Re: [cti] On current TAXII discussions

[Joep Gommers <joep@eclecticiq.com>]

Mark,

 

Wholeheartedly agree and we (EclecticIQ and the community) are most grateful for those that have the time to do so. Actually, I believe we’ve already learned some things by comparison. Although I sincerely wish our company would have to time to do so, I’m afraid we don’t at this stage – for which our apologies.

 

Let me make one thing super ultra clear though. No matter what, EclecticIQ supports STIX and TAXII. OpenTAXII will support whatever standard ends up being voted through. Our products will continue to support, our marketing will continue to invest. We’re are huge fans of the standards and those that contribute and nothing will change that. Our suggestions have in no way baring on that.

 

Mark you’re approach makes allot of sense if the constraints of time and resources don’t make JSON-API a viable option. We would much appreciate if people cycles to analyse some of our team’s comments and compare the two standards to improve RC1.

 

That doesn’t mean our point of view changes. We need to passionately ensure separation of layers and I perceive risk in the unknown and the untested and I would love to inspire the community – perhaps then for future efforts – to build upon more proven things so our cycles can be spend on the magic we want to do for CTI. Again, we’re most grateful of those that have the operational cycles to ensure and act accordingly.

 

Best regards,

Joep

 

 

 

 

 

From: <cti@lists.oasis-open.org> on behalf of Mark Davidson <Mark.Davidson@nc4.com>
Date: Tuesday, 14 March 2017 at 13:52
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
Cc: Bret Jordan <Bret_Jordan@symantec.com>
Subject: Re: [cti] On current TAXII discussions

 

Two weeks ago, I would have told you we were ready to move the TAXII 2.0 draft into a hopefully final RC, and then onto a CSD vote. Today, I am not really sure where we stand.

 

Clearly there is a small and vocal group advocating for JSON API. My personal assessment is that moving to JSON API would require rewriting 50%-75% of the existing specification, and add another 6-12 months onto our timeline. We should always strive for correctness; if the group’s desire is to undertake a transition to JSON API, then we should and we will. That said, I’ve not seen JSON API support beyond a few vocal people. Is there broader support that I am missing?

 

The current TAXII 2.0 document represents many calendar months and many more countless hours of effort, conversation, and compromise by the CTI TC. This includes invaluable feedback from the group that is currently advocating for JSON API (notably, filtering and pagination). For these reasons, I think the current draft must be viewed as the incumbent in any discussion. Specifically, changes must be proposed and justified relative to the current draft. JSON API is a large change, and therefore has a high bar for justification (in my opinion).

 

I believe Bret is correct to try and distill the JSON API proposal into its constituent points, and systematically look for improvements that can be made to the current TAXII 2.0 draft. We know we aren’t perfect, and we never will be. JSON API is not perfect either.

 

Summarizing, I believe this to be the current state:

·         A group is proposing a JSON API-based specification as an alternate to the existing TAXII 2.0 draft

·         This is the largest change that can possibly be proposed, and therefore needs significant justification and significant support from the community

·         I personally have not seen enough to sway my opinion that JSON API is better (though I do believe it’s roughly equivalent)

·         I personally have not seen significant community support, though there is some

·         I feel that we could get great benefit, and far less cost, by systematically comparing the two proposals and looking for improvements to be made in the TAXII 2.0 draft, as Bret has been doing.

 

Thank you.

-Mark

 

Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.