[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Question about multiple trust group support
| All, There has been a very lively discussion on the TAXII Slack channel today, some 1,000+ messages going back and forth. And what I have realized is a lot of the arguments back and forth are based around a very basic question that we might not be in alignment on. So I am bringing this question to the email list do discuss and decide on. My hope is that we can get some solid requirements around this idea or solid reasons why it is NOT a good idea. Please contribute pros or cons and rational for your answer. Question: Should TAXII 2.0 support multiple Trust Groups on a single TAXII instance? Meaning should TAXII allow multiple Indicator channels on a single instance of TAXII and restrict access to them based on who a user is, meaning is the user part of a certain Trust Groups or Groups of Interest? Context: It is common in the threat sharing landscape today that researchers will share specific CTI over email or IM with a small group of people, often access to these email lists is highly restricted. Those same researchers may also share more generalized versions of that CTI with an even larger group of people or may post it on a blog or make it available via an RSS feed. So should TAXII support the idea of having different Trust Groups on the same TAXII server? Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." |
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]