[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-taxii] Channel Ideas
It makes sense, but how to we define the operation of a Message Handler without tying the standard to STIX...
While being data-agnostic is a noble goal, I think that things get a lot simpler if we can reference the upcoming STIX 2.0 standard from the TAXII standard. After all, in the spirit of "doing one thing well", should we really be desinging TAXII to carry *any* type of data, when we are really concerned with only one type of data?
-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
"Davidson II, Mark S" ---2015/07/30 10:08:37 AM---One concept is that of a message handler. I kind of envision it like this (my drawings are not as pr
From: "Davidson II, Mark S" <mdavidson@mitre.org>
To: Jason Keirstead/CanEast/IBM@IBMCA, "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 2015/07/30 10:08 AM
Subject: RE: [cti-taxii] Channel Ideas
Sent by: <cti-taxii@lists.oasis-open.org>
This makes a lot of sense to me *assuming* we get the permission scheme discussed in the thread the other day sorted.
As an example flowing from your diagram below, the person using "Analyst UI" should be able to share something to the Indicator channel that is tagged with an authorization entity such that Member 1 can see it, and Member 2 can not because he is not present in the entity. In that case, even though Member 2 is is subscribed, the indicator should only be delivered to Member 1.
One thing about the channels concept I am trying to sort out, is what happens if I share a STIX document to the wrong channel - is the message rejected, or is it transmitted through? For example what happens if I share a STIX document with a Report in it, to the Indicator channel. This is the difficulty with designing TAXII as data agnostic.
-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
"Jordan, Bret" ---2015/07/29 07:33:22 PM---All, Here is another diagram for the conceptual ideas that we talked about today on the call, like t
From: "Jordan, Bret" <bret.jordan@bluecoat.com>
To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 2015/07/29 07:33 PM
Subject: [cti-taxii] Channel Ideas
Sent by: <cti-taxii@lists.oasis-open.org>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]