Re: [cti] slides from the call today

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

Hi Brett, some comments on the slides

- I have a concern that many of the
items identified as "long term needs" are actually needs products
have in the market place right now, and lack of them are prohibiting actual
adoption of TAXII as a primary information exchange protocol. I do not
think an extremely basic feature such as "find HeroRat" (ie global
string match inside properties) or "find threats related to 1.2.3.4"
are long term features; they are vital if we want anyone to be able to
use TAXII as a protocol to talk to a repository.

- I have concerns that if the focus
is only on the things in the "short term" section, without considering
these things in the "long term" section (which, as I said above,
IMO are not actually long term), then we could paint ourselves into a corner
by not designing a consistent mechanism that works for both things, then
we end up with N different inconsistent ways to do queries.

- In general - the massive complexities
of this work I think belong in something like an Extension process whereby
they can be worked and iterated on independently of the spec, with proven
working code and implementations backing up every decision as it is made,
vs. writing spec and hoping to write code to match it later. We have had
a TAXII Query working group for 6 months ( #taxii-query),  but have
had little participation in it from the TC. I would prefer we iterate on
this inside that working group, and get something concrete, vs doing it
on working calls and making decisions without code, which I think is very
dangerous given the subject matter.

-
Jason Keirstead
Lead Architect - IBM Security Cloud
www.ibm.com/security

"Things may come to those who wait, but only the things left by those
who hustle." - Unknown 




From:      
 Bret Jordan <Bret_Jordan@symantec.com>
To:      
 "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org>
Date:      
 07/03/2018 07:00 PM
Subject:    
   [cti] slides
from the call today
Sent by:    
   <cti@lists.oasis-open.org>

---

Here are the sides from today's call..
 Action items are:

1) Make sure that the list of features
(near-term and long-term) is complete and they meet the needs that you
are aware of (this is not to say that we will do all of them right now,
or at all, just that the list is complete)

2) Please add any gotchas or caveats that
we need to be mindful of in relation to each feature 

3) Identify which features need to be done
now (2.1) versus features that can be done later (2.2+)

My goals are to get high level agreement
first on the master list of features and second when we should be doing
them.  Once we have that, we can talk about design ideas and implementation
strategies.

Thanks
Bret

[attachment "2018-06-03_TAXII Working
Call.pdf" deleted by Jason Keirstead/CanEast/IBM] 
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php