[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: HTTP REST API for TAXII 2.0
Since it worked well last time, I’ll threaten to interpret your silence as overwhelming agreement that the proposed REST API looks pretty awesome.
As you review the REST API, please think about the following:
· What additional information do you need to understand the design?
o If you have no context for what it is or why it’s being proposed, ask some questions! You can ask them to Bret and I directly and we’ll anonymously post them.
· For your use case, does it contain anything really bad/unworkable?
· If you’re an implementer – could you implement it?
· Are there other important questions to ask?
Given the strawman MTI discussion for using HTTP, the slack channel over the past few weeks has had a very lively discussion about what it would look like if we implemented a RESTful API for TAXII 2.0 on top of HTTP. As this discussion has started to come to a steady state, we feel that it is important to move it out of Slack and in to the formal email discussion space to see if it holds water and hopeful flesh out further ideas.
If we were to use a RESTful API over HTTP for TAXII 2.0, this would not represent a radical change form TAXII 1.1, but rather, IMO, a natural evolution of the TAXII 1.1 services concept. I also believe this will enable us to build a foundation from what future versions of TAXII, beyond 2.0, can iterate and add functionality.
The current mock up on the HTTP REST API can be found here:
NOTE: remember anyone that wants to join our Slack channel, please let us know, just be mindful that it can be very high volume.
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."