OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-taxii] TAXII per Chapter 5 of Fielding


My $0.02 - While I really prefer REST principles for APIs, I also think that REST is whatever people want it to be.

There are hardly any (perhaps zero?) high traffic REST APIs in the wild that are purist REST and HATEOAS. The main one that hardly anyone follows is the concept of discoverability -, because it is somewhat idealistic, unnecessary in practice, and just complicates the API. As a developer I would much rather have a stringent REST spec with documented endpoints that I can consume, than a widely flexable one based on discovery that results in near infinite code-paths.

This is the very problem we have with TAXII and STIX today - too much complexity. We don't need to solve world hunger with this API. My challenge would be this - if simple REST is good enough for Google and Twitter and Facebook and Amazon, why is it not good enough for TAXII. We can only hope in our wildest dreams that our API gets consumed as much as those APIs do.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for John Anderson ---09/10/2015 10:30:14 AM---Hello, CTI TAXII@OASIS people! Thanks to Jason and Bret forJohn Anderson ---09/10/2015 10:30:14 AM---Hello, CTI TAXII@OASIS people! Thanks to Jason and Bret for redirecting me to this discussion list.

From: John Anderson <janderson@soltra.com>
To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Cc: John Anderson <janderson@soltra.com>
Date: 09/10/2015 10:30 AM
Subject: [cti-taxii] TAXII per Chapter 5 of Fielding
Sent by: <cti-taxii@lists.oasis-open.org>





Hello, CTI TAXII@OASIS people! Thanks to Jason and Bret for redirecting me to this discussion list.

I recently posted my first message on the CTI Users list. I'm grateful for the rapid responses from the group. In retrospect, I should have included this friendly preface in my initial message.

Here's the preface:

Preface: Throughout the software industry today, there is a popular understanding of the term "REST". You can find many sizable companies implementing a wide variety of web services under the label "REST". However, there is another philosophy of software architectural design that predates this commonly-understood "REST"--namely, that described by Dr. Roy Fielding in Chapter 5 of his dissertation. It is this earlier philosophy that I find compelling and wish to discuss.

To avoid confusion with other things called "REST", I'm intentionally calling this philosophy "Chapter 5".

To be perfectly clear, I am not now seeking another discussion about "REST"/JSON-over-HTTP/RPC/CRUD. Rather, I get excited about Resources, Content-Types and HATEOAS done well. I'm eager to find kindred spirits who are intimate with and appreciate Fielding's dissertation and would be interested in aligning TAXII with the architectural style of Chapter 5.

To my fellow fans of Fielding: "Let's talk!" And to everyone else: "I still like you! We're cool. Please don't be mad." 8^) To all: "Thanks for including me in the group. It's great to be here! Go...TAXII!"

With that preface in place, here's the initial message I posted.

Hello, CTI@OASIS people! I'm relatively new here, so please forgive any heresy that follows. :^)

I've been reading the OASIS discussions for a couple months now. I've read the specification documents (whew!). I've coded with the Python libraries, and picked up on some of the nuances of TAXII, STIX and CyBOX. And my impression is...there's gotta be a better way.

Eric points out some qualities we might find in that "better way", including ubiquitous deployment. Aharon rightly brings us back home to the necessity of consumer adoption. And many of you have suggested practical changes (such as alternate data formats), as way to ease implementation, hence vendor adoption.

It sounds like we're trying to achieve Web-scale success. And that brings to mind some things I've read in Chapter 5 of Dr. Roy Fielding's dissertation. So, here's my heretical question:

What would TAXII 2.0 look like if we started from scratch* and implemented it according to Chapter 5?

Sincerely,
John Anderson



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]