OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-taxii] Authentication in TAXII


Provided comments on the github issue.

 

Allan Thomson

CTO (+1-408-331-6646)

LookingGlass Cyber Solutions

From: <cti-taxii@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Monday, May 7, 2018 at 12:44 PM
To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Subject: [cti-taxii] Authentication in TAXII

 

All,

 

There has been some discussion in Slack and on Github about relaxing the requirement for TAXII Servers to support Basic Authentication.  

 

https://github.com/oasis-tcs/cti-taxii2/issues/58

 

What do people think of this?  

 

If we decide to do this, we may need to look at adding some sort of optional property to the discovery resource, the API-Root resource, or some place else to let the client know what kind of authentication is supported.  What I would like to avoid is requiring the owner of a TAXII client from having to pick up the phone and calling the owner of the TAXII server to figure out what kind of authentication they use.  

 

Bret

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]