OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Agenda for Working Call on 5-15

Bret, all,


Sorry for explaining this poorly, but just to clarify point #1, MITRE’s feedback on the authentication requirement is based on work developing a TAXII server component of Unfetter to host our ATT&CK content. It isn’t coming from our work with DHS. Just wanted to clarify that so people didn’t think DHS was specifically asking for this.




From: <cti@lists.oasis-open.org> on behalf of "Bret Jordan (CS)" <Bret_Jordan@symantec.com>
Date: Thursday, May 10, 2018 at 1:01 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Cc: Marlon Taylor <Marlon.Taylor@hq.dhs.gov>
Subject: [cti] Agenda for Working Call on 5-15




The agenda for next week's working call will be:


0) Agenda bashing


1) Relaxing the TAXII authentication requirement to a SHOULD instead of a MUST for implementing basic authentication. This request was from John Wunder and DHS, so we will ask him to discuss his requirements. 



2) Change the DNS SRV record to be consistent with the rest of the spec and other uses of DNS SRV records.  The example does not match the spec, so we need to make this clear. This was brought up by Chris Ricard from FS-ISAC.



3) Marlon has a request for some new functionality.  We would like to give him time to discuss and explain. 



4) Allow TAXII to process records in synchronous mode instead of just asynchronous.  This means, that we would allow HTTP status code of 200 (OK) for POSTs not just 202 (Accepted).  This has been brought up several times by Jason, myself, and others.



If you have any other topics you would like discussed, please let me know.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]