Re: [cti-taxii] Vision Statement for TAXII

[Jerome Athias <athiasjerome@gmail.com>]

That's a critical point IMHO. Thanks for asking John.

2015-09-17 18:50 GMT+03:00 Wunder, John A. <jwunder@mitre.org>:
> I think in order to answer Bret’s question it would be helpful to define
> what value-add we expect TAXII to provide to the sharing cyber threat
> intelligence (I include “cyber” in there because of the charter). There are
> a lot of generic data transports: OASIS has OData, AMQP, SOAP, HTTP, etc.
> Many of them provide for authentication, data integrity, channels, and other
> things that we’ve talked about TAXII defining. What do we expect TAXII to do
> beyond that that makes it better specifically for sharing CTI?
>
> - Is it simply a standard transport/authentication so things are plug and
> play?
> - Or, beyond that, does it define specific behaviors that are useful for
> sharing threat intel?
> - Or, even beyond that, does it talk at all about the content that gets
> shared?
> - As a subcategory of that, it could even reference or define specific types
> of payloads
>
> This also gets at the scoping question…what problems identified in the use
> cases is TAXII trying to solve and which does it leave to STIX or other
> specs?
>
> John