OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-taxii] Vision Statement for TAXII

Great questions John.  And as always, thanks for your insight.  Stepping into the mud of a purpose statement, I would, off the cuff, say that:

The purpose of TAXII is to enable DLNA/Plug-n-Play like communication of CTI between systems, applications, devices, and users.

To accomplish this purpose, TAXII will combine various open and widely adopted standards and technologies in such a way as to make communicating CTI simple and easy.  

So I think Terry's vision statement still holds? 

TAXII is an open protocol for the communication of cyber threat information. Focusing on simplicity and scalability, TAXII enables authenticated and secure communication of cyber threat information across products and organizations.

Once again, thanks to everyone that is contributing to this discussion.  I am so grateful for all of your thoughts and ideas.  This is really how we make the TAXII community great, and the shinning example of what an open source community can be like.  



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Sep 17, 2015, at 09:50, Wunder, John A. <jwunder@mitre.org> wrote:

I think in order to answer Bret’s question it would be helpful to define what value-add we expect TAXII to provide to the sharing cyber threat intelligence (I include “cyber” in there because of the charter). There are a lot of generic data transports: OASIS has OData, AMQP, SOAP, HTTP, etc. Many of them provide for authentication, data integrity, channels, and other things that we’ve talked about TAXII defining. What do we expect TAXII to do beyond that that makes it better specifically for sharing CTI?

- Is it simply a standard transport/authentication so things are plug and play?
- Or, beyond that, does it define specific behaviors that are useful for sharing threat intel?
- Or, even beyond that, does it talk at all about the content that gets shared?
- As a subcategory of that, it could even reference or define specific types of payloads

This also gets at the scoping question…what problems identified in the use cases is TAXII trying to solve and which does it leave to STIX or other specs?


Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]