What do these motions mean, are they binding (in the sense that it’s difficult/impossible to change our mind later)? What’s the process to reach a decision on them? To what extent is that decision binding?
I agree with these statements but don’t think we’re ready for binding decisions on either of them (in particular the second). I do think it would be nice to have a non-binding decision (in the sense that we can easily change our minds later) in
order to cut off conversation on the topics until we revisit those decisions when formalizing the specifications.
(I moved this to the CTI TC list because it seems inappropriate on the users list. If I’m wrong we can move it back)
John
Sounds good...
I would like to formally make a motion that we require a default binding for STIX 2.0 and CybOX 3.0.
If this is agreed upon, then:
I would like to formally make a motion that the default binding for STIX 2.0 and CybOX 3.0 be JSON.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
Bret, I think we need to propose that STIX, CybOX, and TAXII have to require a default binding type first. Then the MTI motion could be changed to something like, “I would like to propose that we adopt JSON as the default binding”.
Aharon
We have had a good discussion here and on the wiki and I have seen a lot of people advocating for JSON to be used as the MTI. While a few other options have been tossed around and discussed they do not seem to have an advocate pushing for them nor do they
seem to have the broad support that JSON does.
Therefore, I would like to formally propose that we adopt JSON as the MTI for STIX 2.0 and CybOX 3.0.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
I think we’re wrapped around the axle a little bit on this whole topic. I’d like to try and step back and ask some basic questions:
1. Is anyone actually proposing JSON-LD as the MTI for STIX? I’ve seen the question asked, and I’ve seen lots of
discussion. Is there somebody who would like to come forward and state their opinion that JSON-LD should be the MTI for STIX?
Note: I see this question as a higher bar than asking who thinks we should consider it – IMO the recent discussion makes it clear that we are considering it
2. There was an opinion that the proposed examples (the indicator and incident idioms) wouldn’t be sufficient for comparing size and complexity. What examples
would be sufficient?
3. What toolchain is required to develop software that supports using a model without any custom code? Maybe I’m missing something, but if I have a product and
I want to add STIX support, won’t developers have to write code?
I guess at its core – I hear what people are saying about models and not programming to the data syntax, I just don’t understand how that actually works (the
more concrete the example the better, at least for me).
Thank you.
-Mark
|