OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Regarding Bret Jordan's three proposals

[Proposal - Simplify Data Model]
I wholeheartedly agree that we should simplify the data models and take a hard look at optional versus mandatory fields. Ivan and I listed this as one of our top priorities for CybOX 3.0 and have already been discussing possible approaches.

[Proposal - Single Binding]
I agree up to a point, however I'm remain unconvinced that using JSON for the actual *spec* is workable, given that there's no standard mechanism for expressing a JSON schema. 

[#2 Proposal - Change binding to JSON]
As I clearly stated on this list 15 July, neither the decision about changing our data representation/serialization scheme nor the question of moving our transport mechanism (TAXII) from HTTP to a queuing system should be taken in a vacuum. Instead, two small working groups should be established (one for serialization, one for transport). These working groups should be given a short list of candidates, given clear criteria by which to evaluate them, and a reasonably short deadline by which to present the pros and cons of each and make a recommendation to the entire CTI community, which should then be put to an up/down vote.

I motion that the establishment of these two working groups be put to a vote at the next general CTI community call. Furthermore, I suggest that the transport working group examine the advantages and disadvantages of moving to AMQP, 0MQ, or remaining with an HTTP-based transport mechanism. The data representation working group should examine the advantages and disadvantages of JSON, Cap'n Proto, or remaining with an XML-based data structure.

Do not misunderstand me, I am not against making radical changes! To the contrary! But there were reasons why MITRE selected the technical standards they did at the time all this got started, there are advantages and disadvantages to every choice, and we should make the final decision on the basis of *evidence* rather than rhetoric.

I've been watching these recurring debates for a couple of years now. Let's establish these working groups, give them 8 weeks to investigate, take a decision, and move on to more important questions!

Trey Darley
Senior Security Engineer
Soltra | An FS-ISAC & DTCC Company

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]