[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Gap Analysis
FWIW, the data security version of tokenization [1] is very different from the computer programming concept of tokenization [2].
I think we can add it as an item to track and vote on. This will make things a little messier to track for John – maybe we have a section for things that were added after the initial request?
This is based only on a quick reading, but IMO a key concept in tokenization is the process that is necessary to support it. It seems that the tokenization concept requires a system/process for mapping tokenized values back to the sensitive data element.
I would vote non-MVP on tokenization. The keystone of my opinion is that I haven’t seen evidence that tokenization is needed for STIX 2.0 to be viable. I understand the goal, but I personally haven’t heard anyone say that they can't use STIX 2.0 unless
it has tokenization. My understanding is nascent and I could change my vote if enough evidence is provided that STIX 2.0 is not viable without tokenization.
Thank you.
-Mark
From: <cti@lists.oasis-open.org> on behalf of JG on CTI-TC <jg@ctin.us>
Date: Sunday, April 3, 2016 at 11:27 PM To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Subject: Re: [cti] Gap Analysis Patrick/Bret & All:
Where would the issue of Tokenization fit into the MVP list? See attached. Jane On 4/3/2016 4:36 PM, Jordan, Bret wrote:
Thanks... And yes, the more eyes we can have on this the better.. As you find stuff that is missing, please speak up so we can add it to the list. -- Jane Ginn, MSIA, MRP Cyber Threat Intelligence Network, Inc. jg@ctin.us |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]