Detailed sub-issues for the topic of refactoring "sources"

["Barnum, Sean D." <sbarnum@mitre.org>]

Here is the promised follow-up to the email with the concise high-level proposal statement for refactoring sources.

This is a stab at identifying several of the key sub-issues that need to be discussed/decided to make the proposed approach a practical reality.

More detailed sub-issues to be discussed/decided:

• What should the structure of the Reference TLO look like?
  • Current proposal is three properties: (this addresses the “external_ids” issue as well)
  • “reference_URL” (optional) - specifies a URL to the external reference
  • “external_identifier” (optional) - specifies an identifier for the external reference content
  • “defining_context” (optional) - specifies the context within which the external_identifier is defined (system, registry, organization, etc.)
• Use “created_by_ref” on each TLO as shorthand for “Producer” source relationships?
  • Should “created_by_ref” shorthand and “Producer” Has Source relationship both be explicitly supported?  What if there is conflicting information?
  • Should “created_by_ref” be optional or required?
• Does leaving out both a created_by_ref and has_source relationship for an object imply anonymity?
• What values should be in the default vocabulary for the Roles property on Has Source relationships?
• Should “Has Source” relationship support many-to-one capability to assert lots of STIX content has the same source in an efficient manner? Is the “efficiency” issue necessary to address at this time?
  • Basically this:
    • Relationship
      • ID = id-5
      • From = id-2, id-3, id-4
      • To = id-1
      • Nature = Has Source
  • Versus this:
  • Relationship
  • ID = id-5
  • From = id-2
  • To = id-1
  • Nature = Has Source
  • Relationship
    • ID = id-6
    • From = id-3
    • To = id-1
    • Nature = Has Source
  • Relationship
    • ID = id-7
    • From = id-4
    • To = id-1
    • Nature = Has Source