OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Internationalization: lang field required or optional?

I think there is a very good reason for this. Because if the original object that has been translated gets revised, the text in the language-content object can no longer be trusted. For a relationship between a threat actor and a campaign, for example, it would be difficult to change either end drastically enough that a relationship between the two is no longer valid. However, with a translation, you could theoretically change one word (or one letter) and have the whole relationship no longer be true. It would be very important to link a translation to the EXACT text that it was a translation of.




Sarah Kelley

Senior Cyber Threat Analyst

Center for Internet Security (CIS)

Integrated Intelligence Center (IIC)

Multi-State Information Sharing and Analysis Center (MS-ISAC)

1-866-787-4722 (7×24 SOC)

Email: cert@cisecurity.org


Follow us @CISecurity



From: <cti@lists.oasis-open.org> on behalf of "Baker, Jon" <bakerj@mitre.org>
Date: Friday, February 24, 2017 at 11:29 AM
To: "Wunder, John A." <jwunder@mitre.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] Internationalization: lang field required or optional?


In reviewing the proposal, I was slightly concerned by the decision to use target_modified as a required property when specifying the relationship from the new language-content object to the STIX object that it provides a translation for. All other relationships in STIX 2.0 use only an ID. With STIX 2.0 we made a concerted effort to ensure that there was only one way to express relationships throughout the specification. Why should we depart from that approach for this object?




From: <cti@lists.oasis-open.org> on behalf of "Wunder, John A." <jwunder@mitre.org>
Date: Thursday, February 23, 2017 at 3:59 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Internationalization: lang field required or optional?


Hey everyone,


We’re getting very close to having a completed approach for internationalization, you can see the full writeup here: https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.61fy0hlsdirz


We do have one remaining question before we can move forward though. As part of the proposal, every single top-level object has a “lang” field, that identifies the language of the text content in that object. What we need to decide is whether we make that field required or optional.


If we make the field required, every top-level object in STIX (SDOs and SROs) would have to have a “lang” field in it or it would be invalid STIX. If we make it optional, producers could either include the field or not.


Here are some thoughts:


Making it required:

-          All SDOs and SROs would have a language tag, so consumers could depend on it being there

-          It would encourage producers to actually fill it out, because they wouldn’t be creating valid STIX otherwise

-          It shows we have a commitment to internationalization


Making it optional:


-          Any SRO or SDO could have a language tag, so consumers could not depend on it

-          Producers would not have to create it

-          We do have a SHOULD requirement saying that it should be included


My opinion is that we should make it optional. If it’s required, I think people who don’t want to do internationalization (especially those creating one-off scripts or open source tools) will hardcode it to English and things will be mislabeled. If it’s optional, I think those who need/want to support internationalization and would do it right (most/all vendors, major open source projects) will populate it correctly regardless…because they need it…while those who couldn’t be bothered will be able to leave it off and we won’t have mis-labeled data. Also it’s almost not worth saying, but we already have a bunch of required fields on every SDO/SRO and I’ve already had one conversation with someone who said there’s a lot of bloat…would like to avoid adding to that.


Anyway, what does everyone think…required or optional?




This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]