OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [cti] MVP Discussion

There are three distinct topics for the CTI TC to discuss in this thread but want to focus on the MVP discussion with my perspectives and suggestions for consideration by the community at large. 

Please note full support of the core objectives here of clearly defining our near term road map for our initial MVP release ASAP. This is an argument for a alternative approach to the MVP process to meet this shared community objective.

(1) We should simply vote up/down (Yes/No/Abstain) the Items (aka "Features") for inclusion in the initial release MVP.

(2) Some Items are not well described, are highly subjective in interpretation, or have an obvious bias in their descriptions. We should allow for iteration through this process. If one is not certain of the implications to their Use Cases and Requirements, they can Abstain in this round and make comments on these Items.

(2.1) Using this process we should clearly identify those broad consensus Must Items for inclusion in the MVP in the first round. The subcommittees and working groups can immediately continue/begin work on these Items.  

(2.2) We will also identify those Items requiring further definition for a reasoned CTI TC decision for inclusion in the initial MVP (or deferred to subsequent rounds).

(2.3) There may also be some complexities and inter-relations that impact other Items. We will prioritize those deferred Items where they intersect with CTI TC consensus Items view identified (2.1). This also helps us triage and select items for deferred discourse in subsequent rounds.

(3) I do not agree at all with ruling anything out for future consideration. These are long term decisions for the CTI TC and we should not in anyway arbitrarily constrain our vision/options now.  

(4) An approach that requires discourse on future features/functions now will only delay our progress. By leaving all options on the tables for future consideration we can desensitize our current discourse, collectively and narrowly focus on "what" an MVP Item is for the next release of the CTI TC standards. We can then iteratively apply our Lessons Learned, community outreach/engagement, consensus building on what will be included in the next release.  

We all move forward together.

Patrick Maroney
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org

On Wed, Apr 6, 2016 at 7:04 AM -0700, "Piazza, Rich" <rpiazza@mitre.org> wrote:

I think the purpose of a survey is to get a more nuanced answer to each feature.


The final binding vote should indicate in/out for each feature, but the vote should be for the list as a whole.


From: Mark Davidson [mailto:mdavidson@soltra.com]
Sent: Wednesday, April 06, 2016 9:17 AM
To: Chet Ensign <chet.ensign@oasis-open.org>; Piazza, Rich <rpiazza@mitre.org>
Cc: Jordan, Bret <bret.jordan@bluecoat.com>; cti@lists.oasis-open.org
Subject: Re: [cti] MVP Discussion


Since we are talking in/out list primarily, perhaps we could just have a checkbox for each option? Checking yes means “In for 2.0” and leaving the checkbox empty means “out for 2.0” with no additional clarity about abstain/2.x/never.


Personally I think the important decision in front of the group is the in/out list; the rest of the detail is IMO a nice to have and not necessary to proceed on 2.0 work. This list is something that people will point to for a while, so I’d like to do our best to get it into the OASIS ballot facility.


Thank you.



From: <cti@lists.oasis-open.org> on behalf of Chet Ensign <chet.ensign@oasis-open.org>
Date: Tuesday, April 5, 2016 at 5:35 PM
To: "Piazza, Rich" <rpiazza@mitre.org>
Cc: "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] MVP Discussion




Bret and I talked about what sort of information he'd be looking to collect. Something along the lines of... 


Option 1:  Yes, No, Maybe, Abstain, 2.0, 2.1, 2.x, Never

Option 2:  Yes, No, Maybe, Abstain, 2.0, 2.1, 2.x, Never



It is indeed difficult to see how that could be done with the OASIS ballot facility. My two concerns are (a) that whatever ballot mode is used must be available to all members and (b) that there must be some way to ensure the results of such a ballot are available for the long haul in the TC's archives. 


I doubt that anyone would be blocked from using SM so no problem there. So I'm ok with doing it this way: 


- Bret (or whoever) posts an email to the TC mailing list pointing to the survey and giving an end date when it will be closed. 

- When the survey is closed, the detailed results are downloaded and loaded to the TC's or Subcommittee's document repository. The email that is generated when a document is loaded can be annotated to state that these are the results of the survey mentioned over there. 


That way, 3 or 4 years from now, if someone asks 'how did you come up with that list' there is an audit trail to point to. 


We also discussed an approach to making the issues being debated in Slack easier for those outside the discussion group to track. More to follow on that but one key thing I suggested was a disciplined use of an issue tracking system. While we are in discussions to migrate the existing open source projects to OASIS, I told Bret that you should all feel free to request that we start projects for you now if it would be useful (and not redundant I suppose). The steps for doing that are explained in https://www.oasis-open.org/resources/open-repositories/faq 







On Tue, Apr 5, 2016 at 1:14 PM, Piazza, Rich <rpiazza@mitre.org> wrote:

Hi Chet,


The ballot/vote Bret mentioned is informal (and non-binding) – to get a pulse on the community for what should be in the minimally viable product (MVP).


My assumption is that once we come up with a definitive list of what should be in the MVP, then an official OASIS vote would be scheduled.




From:cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Chet Ensign
Sent: Tuesday, April 05, 2016 1:09 PM
To: Jordan, Bret <bret.jordan@bluecoat.com>
Cc: cti@lists.oasis-open.org
Subject: Re: [cti] MVP Discussion


Hi Bret - just noted "...voting needs to be moved to a SurveyMonkey" - I am not sure what you'd want on SM that can't be done on the TC's balloting UI. Happy to see how to configure it to make it work. Please note though that TC ballots - especially one as crucial as this - must be done on the OASIS platform. 






On Tue, Apr 5, 2016 at 12:30 PM, Jordan, Bret <bret.jordan@bluecoat.com> wrote:



I have a few concerns with the current MVP items as discussed on the call today


1) We need a statistically significant number of people to vote, before we can decide if it is in or out.


2) I feel that some of the items in the list are not well understood, and thus we got mixed voting.


3) I think this voting needs to be moved to a SurveyMonkey and we need to add the options of "abstain" and "I do not know what this means".    


4) Things that have 100% votes, should be in, and we should do those first.  


5) If the feature is not used in mass today, then it probably does not warrant being an MVP item.  Not used == not used.  I am sure between Soltra and EclecticIQ they can give us some great metrics. 


6) The current list represents a LOT of stuff.  Keep in mind that it may take groups 2-5 years to full support everything in that list.  That means in the mean time you will have a lot of products that are NOT compatible with each other.  Can you imaging the conformance issues that this will cause?  Keep in mind that even Soltra Edge does not fully support STIX 1.2 and how long ago did that come out.


7) If the 2.0 MVP does not have everything that a group needs, say the USG.  Then they can keep using STIX 1.2 until such a time that the 2.x tree does have what they need. I do not believe any of us are saying that people need to switch from STIX 1.2 to STIX 2.0 on day one.  


8) For orgs that are currently using STIX 1.2.  You will probably not want to switch to the 2.x family until about 2.2 or 2.3, would be my finger to the wind guess.


9) For orgs that are not yet doing anything with STIX yet, what is the bare minimum that you need to make a solution work.  


10) Things we do not understand well or that are not really used should be pushed to a 2.x release.  








Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 




Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 



Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]