[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti] Internationalization: lang field required or optional?
|
Hi,
[I will reiterate (with a little bit of update) my concern stated
in the #i18n Slack channel here.] My concern is that no one would include lang: tag in their STIX if we make it optional, that it makes almost meaningless to define lang: tag, and
that is it somewhat problematic from
“promoting interoperability”
point of view. I guess usually analysts would communicate within circles speaking the same language,
e.g. English, Japanese. It works just fine without lang: tag as long as they are
within each circle of the same language. What I envision is (and I think it is the reason why we want to introduce lang: tag in the first place)
that we will see more CTI flowing across language borders. At that time, we cannot provide good interoperability for cross-language-border CTI contents. I saw an argument that it is difficult to determine which language the user is using. But in these days, all modern OS has its language (package and/or locale) to run.
As such, it is just a matter of application to pick the language the OS is using and
provide the language code for lang: tag it is already using. [I believe something like the following should work for Python (data is a STIX Object) import ctypes windll = ctypes.windll.kernel32 language = locale.windows_locale[ windll.GetUserDefaultUILanguage() ] data[“lang”]
= language[0:1] ] It would be a very conscious act for an analyst to provide CTI in a different language
if the application is displaying the menu in another language. Therefore, it should not be much to let the analyst specify lang: tag anyway. That is my argument for making twelve additional bytes
(thank you for the correct count, JMG!) required. Regards, Ryu From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org]
On Behalf Of Allan Thomson I think we are talking past each other. I’m not suggesting its only for multi-language. But I think this email thread is not ideal place to resolve the issues. allan From: Bret Jordan <Bret_Jordan@symantec.com> >> But by marking it required in the spec means that all content must have it even when most content is not multi-language. This is not correct. The lang field is not for marking multi-language content, but rather, identify the language of the SDO/SRO. Bret From: Allan Thomson <athomson@lookingglasscyber.com> If you are expecting to use different language content then its required for interoperability reasons. But by marking it required in the spec means that all content must have it even when most content is not multi-language.
I generally would prefer more tolerance in the spec level and let the products/market use good behavior to drive what fields are included or not. If people care about language and multi-language support then they will use it. If they don’t then they wont be interoperable as that will be part of the test in the interop spec. allan From: Bret Jordan <Bret_Jordan@symantec.com> My thoughts.... 1) In reality we are talking about a feature not a property. 2) If it is property of this feature is optional, then the only products that will implement this feature, are those that care about internationalization. 3) If it is required, then everyone will be forced to implement it. Personally I see this as a data quality issue, not a STIX issue. And I think both sides can suffer from it. Problems with Required: a) product or tool does not care, does not provide a UX for it, and just hard codes it to something, say "en" b) product or tool does provide a UX for it, but analyst does not care and it just remains what ever the default is. Problems with Optional: a) product or tool does not care, does not provide a UX for it, and just leaves it out of the data. So it is undef. b) product or tool does care and provides a UX for it and the analyst does not care and leaves it blank. c) Broker product or tool takes in data that has a lang tag, but they do not support that feature so they never implemented it. So when the data goes back out the other side, the
language tag is now missing. I personally do not see the harm in requiring tools to support and populate the Lang tag. In the spec we can define an "unknown" value, so if you are doing bulk loading of data and
you honestly do not know the language, you could just flag it as "unknown". Then at least as the consumer you would know that the producer did not know the language. Versus getting an object where the language tag is omitted and you do not know if: i) they did not know the language ii) there tool did not support it iii) they were just lazy and did not add it. Once again, this is a data quality problem and if we make the lang field required, then it is a SUPER EASY interop test to see if they do it right. If it is optional, then you are
just at a guess all the time. Bret From:
cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com> Prefer optional. From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
on behalf of "Wunder, John" <jwunder@mitre.org> Hey everyone, We’re getting very close to having a completed approach for internationalization, you can see the full writeup here:
https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.61fy0hlsdirz We do have one remaining question before we can move forward though. As part of the proposal, every single top-level object has a “lang” field, that identifies the language of the text content
in that object. What we need to decide is whether we make that field required or optional. If we make the field required, every top-level object in STIX (SDOs and SROs) would have to have a “lang” field in it or it would be invalid STIX. If we make it optional, producers could either
include the field or not. Here are some thoughts: Making it required: -
All SDOs and SROs would have a language tag, so consumers could depend on it being there -
It would encourage producers to actually fill it out, because they wouldn’t be creating valid STIX otherwise -
It shows we have a commitment to internationalization Making it optional: -
Any SRO or SDO could have a language tag, so consumers could not depend on it -
Producers would not have to create it -
We do have a SHOULD requirement saying that it should be included My opinion is that we should make it optional. If it’s required, I think people who don’t want to do internationalization (especially those creating one-off scripts or open source tools) will
hardcode it to English and things will be mislabeled. If it’s optional, I think those who need/want to support internationalization and would do it right (most/all vendors, major open source projects) will populate it correctly regardless…because they need
it…while those who couldn’t be bothered will be able to leave it off and we won’t have mis-labeled data. Also it’s almost not worth saying, but we already have a bunch of required fields on every SDO/SRO and I’ve already had one conversation with someone who
said there’s a lot of bloat…would like to avoid adding to that. Anyway, what does everyone think…required or optional? John |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]