I'm going to be that guy: TAXII use-cases and delta assessment against current spec

[Joep Gommers <joep@intelworks.com>]

Dear all,

First off, my thanks for the time and effort spend on getting this working group off the ground and starting to drive the mission forward – good to see. I apologize for our team not being engaged more as we enter our go to market. Though, in the interim we’re keeping a close eye and are strategically committed to helping to drive TAXII forward. In that spirit, I’d like to take a moment and share my unease with the current focus of the workgroup. Note that I’m doing so all in good spirit and with the intention of the most timely path to value for the community. In short, I think we’re moving to fast in terms of solution without – as a community – having a good shared understanding of use-cases and delta against current TAXII specification.

Disclaimer: by no means a statement on the quality of the current proposals, but identification of risk on its defensibility and requirements foundation

The role of OASIS and this workgroup is to be the shepard of the vision and strategy of the TAXII standard and to be its thought-leader and biggest fan. As importantly, facilitate the process by which the members of this workgroup and all users/implementors out there are brought along on a journey of enhancement of the use-cases that can be serviced with the standard and its eventual specification and acceptance.

Currently, I do not feel comfortable that as a community we have a good understanding and agreement on the use-cases for TAXII. As a result, our ability to describe and agree on the delta with the current spec is lacking. I’d look for the ability to inform what delta should be solved in a TAXII 1.2 and what should be addressed in a TAXI 2.0. There are plenty of items that can and should likely be addressed in a TAXII 1.2 that would deserve attention first. Quick examples, but again – requiring further alignment – would be the query mechanism, authentication, signing and encryption, queries, JSON binding ratification and auto-negociation abilities.

As one of the few implementors of TAXII we’re comfortable stating that even in its current form TAXII is a powerful specification that can accommodate quite allot of use-cases – if we spend some more time on implementation and documentation. Additionally, we also have a good understanding of the effort required to implement and the work with and can’t help but be skeptical of some of the concerns from vendors not wanting to adopt. I realize we need to listen carefully to our community and respect and take note of these concerns.

Obviously there is a place for significant advancement of the TAXII specification beyond incremental..

I realize that lacking input from workgroup members, its leadership has to move forward. Though, if we can’t bring the larger community along on a journey and get through maturity in use-cases, delta assessment, etc. we shouldn’t be moving forward at all. This HAS to be something that a very large group of stakeholders agree on and sign off on. In short; I think we’re still at an earlier stage in the process than proposals for solutions. Again, a concern around process and not effort and competency. E.g. I’m a total fan of the passion and energy being thrown at this problem.

At Intelworks, we have no specific opinion on the quality of the proposals (yet) as we feel we lack context judging these proposals against the reality of need and delta with current spec. Risking being “those guys”… we feel we need to take a step back and refocus on use-cases and understanding delta, and spending cycles as a community starting from this solid foundation, rather then focussing on solutions paths. 

If we’re alone in this, I apologize for rocking the boat, but if we’re not – I would propose we work on maturing our understanding of use-cases (I would expect paper-grade maturity) and work on validating them with the current specification and clearly documenting its delta’s. This might be allot of work and allot of boring work at that. But I strongly feel this is the right thing to do.

I’d be willing to put some investment on the table, if other would do the same, getting people in a room for a week or facilitate some other mechanism by which we can align members of this community:

- maturity in use-cases

- delta assessment against current specification

- define scope for 1.2 (I doubt from 1.1 to 2.0 is the only focus required)

- define scope for 2.0

- go into solution path mode

Best regards,

Joep