OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti-taxii] TAXII Conformance - proposed language


The Conformance section was written with that guidance in mind. In fact, the Conformance Guidelines were extremely helpful (I have no prior experience writing OASIS Conformance Clauses).

 

Based on what I know (and please recognize that I’m new at this) I think the conformance clause, as written, functions as intended. I’m not sure whether to take the list’s silence as acceptance or not, but if there are no comments the conformance clause will likely go in pretty close to as-is.

 

If there are specific comments that those more experienced can offer, I’m more than happy to hear them. I recognize part of making those comments requires understanding TAXII, and I can help with that.

 

Thank you.

-Mark

 

From: cti-taxii@lists.oasis-open.org [mailto:cti-taxii@lists.oasis-open.org] On Behalf Of Chet Ensign
Sent: Monday, July 13, 2015 1:47 PM
To: Jordan, Bret
Cc: Davidson II, Mark S; cti-taxii@lists.oasis-open.org; OASIS TAB
Subject: Re: [cti-taxii] TAXII Conformance - proposed language

 

Hi Bret - 

 

Sure. I'm not suggesting any substantive change to the specification at all. Just suggesting that the conformance clause language be thought through from the perspective that I described. A conformance clause section is a requirement so I'm just suggesting making sure it does what it is intended to do. 

 

/chet

 

On Mon, Jul 13, 2015 at 1:38 PM, Jordan, Bret <bret.jordan@bluecoat.com> wrote:

Chet,

 

IMO, that would represent something we would do in TAXII 2.0 as we lock down the protocol to more of single implementation. This initial version, from the statement of the CTI Charter is to be just an OASIS version of the MITRE specification that is already in wide use today. If we make substantive changes, it will be in violation of the charter.  And most of the TAXII specification is optional today. For example there is no hard and fast rule that requires you to use HTTP or XML.  Intact, we have several groups using JSON based TAXII today.  

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

On Jul 13, 2015, at 08:55, Chet Ensign <chet.ensign@oasis-open.org> wrote:

 

Hi Mark & all - 

 

I have copied the OASIS TAB (Technical Advisory Board) on my reply as the group has done a lot of work (and continues to do a lot of work) on helping TCs craft conformance clauses. The TAB maintains a document with guidelines on how to draft conformance clauses that may be useful here: http://docs.oasis-open.org/templates/TCHandbook/ConformanceGuidelines.html 

 

You might want to talk with them a bit and consider spelling out conformance clauses in a bit more detail. Here's why: the conformance clauses are intended to act as a litmus test - a set of yes/no questions if you will - that an implementer can check off in order to know whether or not they can claim conformance to the Committee Specification / OASIS Standard. That is important because the OASIS patent protections specifically apply to conforming implementations. 

 

As you say, the clauses do not change in any way the requirements in the specification. They simply act as the checklist for conforming implementations. So that is the way I would think about them. 

 

Best, 

 

/chet

 

 

On Mon, Jul 13, 2015 at 8:23 AM, Davidson II, Mark S <mdavidson@mitre.org> wrote:

All,

 

As Bret and I work toward converting TAXII into a set of OASIS documents, we came across the OASIS requirement for a conformance section, which TAXII 1.1 does not have. One example of an OASIS conformance section is the Universal Business Language (UBL) specification [1].

 

TAXII 1.1 does not have a conformance section, and instead relies on RFC 2119 normative statements (e.g., statements containing MUST/SHOULD/MAY) throughout the document. The OASIS conformance section seems to be a mechanism for wrapping the many Normative Statements in a specification into a condensed set of higher level statements/requirements.

 

Bret and I have drafted a proposal for the conformance section of the TAXII Services Specification. The goal of the proposed text is to meet the OASIS requirement for a conformance section without altering the requirements for TAXII. This text is not intended to add, modify, or remove any requirements from TAXII 1.1. If you feel this text might not meet that criteria, please speak up.

 

Without further preamble, here is the proposed text. Your feedback is welcome.

 

Conformance

Implementations have discretion over which parts of TAXII they implement (e.g., Discovery Service).

 

Conformant implementations must conform to all Normative Statements that apply to the portions of TAXII they implement (e.g., Implementers of the Discovery Service must conform to all Normative Statements regarding the Discovery Service).

 

Conformant implementations are free to ignore Normative Statements that do not apply to the portions of TAXII they implement (e.g., Non-implementers of the Discovery Service are free to ignore all Normative Statements regarding the Discovery Service).

 

The conformance section of this document is intentionally broad and attempts to reiterate what already exists in this document. The TAXII 1.1 Specifications, which this specification is based on, did not have a conformance section. Instead, the TAXII 1.1 Specifications relied on normative statements. TAXII 1.1.1 represents a minimal change from TAXII 1.1, and in that spirit no requirements have been added, modified, or removed by this section.

 

 

Thank you.

Mark and Bret

 

[1] http://docs.oasis-open.org/ubl/os-UBL-2.1/UBL-2.1.html#S-CONFORMANCE



 

--


/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

 



 

--


/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]