Adam,
Thanks for the find. I will need to carefully verify this, but I think you are correct.
Bret
Sure thing Marlon!
We also noticed what we think is a minor error in the spec.
The 'GET Object Manifests' API (section 5.3) specifies the 'Accept' header requiring the STIX media type. Required Headers Accept: application/taxii+json;version=2.1,application/stix+json;version=2.1
We don't think this is correct because (a) the spec explicitly states removal of all STIX media types in favor of the Envelope response, (b) there is no STIX actually being returned (only TAXII Manifest Resources), (c) the associated 'Response' section does not include the STIX media type in its 'Content-Type' header (which it should, if it were returning that media type).
I don't think we should require the 'Accept' header value, for the above reasons.
Best, Adam
This the type of constructive feedback/involvement Iâm talking about! (I actually asked the same question last week and yesterday) Thanks Adam, -Marlon
CAUTION:
This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions
or concerns.
All,
It appears that TAXII 2.1 Envelopes were introduced in such a way that allows their fields to be backwards compatible with STIX Bundles, so that there is compatibility between TAXII 2.0 and TAXII 2.1 clients.
However, there is some ambiguity surrounding the explicitness of the TAXII 2.1 specification. It mentions that
When requesting STIX 2 content, that content will always be delivered in a TAXII envelope even
if there only one object returned.
When adding STIX 2 content, clients MUST deliver all objects in a TAXII envelope.
If STIX Bundles are TAXII envelopes, then there is no ambiguity.
However, there is a slight semantic argument to be made around "is" or "is not". My interpretation would be that Bundles are Envelopes, but Envelopes are not Bundles. Envelopes do not include the required 'type' and 'id' fields
to be interpreted as Bundles. However, an Envelope has only 3 (optional) properties, one of which is 'objects'. So a Bundle could be interpreted as an Envelope. This is further supported by the 'Must Ignore' property of I-JSON for "unrecognized fields" (https://tools.ietf.org/html/rfc7493,
Sec. 4.2).
Is this interpretation correct? Furthermore, is allowing a Bundle for the 'Add Objects' API in TAXII 2.1 acceptable?
|