Re: [cti] Versioning Mini Group discussion

["Jordan, Bret" <bret.jordan@bluecoat.com>]

Perhaps....  However, there is no guarantee that repos and solutions will keep anything other than the most current version.  

Thanks,

Bret

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Mar 21, 2016, at 11:16, Taylor, Marlon <Marlon.Taylor@hq.dhs.gov> wrote:

Hi Jason,

Among ourselves we agreed that versioning should be within the MVP for 2.0.

The ability to reference a specific version means that their should be some mechanism to explicitly state which version someone wants to represent.

We didn't explicitly cover the specific areas from which one would be able to reference a specific version. Going on the fly(others please correct me if you disagree): #1"You must be able to determine an object’s version" so I would say, you should be able to specify a version anywhere you can specify an object.

-Marlon

 

---

From: cti@lists.oasis-open.org on behalf of Jason Keirstead
Sent: Friday, March 18, 2016 8:20:19 PM
To: Marlon.Taylor@us-cert.gov
Cc: cti@lists.oasis-open.org
Subject: Re: [cti] Versioning Mini Group discussion

Hi all... Thanks for the efforts!

Questions:

- Was there any discussion on if versioning is required for STIX 2.0 (MVP)?

- Can you expand on this " You should be able to reference a specific version" . What is the definition of "reference" in this context - from where should I be able to reference a specific version? In a TAXII query? In a relationship?


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


<graycol.gif>---03/18/2016 08:00:47 PM---Hi All, Some of the members from the versioning mini group meet today to discuss versioning:

From: <Marlon.Taylor@us-cert.gov>
To: <cti@lists.oasis-open.org>
Date: 03/18/2016 08:00 PM
Subject: [cti] Versioning Mini Group discussion
Sent by: <cti@lists.oasis-open.org>

---

Hi All,

Some of the members from the versioning mini group meet today to discuss versioning:

@John-Mark, @Terry, @Sean, and @myself

Due the recent divergences on the topic of versioning, we focused on what ‘versioning’ means to us. Through our discussion we agreed upon some core principles for versioning and some derived features from those principles.

Core Principles

1. You must be able to determine an object’s version
2. Versions are immutable
3. You must be able to determine ordinality among versions
Features:
a. You should be able to reference the latest version
b. You should be able to reference the a specific version

Through these core principles we were able to define these terms going forward:

· Version – (Core #1) should be determined by some combination of an object’s properties
· Update – (Core #2) any modification of the properties used to determine version yields a new version

Using these principles we were able to address revocation as an update to a revoked object/version.

Overall it was a productive meeting and where among ourselves we have agreed on core principles for versioning.
That being said there are still open questions that need to be addressed.

-Marlon

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail