The thing I think we did better this time is that there are no fields in bundle other than an ID, type=bundle, and the containers for the content. So if you want to give meaning to bundle
it’s going to be very limited to “this stuff all came in the same bundle” or something contextual about it – in which case you’re giving meaning to the fact that it came all at once rather than all in a single bundle.
In contrast, in 1.x we had a situation where in 1.0-1.1 a STIX_Package /might have/ had semantic meaning but also might not have depending on which fields you filled out. In 1.2 we made
it so it never did, but even then the title and description fields had to remain as deprecated to avoid breaking compatibility. We now have a clean break and opportunity to fix that (hence calling it bundle and not package). I do think some of the language
is just a reaction to the poor situation in 1.2 and trying to be overly cautious about it in 2.0.
So hopefully it all works out.
John
From:
<cti@lists.oasis-open.org>, Eric Burger <ewb25@georgetown.edu> on behalf of Eric Burger <Eric.Burger@georgetown.edu>
Date: Wednesday, November 16, 2016 at 8:14 AM
To: <cti@lists.oasis-open.org>
Subject: Re: [cti] Text around bundle
The academic in me has to point out the arguments for Bundle boil down to a layer violation: for transport convenience, and not semantic transfer, we want to stuff a bunch of stuff into a Bundle.
The pragmatist in me says Who Cares?
The warning sign is the discussion of wanting to put language in the spec about the semantics of Bundle. It is odd to weird to say the semantics aren’t. If people have “gotten it wrong” in the past, that means people read in semantics even
if we say there are no semantics. That says our experience is there will be interoperability problems if we do go this route.
On the other hand, if we make it clear a Bundle is not a STIX construct but just a JSON hack, life could be good.
Yes, indeed, the only reason this object exists really is so that we can describe the top level object wrapper we need to make a valid JSON file that contains the STIX.
--
Sent from my mobile device, please excuse any typos.
Trey Darley --- Re: [cti] Text around bundle ---
On 15.11.2016 19:39:47, Eric Burger wrote:
> Why isn’t TAXII the way to send a bunch of unrelated STIX things in
> a single TAXII message?
>
Hey, Eric -
Because there is a sizable constituency that will not use TAXII as a
transport mechanism for STIX. Think IC. Think sneaker-net and
cross-domain guards.
--
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"In theory there is no difference between theory and practice; in
practice there is." --anonymous