|
I think this is a brilliant idea.
Bret
Sent from my Commodore 64
FWIW versioning would be a great scenario to try to build a reference implementation on top of. If we want to make sure it works, as with patterning and data markings, I think we have to. Preferably we’d have two independently developed prototypes and
have them exchange versioned content following the use cases that Pam outlines below.
John
These are great work flow examples. We need to enable valid work flows, but we need to be careful that we do not enable bad behavior that will make parsing and organizing the data hard.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
I agree that it would cause a lot of confusion if anyone can revision an object. Also, I think anyone should be able to provide suggested revisions to any object.
More spitballing. Scenarios
scenario 1: Originator discovery of
new information that results in revision/revocation
scenario 2: Non-originator references previously shared information that
- provides additional information on that topic including identification of errors.
- indicates they are requesting revocation (from the originator)
Then
the Originator revises or revokes previously
shared information based on non-originator feedback –
and includes references to
the non-originator’s input. This assumes that the originator is and remains the authoritative source.
If the Originator does not maintain their own material in the face of a lot of input from others, then in some Darwinian fashion, someone else will take over as a new Originator of a new object, I guess.
Pam Smith
JHU/APL
Question - who is "allowed" to revision an object? Can only the originator revision, or can anyone?
I presume that many people assume that only the originator can revision an object - if that is so we should call this out explicitly. The current STIX versioning description ( http://stixproject.github.io/documentation/concepts/versioning/ )
implies that anyone can version an object so long as it is "sufficiently unchanged". I think that will lead to a lot of confusion if anyone can revision an object.
On the other hand, if we want to get to the world of widespread object re-use and non-duplication, then third parties have to be able to revision objects. But what if I want to be the authoritative source? Should there be an attribute like "versioning_allowed"
?
I am just spitballing.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
<graycol.gif>Patrick Maroney ---02/11/2016 11:10:17 PM---Although I suspect I'm banned from using the term Timestamp for at least a year ;-) ...Here's an int
From: Patrick Maroney <Pmaroney@Specere.org>
To: "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org>
Date: 02/11/2016 11:10 PM
Subject: Re: [cti] versioning
Sent by: <cti@lists.oasis-open.org>
Although I suspect I'm banned from using the term Timestamp for at least a year ;-)
...Here's an interesting concept to consider:
{from:1388534400000,to:9223372036854775807}
Note: Ian Robison uses uses epoch time in this example, so that may buy me some cover ;-)
Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
<0C160672.gif>
President
Integrated Networking Technologies, Inc.
PO Box 569
Marlton, NJ 08053
From: "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@bluecoat.com>
Date: Thursday, February 11, 2016 at 7:48 PM
To: "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org>
Subject: [cti] versioning
What would people think about a versioning concept where each TLO had a "serial_number" field that was of type integer. And every object that gets created by a producer will start with serial_number "1". Then as they update
the TLO, the producer will just incase the serial_number.
I want to get the discussion started as I know some have very strong opinions on how it should work. But I also think, that with some good back and forth dialog, and some "coming to middle ground" we could solve this pretty
quickly.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|