OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-taxii] The need (or no need) for TAXII to support Query


On 29.10.2015 13:55:47, Davidson II, Mark S wrote:
> Some other comments:
> 
> * If we create the API right, we can distinguish STIX/CybOX versions
> * by MIME type using HTTP Accept/Content-Type headers and we won't
> * need separate URLs for them (e.g., the API can stay the same as
> * STIX/CybOX change)
> 

This is true, but I still think (regardless of XML/JSON discussion)
that STIX and CybOX objects should continue to have the schema version
embedded within them as a mandatory field. Explicit > implicit when it
comes to parsing interoperability.

> 
> * Having Relationships become a top level object will simplify the
> * Query API design considerably. Instead of needing structure (e.g.,
> * /related/ttp/) you could just query the relationship object and
> * specify certain fields/values (e.g., from_idref=1234,
> * to_type=ttp).
> 

Good point, I hadn't thought about the implications of introducing the
Relationship object.

> 
> * De-nesting of properties (aka STIX/CybOX simplification) will
> * probably have a positive impact on the Query API.
>

Hallelujah (1000x) & amen!

-- 
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
--
"Every old idea will be proposed again with a different name and a
different presentation, regardless of whether it works." --RFC 1925

Attachment: signature.asc
Description: PGP signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]