OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [Non-DoD Source] Re: [cti] JSON or what???


My attempt to identify that we need to be careful of making and agreeing to very generaI statements.

I disagree with the principle generalization in statement #1 below.  Not all developers prefer JSON and just because they prefer it does not mean they are more familiar with it.  They may have been using xml for years now also.  In addition, just because they prefer it and may be more familiar with it does not mean it is easier.

#3 below is an implication that namespacing is bad.  In our world of multiple terms and specifications that have a lot of similarities, between communities of interest, namespacing is a god send.

If we are going to make statements such as these two we need them to be backed by documented requirements, reference and/or statistics (I know statistics can be manipulated).


James Bohling,
Joint Staff J6, DD Cyber and C4 Integration, Chief, Cyberspace Interoperability Data and Services Division ☎ 757-836-8079 NIPR:james.t.bohling.civ@mail.mil SIPR:james.t.bohling.civ@mail.smil.mil

-----Original Message-----
From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Jordan, Bret
Sent: Wednesday, November 18, 2015 11:13 AM
To: Paul Patrick
Cc: Jerome Athias; Taylor, Marlon; Aharon Chernin; jwunder@mitre.org; cti@lists.oasis-open.org
Subject: [Non-DoD Source] Re: [cti] JSON or what???

All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. 


EclecticIQ might be willing to share an example or two from their JSON STIX implementation.  You can see what we did in JSON TAXII and compare that with XML TAXII and get a really good idea of how it would look in STIX land.  

1) Remember the reason it will be easier is developers prefer JSON and thus are more familiar with working with it.

2) JSON types map to code type

3) No namespace and xsi-type cruft to deal with

4) Generally a flatter and easier to consume structure.  

Yes it will take a bit of work to get the JSON binding done.  It is not as simple as just a direct conversion from XML.  Using the UML models to go to JSON versions the XSDs to go to JSON is a LOT easier.  



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

	On Nov 18, 2015, at 06:50, Paul Patrick <ppatrick@isightpartners.com < Caution-mailto:ppatrick@isightpartners.com > > wrote:

	I tend agree with Jerome here.  I hear a lot of statements about the simplicity of JSON and yet I hear that a straight transform from XML to JSON isn’t so pretty.  I suspect a bunch of us have read papers, presentations, etc, but for me I like to see something real in a head to head comparison.

	By any chance are they any samples that show a comparison between a STIX example in the XML format and the proposed JSON format?  What would be great would be if someone would take a handful of the idioms for STIX and show the equivalent in JSON.

	Paul Patrick
	iSIGHT Partners

	From: <cti@lists.oasis-open.org < Caution-mailto:cti@lists.oasis-open.org > > on behalf of Jerome Athias <athiasjerome@GMAIL.COM < Caution-mailto:athiasjerome@GMAIL.COM > >
	Date: Friday, November 13, 2015 at 11:35 PM
	To: "Taylor, Marlon" <Marlon.Taylor@hq.dhs.gov < Caution-mailto:Marlon.Taylor@hq.dhs.gov > >
	Cc: "achernin@soltra.com < Caution-mailto:achernin@soltra.com > " <achernin@soltra.com < Caution-mailto:achernin@soltra.com > >, "bret.jordan@bluecoat.com < Caution-mailto:bret.jordan@bluecoat.com > " <bret.jordan@bluecoat.com < Caution-mailto:bret.jordan@bluecoat.com > >, "jwunder@mitre.org < Caution-mailto:jwunder@mitre.org > " <jwunder@mitre.org < Caution-mailto:jwunder@mitre.org > >, "cti@lists.oasis-open.org < Caution-mailto:cti@lists.oasis-open.org > " <cti@lists.oasis-open.org < Caution-mailto:cti@lists.oasis-open.org > >
	Subject: [cti] Re: JSON or what???

		In short
		Why JSON?

		Could you put more efforts on showing us how you can convince majority of us?
		Study papers, presentations with pros/cons...
		Sell me your thing
		On Friday, 13 November 2015, Taylor, Marlon <Marlon.Taylor@hq.dhs.gov < Caution-mailto:Marlon.Taylor@hq.dhs.gov > > wrote:

			Changed the thread title since the topic changed.
			We had several discussions about JSON in the past with no result of a complete STIX implementation. XML to JSON, as a format, can be done. I think we should show the JSON validation mechanism(s) that will be used by the CTI/SC to assure producers/consumers that we can provide means of testing schema/spec conformity.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]