[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] TAXII Architecture
Note that what TAXII has defined for repositories is purely transport requirements….how they expose data, how data is transferred, etc. It explicitly is content-neutral.
The problem with having only the message broker is that while a lot of threat intel is shared as pub/sub, there are also requirements for request/response. Query, content libraries, and other request-response types of sharing patterns need to be considered
as well, and the TAXII repository specification does that. It doesn’t define how the backend repository works, but it does define how to expose that data in a standard way (much as TAXII 1.1 did with its concept of data collections and query).
So…I agree with you on the scope of TAXII, but I think you’re misinterpreting what they mean when they say “repository spec” in the context of TAXII.
John
PS: I’m not saying that repository should be a MUST requirement. As I said earlier, I think we should let TAXII software support either or both.
From: <cti-taxii@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com>
Date: Wednesday, December 16, 2015 at 10:14 AM To: Patrick Maroney <Pmaroney@specere.org> Cc: Eric Burger <Eric.Burger@georgetown.edu>, "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org> Subject: Re: [cti-taxii] TAXII Architecture I concur.
2015-12-16 18:12 GMT+03:00 Patrick Maroney
<Pmaroney@specere.org>:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]