RE: [cti-taxii] Items in scope vs out of scope

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

From my perspective - while I think that having QUERY for CTI is a fundamental and necessary use case - I think bundling it in with TAXII creates needless confusion.

Not all use cases for TAXII care about QUERY. And not all use cases that care about QUERY, care about TAXII.

QUERY also has a lot more implicit ties to the data model. TAXII does not need any of these.

I feel that QUERY should be it's own separate API that may even follow a totally different paradigm. It should have it's own, seperate specification - and if needed, even have a different CTI subcommittee created for it.

It's really an entirely different use case. Just because they were shoe-horned together in TAXII 1.X does not mean we can not fork it off now.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


"Davidson II, Mark S" ---2015/10/16 08:37:12 AM---Trey, One of our stated requirements for TAXII 2 is feature parity with TAXII 1.x [1]. To me, that m

From: "Davidson II, Mark S" <mdavidson@mitre.org>
To: Trey Darley <trey@soltra.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 2015/10/16 08:37 AM
Subject: RE: [cti-taxii] Items in scope vs out of scope
Sent by: <cti-taxii@lists.oasis-open.org>

---

Trey,

One of our stated requirements for TAXII 2 is feature parity with TAXII 1.x [1]. To me, that means query has not been scoped out. That said, there is still plenty of conversation to be had about query (e.g., what feature set constitutes 'feature parity' as well as the actual design).

The graphic Bret shared was intended to convey that for any particular discussion there are four high level buckets of "scope" to consider. The graphic was not intended to be a complete list of TAXII 2 features - it only includes items that this SC have discussed so far.

If you (or anyone) have ideas or requirements for query, please share them!

Thank you.
-Mark

[1] https://github.com/TAXIIProject/TAXII-Specifications/wiki/TAXII-2.0-Requirements

-----Original Message-----
From: Trey Darley [mailto:trey@soltra.com] 
Sent: Friday, October 16, 2015 4:22 AM
To: Jordan, Bret <bret.jordan@bluecoat.com>; Davidson II, Mark S <mdavidson@mitre.org>
Cc: cti-taxii@lists.oasis-open.org
Subject: Re: [cti-taxii] Items in scope vs out of scope

On 15.10.2015 17:28:48, Jordan, Bret wrote:
> 
> As we begin work on writing the specification for TAXII 2.0 I want
> to make sure we are diligent about capturing your ideas, questions,
> comments, and concerns. I also want to try and be very clear on
> where things might fall in the scope discussion. By doing this I
> believe we will remove confusion and allow us to focus on specific
> scoping concerns that people might have.
> 
> To this end I would like to propose that we document the decisions
> we have already made in this SC and how they relate to scope in a
> manner that looks something like the following graphic..... BTW,
> this is an early rough draft with only the most basic information..
> 

Hey, Bret & Mark -

Am I correct in my understanding that a query capability is currently
considered out of scope for TAXII 2.0?

-- 
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com