OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Notes from Today's Working Call - 3/13/2018



On the working call, we refined last week’s discussion into two recommended proposals for moving forward with STIX/TAXII 2.1. These proposals may well make their way into a ballot as mentioned earlier on this list. If you did not make the call and would like a proposal added to the list, please let myself or any co-chair know.


Those proposals are:


Proposal #1 – F2F Consensus + slight modifications (bolded)

For STIX 2.1 and TAXII 2.1

  1. We will release a series of TC approved CSDs, where each CSD has a 2 week ballot period.
  2. Each CSD may have some fixes that require breaking changes to previous CSDs as required 
  3. A feature has 185 days (6 months) post CSD ballot approval to show that it meets the definition of done; If it does not meet the definition of done it will be scoped out of the next CSD.
  4. Before we do a CS we will ensure that all changes and new features meet the definition of "done".
  5. At least 2 organizations will have running POC code with real data that can interoperate
  6. We will have fully defined specification text
  7. The feature is covered by one or more interop tests, either new or existing
  8. A CS will be submitted for TC approval no later than 185 days (6 months) 187 (or longer if agreed to by the TC) after the last CSD that the TC approved. However, if something has to be removed we will reissue a CSD with only components that were approved and shown to be done in a previous CSD.
  9. STIX 2.1 CSD 01 shall include:
    1. 2.0 Breaking Changes
    2. Confidence
    3. i18n
    4. Location
    5. Malware
    6. Intel Note
    7. Opinion
  10. CSD-02
    1. IEP
    2. Grouping
    3. COA
    4. Assertion
    5. Pattern Extension
  11. CSD-03
    1. Infrastructure
  12. Informationally note the risk that organizations take when implementing draft specifications


Proposal #2:

  1. Declare STIX 2.1 to be "done", and start the process for it to be released as the 2.1 CS.
  2. Each currently "text-complete" feature will be voted on, and only ones approved by the TC will be included.  Development of dropped features and others will continue with STIX 2.2 using the new approved process as discussed in the January F2F.



Mark Davidson
| Engineering



NC4 Soltra 
1225 S. Clark Street, Suite 1103 
Arlington, VA 22202 

Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]