Here is the promised follow-up to the email with the concise high-level proposal statement for refactoring sources.
This is a stab at identifying several of the key sub-issues that need to be discussed/decided to make the proposed approach a practical reality.
More detailed sub-issues to be discussed/decided:
- What should the structure of the Reference TLO look like?
- Current proposal is three properties: (this addresses the “external_ids” issue
as well)
- “reference_URL” (optional) - specifies a URL to the external reference
- “external_identifier” (optional) - specifies an identifier for the external reference content
- “defining_context” (optional) - specifies the context within which the external_identifier is defined (system, registry, organization, etc.)
- Use “created_by_ref” on each TLO as shorthand for “Producer” source relationships?
- Should “created_by_ref” shorthand and “Producer” Has Source relationship both be explicitly supported?
What if there is conflicting information?
- Should “created_by_ref” be optional or required?
-
Does leaving out both a created_by_ref and has_source relationship for an object imply anonymity?
-
What values should be in the default vocabulary for the Roles property on Has Source relationships?
-
Should “Has Source” relationship support many-to-one capability to assert lots of STIX content has the same source in an efficient manner? Is the “efficiency” issue necessary to address at this time?
- Basically this:
- Relationship
- From = id-2, id-3, id-4
- To = id-1
- Versus this:
- Relationship
- ID = id-6
- From = id-3
- To = id-1
- Relationship
- ID = id-7
- From = id-4
- To = id-1