OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] Re: [cti] [EXT] [cti] Location as a Top-Level SDO

Bret Jordan wrote this message on Mon, Jun 12, 2017 at 21:00 +0000:
> The only use-case I have heard for a location SDO is the ability to allow a third party to say they think this threat actor for example is also in this other location.   To allow for this use case, you would need either have the location be an SDO or you would need to use a note or opinion object.

This points to the fact that we need to work on the ability for 3rd
parties to programmatically overlay new/additional data on objects, not
necessarily to make location an SDO.

There are many cases where we want to allow 3rd parties to add and
enrich existing SDO's w/ additional information, not just additional

We have briefly discussed this, but I don't think anyone has worked
on a proposal.  If we are making SDO's PURELY for a 3rd party to add
the additional location, then I think we are going about solving the
problem in the wrong manner.

> I would ask that if location is an SDO, then other properties probably should also be made SDOs.

The above would also solve this.

BTW, though I understand and agree for the need for multiple locations
being associated w/ an SDO, I'm still not entirely sold on it being an
SDO vs an array.  We already have precedence for using an array for when
multiple associations are needed, such as the Report object.

Do not consider this an official objection against it being an SDO, this
is one of those hard decisions because it isn't clear cut, and there
are benefits to both sides.

> ________________________________
> From: Wunder, John A. <jwunder@mitre.org>
> Sent: Monday, June 12, 2017 2:12:29 PM
> To: Patrick Maroney; Bret Jordan
> Cc: Jason Mr. Keirstead; John-Mark Mr. Gurney; cti@lists.oasis-open.org; Back, Greg; Nathan.Reller@jhuapl.edu
> Subject: [EXT] Re: [cti] [EXT] [cti] Location as a Top-Level SDO
> Yeah +1 to Pat…we’re a CTI org, let’s not maintain a database of geolocations.
> More generally I also agree w/ Allan that this doesn’t really impact the SDO question. Either you:
>   *   Have the library and duplicate it in the embedded types
>   *   Have the library and reference it by UUID (if we generate STIX UUIDs for it)
>   *   Have the library and copy it into the referenced types (if we don’t generate UUIDs for it)
> It would be nice to enumerate these types of scenarios and see how we can deal with each of them in each approach. I talked to Allan and I think he has the beginnings of that document started, I’ll get with him to push it to Google docs so we can all look over it.
> John
> From: <cti@lists.oasis-open.org> on behalf of Patrick Maroney <pmaroney@wapacklabs.com>
> Date: Monday, June 12, 2017 at 3:16 PM
> To: "Bret Jordan (CS)" <Bret_Jordan@symantec.com>
> Cc: "Jason Mr. Keirstead" <Jason.Keirstead@ca.ibm.com>, "John-Mark Mr. Gurney" <jmg@newcontext.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Greg Back <gback@mitre.org>, "Nathan.Reller@jhuapl.edu" <Nathan.Reller@jhuapl.edu>
> Subject: Re: [cti] [EXT] [cti] Location as a Top-Level SDO
> My .02:  If we're building, publishing, maintaining our own Geo-Location Data, we're doing something wrong.  This is one wheel we do not need to re-invent...again just my .02.
> Patrick Maroney
> Principal Engineer - Data Science & Analytics
> Wapack Labs LLC
> (609)841-5104
> pmaroney@wapacklabs.com<mailto:pmaroney@wapacklabs.com>
> Public Key: http://pgp.mit.edu/pks/lookup?op=get&search=0x7C810C9769BD29AF
> On Jun 11, 2017, at 11:58 PM, Bret Jordan <Bret_Jordan@symantec.com<mailto:Bret_Jordan@symantec.com>> wrote:
> So if we were going to do this, we would probably need to build a library of locations by country and regions and publish them as a Committee Note and hope people just use the them for locations at the granularity of a country or group of countries.
> Bret
> ________________________________
> From: cti@lists.oasis-open.org<mailto:cti@lists.oasis-open.org> <cti@lists.oasis-open.org<mailto:cti@lists.oasis-open.org>> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com<mailto:Jason.Keirstead@ca.ibm.com>>
> Sent: Sunday, June 11, 2017 7:35:18 PM
> To: jmg@newcontext.com<mailto:jmg@newcontext.com>
> Cc: Bret Jordan; cti@lists.oasis-open.org; gback@mitre.org; Nathan.Reller@jhuapl.edu
> Subject: Re: [cti] Re: [EXT] [cti] Location as a Top-Level SDO
> You are assuming that we don't create a repository of "standard" location SDOs for things like continent and country names - IE the things that people would want to share in the first place. Which, I don't see why we would not do this, seeing how we're doing it for things like CAPEC.
> -
> Jason Keirstead
> STSM, Product Architect, Security Intelligence, IBM Security Systems
> www.ibm.com/security<http://www.ibm.com/security>
> Without data, all you are is just another person with an opinion - Unknown
> ----- Original message -----
> From: John-Mark Gurney <jmg@newcontext.com<mailto:jmg@newcontext.com>>
> Sent by: <cti@lists.oasis-open.org<mailto:cti@lists.oasis-open.org>>
> To: "Back, Greg" <gback@mitre.org<mailto:gback@mitre.org>>
> Cc: Bret Jordan <Bret_Jordan@symantec.com<mailto:Bret_Jordan@symantec.com>>, "Reller, Nathan S." <Nathan.Reller@jhuapl.edu<mailto:Nathan.Reller@jhuapl.edu>>, "cti@lists.oasis-open.org<mailto:cti@lists.oasis-open.org>" <cti@lists.oasis-open.org<mailto:cti@lists.oasis-open.org>>
> Subject: Re: [cti] Re: [EXT] [cti] Location as a Top-Level SDO
> Date: Fri, Jun 9, 2017 8:36 PM
> Back, Greg wrote this message on Fri, Jun 09, 2017 at 20:18 +0000:
> > If Location is an SDO, does that make it possible to “move” another object by versioning the Location object? That seems like a bad idea. Especially if you effectively “move” other, unrelated objects that also refer to the same Location. Even if we did make Location a TLO, we would have to mandate that people update the “_ref” fields to move an SDO, not the Location itself.
> >
> > (I haven’t made up my mind on whether I like the Location SDO in general, just pointing out one consideration).
> Interesting point.  Which effectively means that if you create a
> relationship to a location, that location should be one you own, not
> one that was created by someone else (unless you can trust the creator
> not to do what you just described)...
> This means that by definition, there will be many Location SDO's for
> the same location to prevent this from happeneing...
> --
> John-Mark
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]