean.barnum@fireeye.com


From: <cti-stix@lists.oasis-open.org> on behalf of Patrick Maroney <pmaroney@darklight.ai>
Date: Thursday, February 14, 2019 at 11:55 AM
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: [cti-stix] Proposal - Simplify UUID Requirements/Language


Iâm repeating a proposal Iâve made twice before in hopes it will be considered and accepted/rejected solely on its merits.  We have not re-established voting rights, so I cannot make a motion.


However, I believe it is a simple solution to the STIX Identifier discourse and its adoption would allow us to move on to more complex issues.




  • Simplify the existing language in the 2.0 CSD
  • Remove the arbitrary UUIDv4 restriction.  


Type Name: identifier


An identifier universally and uniquely identifies a SDO, SRO, Bundle, or Marking Definition. Identifiers MUST follow the form object-type--UUID, where object-type is the exact value (all type names are lowercase strings, by definition) from the type property of the object being identified or referenced and where the UUID is an RFC 4122-compliant UUID. The UUID MUST be generated according to the algorithm(s) defined in RFC 4122, [RFC4122].


Please note the following assertions:


  • The only requirement for using UUIDs as part of STIX Identifiers is uniqueness.
  • Any RFC 4122 compliant ID form meets this requirement  (Including UUIDv1).
  • RFC 4122 addresses the requirements for how compliant UUIDs are generated.



Patrick Maroney

Merlin â Advisor to Kings


Email:  patrick.maroney@darklight.ai




This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system without copying it and notify sender by reply e-mail so our records can be corrected.


This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]