[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Use case for data markings
Quick other note: in that first example, you ARE marking the marking-definition, with itself. Using object_marking_refs at the package level means it applies to all objects in the package, including any information sources (identities), marking definitions,
etc.
From: <cti@lists.oasis-open.org> on behalf of "Jordan, Bret" <bret.jordan@bluecoat.com>
Date: Thursday, February 25, 2016 at 6:39 PM To: Sean Barnum <sbarnum@mitre.org> Cc: Terry MacDonald <terry@soltra.com>, "Modlin, Julie K." <Julie.Modlin@jhuapl.edu>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "Moss, Mark B." <Mark.Moss@jhuapl.edu> Subject: Re: [cti] Use case for data markings So here is a real example that is formatted so you can read it, to help illustrate the issue I think Terry is trying to bring up. NOTE: I left some required fields off for brevity. In this first example, the marking-definition
file is not marked... So that is pretty simple stuff.
{
"type": "package",
"object_marking_refs": ["marking-definition--089a6ecb-cc15-43cc-9494-767639779124"],
"indicators": [
{
"type": "indicator", "id": "indicator--089a6ecb-cc15-43cc-9494-767639779235" } ],
"marking_definitions": [
{
"type": "marking-definition",
"id": "marking-definition--089a6ecb-cc15-43cc-9494-767639779124", "spec_version": "2.0", "created_at": "2016-02-19T09:11:01Z", "defintion_type": "isa", "definition": { "classification": "CLASSIFIED", "caveats": [] } ] }
Now if I want to mark the marking-definition file, it would be done like (note red text).....
{
"type": "package",
"object_marking_refs": ["marking-definition--089a6ecb-cc15-43cc-9494-767639779124"],
"indicators": [
{
"type": "indicator", "id": "indicator--089a6ecb-cc15-43cc-9494-767639779235" } ],
"marking_definitions": [
{
"type": "marking-definition",
"id": "marking-definition--089a6ecb-cc15-43cc-9494-767639779124", "spec_version": "2.0", "created_at": "2016-02-19T09:11:01Z", "object_marking_refs": ["marking-definition--089a6ecb-cc15-43cc-9494-767639779121"]
"defintion_type": "isa", "definition": { "classification": "CLASSIFIED", "caveats": [] } ] }
Now that UUID "...121" points to what? And how do you share that? If the indicator is shared but not marking-definitions UUID "...124", then how do assert what you need to know about the indicator.
I fully get the need to mark a "marking-definition", however, how is that supposed to be done? And what will work for you?
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]