[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] Towards a better understanding of JSON-LD (Was: MTI Binding)
There needs to be one and only one on-the-wire serialization for the default case which is probably 90+% maybe as high as 95+% of the market. There will also need to be an option for an additional on-the-wire serialization to support super high bandwidth conditions where something like Protobuf or Cap-n-Proto would be the logical choice. If we do NOT have a default serialization that everyone can just use and it just works (think DLNA for security tools) then all of this is for not and we might as well go back to our day jobs. To be clear: 1) We need a high level format like UML to represent the data model. I personally like UML as it is something that data modelers can live with and developers / implementers can still use and understand. It also does not require massively expensive modeling tools to look at or understand. 2) We need a very expressive and yet intuitive data model that is easy to understand but allows rich documentation of threats, their relationships, and sightings. 3) I personally do not believe we need a strict serialization binding from the model to the on-the-wire format. A binding between UML and JSON+JSONSchema is where we need to go. 4) My proposal is and has been: UML Data Model with JSON+JSONSchema serialization with the option of Protobuf/Cap-n-Proto as a secondary serialization. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]