I am advocating that there are needs that the general info sec end users require that STIX is not currently offering. If the community
feels that the fastest way to do this is to head down the JSON/JSON Schema path then I need to accept it. I don’t have enough expertise in RDF/OWL Ontologies to be able to be able to disagree with that.
I personally do not care what we develop the model in, just as long as we can make it more useful to our end users and enable them
to better describe what they want to describe. My ultimate goal is to make it easy for end users to share and consume information that help them to defend themselves better.
I am very keen to see the output that Sean has mentioned in his recent post, as I would like everyone to be on the same page, but based
on the past few years I expect pragmatism will need to prevail. Hopefully some concrete outputs will help people who aren’t RDF/OWL wizards understand the real value in the model.
Cheers
Terry MacDonald
Senior STIX Subject Matter Expert
SOLTRA | An FS-ISAC and DTCC Company
+61 (407) 203 206 |
terry@soltra.com
From: Shawn Riley [mailto:shawn.p.riley@gmail.com]
Sent: Tuesday, 24 November 2015 7:41 AM
To: Terry MacDonald <terry@soltra.com>
Cc: Kirillov, Ivan A. <ikirillov@mitre.org>; Trey Darley <trey@soltra.com>; cti-users@lists.oasis-open.org
Subject: Re: [cti-users] Vote NO on JSON - Vote YES on JSON-LD and here is why...
To be clear then you are advocating that the part of the community who have been working on ontologies for 4 years and who have shared the ontologies with the community just abandon these so we can start over and work on producing JSONSchemas
so that we can turn around and reinvent the ontologies again down the road?
On Mon, Nov 23, 2015 at 3:28 PM, Terry MacDonald <terry@soltra.com> wrote:
Shawn,
I like the idea of creating an Ontology, but I equally recognize the requirement to quickly provide
users with more functionality so that they can do their jobs. We have a list of problems with the current version of STIX that experience has taught us over the last few years, and we have a real need to fix them in order to promote greater adoption of the
STIX/TAXII/CybOX standards. The InfoSec community already thinks STIX is complicated, or else Facebook's ThreatExchange, OpenTPX wouldn't exist. We need to act quickly or else all our hard work will be for nought, no matter if STIX is based on an Ontology
or not.
I would completely prefer an Ontology, as I think it will improve our ability to move to binary representations
in the future, but I equally don't think that there is enough appetite within the community to do so as part of STIX v2.0. I am hopeful that we can yet again reverse engineer an Ontology from the JSON representation, and I figure as long as we do things in
a standardized way throughout STIX we should be able to achieve that. If not, then we will need to wait until STIX v3.0.
My preference would always be to be able to do things logically and model things completely,
but sometimes good enough is good enough.
Cheers
Terry MacDonald
Senior STIX Subject Matter Expert
SOLTRA | An
FS-ISAC and DTCC Company
+61 (407) 203 206
| terry@soltra.com
From:
cti-users@lists.oasis-open.org
[mailto:cti-users@lists.oasis-open.org]
On Behalf Of Shawn Riley
Sent: Tuesday, 24 November 2015 7:00 AM
To: Kirillov, Ivan A. <ikirillov@mitre.org>
Cc: Trey Darley <trey@soltra.com>;
cti-users@lists.oasis-open.org
Subject: Re: [cti-users] Vote NO on JSON - Vote YES on JSON-LD and here is why...
To be fair, since part of the community has been advocating RDF/OWL2 ontologies since STIX v0.3 and we've had face to face discussions with the STIX community at Black Hat and RSA
since 2013 about the ontologies. We do have complete sets of RDF/OWL2 ontologies for each of the standards (STIX, CYBOX, MAEC, CAPEC, CWE, CVE, etc) based on their current versions today. We provided links to these to demonstrate this wasn't just "academic"
but real world. Here are links to them. https://github.com/DSIE/cyber-ontology or https://github.com/daedafusion/cyber-ontology.
I have not however seen complete JSONSchemas for each standard (STIX, CYBOX, MAEC, etc) based on the current versions. Can you please send links to the complete set of JSONSchemas
for each of the standards?
Where was the voices calling for JSON in 2012, 2013 or 2014 when we were working on the semantic ontologies and sharing lessons learned with the community online and face to face?
On Mon, Nov 23, 2015 at 2:50 PM, Kirillov, Ivan A. <ikirillov@mitre.org> wrote:
To add to Trey’s point below, JSON-LD would be a much more logical choice if STIX and CybOX had native ontological (RDF/OWL) representations. While this is likely a direction we’re
heading in, it’s not where we are at today. Given that, what is the value of JSON-LD in a UML-driven, XSD-derived representation?
Regards,
Ivan
On 11/23/15, 4:06 AM, "Trey Darley" <cti-users@lists.oasis-open.org on behalf of
trey@soltra.com> wrote:
>*Nor* is it the case that we are ruling out standardizing a JSON-LD
>CTI serialization schema *in future*. From the mail that went out
>Friday:
>
><snip>
>Likewise, the co-chairs recognize that there will be communities of
>interest requiring alternative serialization formats (XML, protobufs,
>JSON-LD, OWL, etc). The OASIS TC has a role to play in helping to
>standardize these alternative representations to ensure
>interoperabilitity. However, that work effort lies in the future.
>First we must complete the task at hand.
></snip>
|