[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Regarding Bret Jordan's three proposals
Is there an international standards way to perform JSON validation yet?
Aharon Chernin
CTO SOLTRA
| An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Monday, July 27, 2015 2:44 PM To: Davidson II, Mark S Cc: Trey Darley; cti@lists.oasis-open.org Subject: Re: [cti] Regarding Bret Jordan's three proposals I agree with this in regards to TAXII.. Also keep in mind that TAXII needs to be able to carry CTI other than just STIX, CybOX, and MAEC... I personally would like to see Facebook use TAXII to send their CTI... :)
For STIX, CybOX, and MAEC, serialization is very important and needs to be addressed soon... The requirements I give to this effort, basically the show-stoppers are:
1) It must be efficient in storage and on the wire
2) It must be easy to implement and understand in various languages, meaning there must be good solid support in C, C++, Objective-C, Python, Java, Android-JAVA, Ruby, PHP, _javascript_, Go, etc, etc
3) It must work really well on handhelds. Meaning, it has to be CPU and battery friendly for Android and iOS.
4) It must be friendly for the average web developer / app developer
5) Serialization must be fast or fast-enough and should be able to scale to a Billion pieces of CTI a day.
Options for serialization:
1) Do nothing. I personally think this is a bad idea and might just be the leak that sinks the ship.
2) Stip all of the name space cruft out of XML and really simplify it down, make it more JSON like.
3) JSON
4) Binary
4a) ProtoBuf
4b) Cap-n-Proto
JSON does have a good schema validation system.. We are using it today with JSON based TAXII.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]