Re: [cti] STIX and TAXII question

[John-Mark Gurney <jmg@newcontext.com>]

Bret Jordan wrote this message on Fri, Dec 08, 2017 at 18:15 +0000:
> A use case was brought up that a person may want to version an object (ver 1) to remove say TLP:RED content and make a new version (ver 2) be TLP:GREEN. Then you would have the STIX ID foo ver 1 in collection "private" and STIX ID foo ver 2 in collection "public".  I am wondering what others think of this?  Is this a valid use of versioning?  Or should the object be forked with a related-to relationship?  What happens if STIX ID foo ver 1 gets updated?  Does that mean the server then needs to track if the update should be applied to version 2 as well?  If version 2 is Green and version 1 and 3 are RED, does that make things weird for a client?  What happens if a client has access to both "private" and "public" and finds the same object but different versions?  What is the client supposed to do?

I believe we discussed it at a previous F2F, and it was agreed
that a new object would be created.  There are issues where you
do not want the fact that TLP:Red data even exists to leak.

-- 
John-Mark