Re: [cti-stix] Re: [cti-users] Model / Binding Motions

[Jerome Athias <athiasjerome@gmail.com>]

I would like to state Interoperability as a requirement.


2015-10-06 21:15 GMT+03:00 Barnum, Sean D. <sbarnum@mitre.org>:
> I do not believe that we are at all ready to be making any decisions on MTI
> or even really on default bindings yet.
>
> Before such decisions can be made we first need four things:
>
> Understanding and consensus on the requirements and evaluation criteria that
> should be used to select an MTI or default binding
> Identification and understanding of potential binding options and their
> capabilities and limitations
> Understanding of how each potential binding option meets or does not meet
> the consensus requirements and evaluation criteria
> Understanding of member opinions and preferences
>
>
> We simply do not have any of these things yet. Ongoing discussions on the
> list demonstrate that clearly, I believe.
> Even if we had all of the above worked out for our current knowledge, we
> still would not necessarily have enough to make a decision today as many of
> the issues and proposals for STIX 2.0 changes have the likelihood of
> affecting the consensus requirements and evaluation criteria for an MTI.
> Any decisions made on incomplete information are likely to be poor ones.
>
> I would propose that attempting to cut short discussions aimed at addressing
> the above needs would be premature at this time.
>
> sean
>
> From: <cti-users@lists.oasis-open.org> on behalf of "Foley, Alexander - GIS"
> Date: Tuesday, October 6, 2015 at 2:05 PM
> To: "cti-users@lists.oasis-open.org", "cti-stix@lists.oasis-open.org"
> Subject: [cti-users] Model / Binding Motions
>
> By my count:
>
>
>
> 1.      We have Bret’s motion that we require a default binding for STIX and
> CybOX and it requires a second.
>
> a.      If this motion succeeds, we have Bret’s motion that JSON be chosen
> as the default binding for STIX and CybOX and it requires a second.
>
>                                                     i.     Kevin Wetzel, I
> apologize but I do not see you as a member of the cti committee… please
> follow up with myself, Rich, Chet or OASIS if that’s an incorrect assumption
>
> b.      We also have an (alternate?) proposal from Cory that JSON-LD
> specifically be chosen as our default binding and it requires a second.
>
>
>
> I must admit this conversation has been very difficult to follow – if I’m
> missing a key motion that we construct a UML / RDF / OWL model that’s
> separate from choosing a new preferred binding / data encoding, please feel
> free to propose or second any motions.
>
>
>
> Thanks,
>
>
>
> Alex
>
>
>
> From: cti-users@lists.oasis-open.org [mailto:cti-users@lists.oasis-open.org]
> On Behalf Of Jordan, Bret
> Sent: Tuesday, October 06, 2015 12:49 PM
> To: Aharon Chernin
> Cc: cti-users@lists.oasis-open.org; cti-stix@lists.oasis-open.org
> Subject: [cti-users] Re: [cti-stix] MTI Binding
>
>
>
> Sounds good...
>
>
>
> I would like to formally make a motion that we require a default binding for
> STIX 2.0 and CybOX 3.0.
>
>
>
>
>
> If this is agreed upon, then:
>
>
>
> I would like to formally make a motion that the default binding for STIX 2.0
> and CybOX 3.0 be JSON.
>
>
>
> Thanks,
>
>
>
> Bret
>
>
>
>
>
>
>
> Bret Jordan CISSP
>
> Director of Security Architecture and Standards | Office of the CTO
>
> Blue Coat Systems
>
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
>
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can
> not be unscrambled is an egg."
>
>
>
> On Oct 6, 2015, at 10:40, Aharon Chernin <achernin@soltra.com> wrote:
>
>
>
> Bret, I think we need to propose that STIX, CybOX, and TAXII have to require
> a default binding type first. Then the MTI motion could be changed to
> something like, “I would like to propose that we adopt JSON as the default
> binding”.
>
>
>
> Aharon
>
>
>
> From: <cti-stix@lists.oasis-open.org> on behalf of "Jordan, Bret"
> Date: Tuesday, October 6, 2015 at 11:45 AM
> To: "cti-users@lists.oasis-open.org", "cti-stix@lists.oasis-open.org"
> Subject: [cti-stix] MTI Binding
>
>
>
> We have had a good discussion here and on the wiki and I have seen a lot of
> people advocating for JSON to be used as the MTI.  While a few other options
> have been tossed around and discussed they do not seem to have an advocate
> pushing for them nor do they seem to have the broad support that JSON does.
>
>
>
> Therefore, I would like to formally propose that we adopt JSON as the MTI
> for STIX 2.0 and CybOX 3.0.
>
>
>
>
>
> Thanks,
>
>
>
> Bret
>
>
>
>
>
>
>
> Bret Jordan CISSP
>
> Director of Security Architecture and Standards | Office of the CTO
>
> Blue Coat Systems
>
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
>
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can
> not be unscrambled is an egg."
>
>
>
> On Oct 6, 2015, at 06:17, Davidson II, Mark S <mdavidson@MITRE.ORG> wrote:
>
>
>
> I think we’re wrapped around the axle a little bit on this whole topic. I’d
> like to try and step back and ask some basic questions:
>
>
>
> 1. Is anyone actually proposing JSON-LD as the MTI for STIX? I’ve seen the
> question asked, and I’ve seen lots of discussion. Is there somebody who
> would like to come forward and state their opinion that JSON-LD should be
> the MTI for STIX?
>
> Note: I see this question as a higher bar than asking who thinks we should
> consider it – IMO the recent discussion makes it clear that we are
> considering it
>
>
> 2. There was an opinion that the proposed examples (the indicator and
> incident idioms) wouldn’t be sufficient for comparing size and complexity.
> What examples would be sufficient?
>
>
> 3. What toolchain is required to develop software that supports using a
> model without any custom code? Maybe I’m missing something, but if I have a
> product and I want to add STIX support, won’t developers have to write code?
>
> I guess at its core – I hear what people are saying about models and not
> programming to the data syntax, I just don’t understand how that actually
> works (the more concrete the example the better, at least for me).
>
>
>
> Thank you.
>
> -Mark
>
>
>
>
>
>
>
> ________________________________
> This message, and any attachments, is for the intended recipient(s) only,
> may contain information that is privileged, confidential and/or proprietary
> and subject to important terms and conditions available at
> http://www.bankofamerica.com/emaildisclaimer. If you are not the intended
> recipient, please delete this message.