RE: [cti] Idea for Internationalization

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

Instead of re-issuing the TLO at all, I don't get why we can't just have a "translation" TLO.

This avoids having to re-issue objects at all. All IDs stay the same. Also allows any party to add translations.

Here is the concept.

{
"type": "stix-package",
"id": "stix-package--ad3d029f-6fe7-4923-aafc-3b69aed32365",
"lang" :"en-US"
“title”: "My Campaign"
}


{
"type":"translation",
"id":"stix-translation--78ac772a-ba02-4693-9b0b-39d568bc8514",
"field":"title",
"lang":"jp",
"value":"キャンペーン"
}

       "relationships": [
        {
            "id": "relationship--1",
            "type": "relationship",
            "from": "stix-package--ad3d029f-6fe7-4923-aafc-3b69aed32365",
            "to": "stix-translation--78ac772a-ba02-4693-9b0b-39d568bc8514",
            "relationship_value": "translation"
        },

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

Terry MacDonald ---02/02/2016 11:29:12 AM---Hi Brett, “The solution that Ryu and Terry have called out, work, but only for the original producer

From:        Terry MacDonald <terry@soltra.com>
To:        "Jordan, Bret" <bret.jordan@bluecoat.com>, "Wunder, John A." <jwunder@mitre.org>
Cc:        "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date:        02/02/2016 11:29 AM
Subject:        RE: [cti] Idea for Internationalization
Sent by:        <cti@lists.oasis-open.org>

---

Hi Brett,
 
“The solution that Ryu and Terry have called out, work, but only for the original producer.  Everyone that wants to add a translation, or fix a translation, would have to re-issue and re-version the entire TLO.  Which will break linkages to campaign and threat actors as the translations grow organically by themselves.” 
 
Not true, if we use the incremental versioning method which was described in the TWIGS proposal to the F2F. That *would* be true if we used major versioning, but in TWIGS we removed major versioning because of the difficulties it caused in situations like this. If we do incremental versioning as we have written in the TWIGS proposal, then the Object ID doesn’t change with new versions of the object. Which means that Option 1 (kind of what Ryu and I proposed) doesn’t result in broken linkages to campaigns and threat actors.
 
This also doesn’t result in losing the ability to track source, as another one of the TWIGS proposal ‘rules’ also applies here – that only content producers can update the objects they release. This also does means that translations can only be released by the content producers as well, which  is not optimal.
 
I prefer Option 1 but can get on-board with Option 3 if that’s what others prefer. A translation only object related to the root object does introduce a greater size, but if it is an object that allows being partially filled then that will reduce the extra characters wasted.
 
Cheers
 
Terry MacDonald
Senior STIX Subject Matter Expert
SOLTRA | An FS-ISAC and DTCC Company
+61 (407) 203 206 | terry@soltra.com