OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] On current TAXII discussions

Two weeks ago, I would have told you we were ready to move the TAXII 2.0 draft into a hopefully final RC, and then onto a CSD vote. Today, I am not really sure where we stand.


Clearly there is a small and vocal group advocating for JSON API. My personal assessment is that moving to JSON API would require rewriting 50%-75% of the existing specification, and add another 6-12 months onto our timeline. We should always strive for correctness; if the group’s desire is to undertake a transition to JSON API, then we should and we will. That said, I’ve not seen JSON API support beyond a few vocal people. Is there broader support that I am missing?


The current TAXII 2.0 document represents many calendar months and many more countless hours of effort, conversation, and compromise by the CTI TC. This includes invaluable feedback from the group that is currently advocating for JSON API (notably, filtering and pagination). For these reasons, I think the current draft must be viewed as the incumbent in any discussion. Specifically, changes must be proposed and justified relative to the current draft. JSON API is a large change, and therefore has a high bar for justification (in my opinion).


I believe Bret is correct to try and distill the JSON API proposal into its constituent points, and systematically look for improvements that can be made to the current TAXII 2.0 draft. We know we aren’t perfect, and we never will be. JSON API is not perfect either.


Summarizing, I believe this to be the current state:

·         A group is proposing a JSON API-based specification as an alternate to the existing TAXII 2.0 draft

·         This is the largest change that can possibly be proposed, and therefore needs significant justification and significant support from the community

·         I personally have not seen enough to sway my opinion that JSON API is better (though I do believe it’s roughly equivalent)

·         I personally have not seen significant community support, though there is some

·         I feel that we could get great benefit, and far less cost, by systematically comparing the two proposals and looking for improvements to be made in the TAXII 2.0 draft, as Bret has been doing.


Thank you.



Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]