Re: [cti-taxii] Channel Ideas

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

This makes a lot of sense to me *assuming* we get the permission scheme discussed in the thread the other day sorted.

As an example flowing from your diagram below, the person using "Analyst UI" should be able to share something to the Indicator channel that is tagged with an authorization entity such that Member 1 can see it, and Member 2 can not because he is not present in the entity. In that case, even though Member 2 is is subscribed, the indicator should only be delivered to Member 1.

One thing about the channels concept I am trying to sort out, is what happens if I share a STIX document to the wrong channel - is the message rejected, or is it transmitted through? For example what happens if I share a STIX document with a Report in it, to the Indicator channel. This is the difficulty with designing TAXII as data agnostic.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


"Jordan, Bret" ---2015/07/29 07:33:22 PM---All, Here is another diagram for the conceptual ideas that we talked about today on the call, like t

From: "Jordan, Bret" <bret.jordan@bluecoat.com>
To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 2015/07/29 07:33 PM
Subject: [cti-taxii] Channel Ideas
Sent by: <cti-taxii@lists.oasis-open.org>

---

All,

Here is another diagram for the conceptual ideas that we talked about today on the call, like the one in the PPT.  This one is at a bit more detail but still very high level.

Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 
[attachment "signature.asc" deleted by Jason Keirstead/CanEast/IBM]