OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] RE: New Mini-Working Groups

By "we haven’t heard any requests to change” do you mean from OASIS? Because there have been several concerns raised by TC members regarding Slack and stated desires to find a solution that could more easily be managed within OASIS scope and provide better support for threaded discussions.
I know that Pat Maroney has even made several substantive technical suggestions for other solutions. I do not claim that any single alternative is better at this point but I would suggest that we should investigate them and be able to make an informed decision one way or the other.

I do not think that this is simply a question of everything in Slack or everything in email. That seems like FUD to me. There are other potential non-email options to explore.


From: <cti@lists.oasis-open.org> on behalf of Mark Davidson <mdavidson@soltra.com>
Date: Friday, March 11, 2016 at 11:21 AM
To: John Wunder <jwunder@mitre.org>, "Barnum, Sean D." <sbarnum@mitre.org>, "Casey, Eoghan CIV DC3/DCCI" <Eoghan.Casey@dc3.mil>, "'Jordan, Bret'" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] RE: New Mini-Working Groups

FWIW, the co-chairs have socialized the usage of slack, slack’s limitations, and potential solutions (i.e., Jason’s logger) with the right folks at OASIS. We did this early on when we started using slack. To date we haven’t heard any requests to change what we are doing so we haven’t. If this changes in the future we’ll adapt as necessary.

I do hope that we keep slack – otherwise, all this traffic will end up getting dumped onto the email lists (screen cap from Slack stats page):

Thank you.

On 3/11/16, 11:05 AM, "cti@lists.oasis-open.org on behalf of Wunder, John A." <cti@lists.oasis-open.org on behalf of jwunder@mitre.org> wrote:

I want to reiterate what Sean said: the intent is that these working groups will be bringing back their results to the full list (and via the phone calls) for discussion. Nothing is being decided in the working groups, they’re spending intense effort to come to proposals that the entire list gets to review.

Additionally though we do move fairly quickly, we’re also (unlike for STIX 1.x) going to be developing prototypes and working software against these processes/models before they get formalized. I think overall that will give us a data model that is better vetted against the real world and more understood than what we had with STIX 1.x, which was essentially just us writing stuff that we thought worked in theory and hoping that it would work in practice (case in point: data markings).

I do hear the concern with Slack being blocked and I’m hoping that we can figure out some way of leveraging Jason’s code to get them auto posted on a daily basis. More importantly, I know many of the working groups are scheduling calls: given that not everyone monitors slack yet might participate in a call, all of those calls should be posted to the mailing list so people who aren’t on Slack know they’re occurring.

IMO the rules for working groups should be:
- Each full week, send a post to the list with a summary of progress. Once a week is not insane
- If you schedule any discussions, send them to the list
- If team members can’t use slack, try to work around it (have more calls, work with them daily over e-mail, etc)


On 3/11/16, 9:49 AM, "cti@lists.oasis-open.org on behalf of Barnum, Sean D." <cti@lists.oasis-open.org on behalf of sbarnum@mitre.org> wrote:

I have similar concerns.
I think we should move as rapidly as we can while still making deliberate decisions based on a full understanding of each situation. We should never let arbitrary or artificial timelines force us to make hasty or poorly informed decisions. I have no objections to working groups focused on specific tasks as long as they are inclusive of anyone wishing to collaborate and express input, as long as they actively seek to fully understand the task at focus and not to artificially constrain its scope to anyone’s personal preferences and as long as it is clear that the results from any working group are only a headstart to work from and not a settled solution. We need to be careful to present the results of a working group to the TC for ongoing discussion in a way that does not put the onus on TC members not in the working group to somehow have to “justify” their dissenting opinions. All opinions should be treated equally and with respect.
If we can do working groups in this way, I believe they can be a successful approach.

I also understand and concur with your concerns on the Slack issue.
I think we need to talk through and find a solution to these concerns.


On 3/11/16, 9:21 AM, "cti@lists.oasis-open.org on behalf of Casey, Eoghan CIV DC3/DCCI" <cti@lists.oasis-open.org on behalf of Eoghan.Casey@dc3.mil> wrote:


I believe that these efforts to make quick changes risks making hasty changes that are not adequately considered and that we will later regret.

Furthermore, these mini-working groups break the transparency that was expected when moving to OASIS. Frankly, I am surprised that OASIS is permitting the use of Slack - how do those discussion get tracked within OASIS systems? Currently, my organization does not permit access to Slack so we do not have a way to see those discussion, never mind contribute.

Until these questions are resolved, I recommend against these mini-working groups or further breakout discussions on Slack.


-----Original Message-----
Sent: Thursday, March 10, 2016 11:14 PM
Subject: [Non-DoD Source] [cti] New Mini-Working Groups


We have kicked off a few mini-working groups to address some key issues, they are as follows:

1) Patterning: Allan, John-Mark, Jason, and Ivan are heading up this discussion.  Anyone can join in on Slack at #patterning or on email.  The due date for this proposal is Tuesday March 22nd.  

2) Versioning: Looking for 3-4 people to lead this work.  Anyone can join in on Slack at #versioning or on email.  The due date for this proposal is Tuesday March 22nd

3) Sightings: Looking for 3-4 people to lead this work.  Anyone can join on Slack at #sightings or on email.  This due date for this proposal is Tuesday March 22nd.

In general we will try and run 3-4 mini-working groups at a time, each with a 2 week delivery window.  You can think of it as a sprint in development terms. If you want to be involved early on in the proposal phase, PLEASE make it known.

Further, we hope to get leadership setup for Versioning and Sightings tomorrow.  If any of you are interested in helping to lead either one of these, please let us know.  (btw, we are looking for 3-4 leaders for each topic).  They will be responsible for driving the discussion, gathering feedback from everyone, writing up proposed normative text, and then presenting their proposal on a CTI wide working call.    



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]