OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-taxii] RE: Vision Statement for TAXII

Wow we sure are eliminating a lot :)

I have another candidate I want to call attention to:

trusted and secure

I know it is early in the TAXII protocol discussion, but want to make sure everyone is paying attention here, because it implies a lot of things for TAXII - some of which, don't align with some ideas on the ML and on the Slack channel.

Namely - you can't have trust without a notion of authorization and access control, and also a way to validate that the second party is trustworthy in the first place. And you can't have security without encryption. So this statement to me implies that we are going to be baking in authorization, access control, external validation, and required encryption into TAXII.

I am not saying it's a bad thing - in fact I think it is very important! - but want to make sure I called it out. Currently TAXII 1.X does not do any of this at all (and doesn't actually have this in it's mission statement either).

Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

Inactive hide details for "Wunder, John A." ---2015/09/15 03:40:43 PM---Seems reasonable. A few thoughts: - do we really need "Wunder, John A." ---2015/09/15 03:40:43 PM---Seems reasonable. A few thoughts: - do we really need “between people and systems”? Doesn’t really a

From: "Wunder, John A." <jwunder@mitre.org>
To: "Davidson II, Mark S" <mdavidson@mitre.org>, "'cti-taxii@lists.oasis-open.org'" <cti-taxii@lists.oasis-open.org>
Date: 2015/09/15 03:40 PM
Subject: Re: [cti-taxii] RE: Vision Statement for TAXII
Sent by: <cti-taxii@lists.oasis-open.org>

Seems reasonable. A few thoughts:

- do we really need “between people and systems”? Doesn’t really add much IMO.
- Agree w/ Jason and Aharon that “sharing” is not the right word and is full of connotations. “communication” seems better and more clinical to me.
- I don’t really love “speeds the sharing of”…does it really speed it? What does that mean?

So with all that in mind, I’ll propose one more revision:

TAXII is an open protocol for the communication of cyber threat information. Focusing on simplicity and scalability, TAXII enables trusted and secure communication of cyber threat information across products and organizations.

Two open questions:

- “information” vs. “intelligence” — we are in the “Cyber Threat Intelligence” TC, not the “Cyber Threat Information” TC. Should we replace “information” with “intelligence”?
- Debatably you could remove the “of cyber threat information” from the second sentence, it’s a little redundant. I like it because it makes each sentence stand on its own, but can definitely see the argument for trimming it.


From: Mark Davidson
Tuesday, September 15, 2015 at 12:57 PM
"Wunder, John A.", "'cti-taxii@lists.oasis-open.org'"
RE: [cti-taxii] RE: Vision Statement for TAXII

I’d like to attempt to summarize the various comments and discussion so far, represented as an updated proposal:

I modified some language to my own personal liking. If my language is worse, we can revert it. Here’s the list of modifications:

My one criticism of the current form is that both sentences end in “sharing of cyber threat information across/between <list>”.

I’d also like to identify the calls for more definition around what TAXII is and is not – I’d like to offer that we discuss that as something of a scoping statement, separate from the vision statement. Thoughts?

Thank you all for participating in the discussion – I think we’re closing in on something we can all generally agree on, and all of your inputs have been valuable.

Thank you.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]