[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] The need (or no need) for TAXII to support Query
Protocol Specs aren't API specs. They simply describe the 'standard' message sequences and their message's format. A Web Services API is really a protocol. Protocol Services are responsible for participating in proper message sequence interchanges, and proper handling of their message formats. RestFUL Web Services 'API's' are really protocols with a simple call response / sessionless character - hence their confusion with 'API.' So if by 'API direction' we're talking RestFUL Web Services - I content it's still protocol and should be handled as one. Multi-sequence protocol requests (i.e. Multi-Part POLL Requests) require a proper protocol sequence and message definitions for both caller and responder. An API spec does not handle this well unless you bury the protocol operations.
The specification should describe sequence and message formats for all elements of a conversation between client and server. That's why this is a Protocol Spec, and not an API spec.
Cheers!
~r
ron.williams@us.ibm.com | stsm, ibm master inventor | chief architect, infrastructure protection | divisional idt lead | ibm | mobile +1.512.633.7711 | ofc +1.720.349.2236
羅恩·威廉姆斯 | 首席架構師基礎設施保護 | IBM安全
"It is much less dangerous to think like a man of action, than to act like a man of thought." - Nicholas Nassim Taleb
"Jordan, Bret" ---10/19/2015 18:24:50---Would it be possible to treat Query as a separate work product and specification TAXII SC? The reas
From: "Jordan, Bret" <bret.jordan@bluecoat.com>
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc: Terry MacDonald <terry.macdonald@threatloop.com>, Mark Davidson <mdavidson@mitre.org>, Trey Darley <trey@soltra.com>, "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 10/19/2015 18:24
Subject: Re: [cti-taxii] The need (or no need) for TAXII to support Query
Sent by: <cti-taxii@lists.oasis-open.org>
Agree 100% with your vision Terry and I think you expressed the argument better than I.
Now my question is, how to make it a reality :) IE, if STIX is responsible for answering QUERY messages, how does this work...
Presumably, if TAXII 2.0 was a REST service, then you would want QUERY 2.0 to be a REST service as well so that servers who have TAXII can also run a QUERY endpoint on the same port.
So that is feasible, but the question is, how do we come up with the specification for this service. Is this something for the STIX SC? Or a "QUERY" SC?
-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
<graycol.gif>Terry MacDonald ---2015/10/17 01:22:25 AM---Hi All, Just splitting this out into its own thread so we can all keep track :)
From: Terry MacDonald <terry.macdonald@threatloop.com>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: "Davidson II, Mark S" <mdavidson@mitre.org>, Trey Darley <trey@soltra.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 2015/10/17 01:22 AM
Subject: [cti-taxii] The need (or no need) for TAXII to support Query
Sent by: <cti-taxii@lists.oasis-open.org>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]