OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] [cti] Motion for an OASIS Open Repository for STIX Enhancement Proposals (SEPs)

I will second this only with the following caveats, otherwise the motion does not address the concerns I had originally. 

1) I think the repos need to have a CTI prefix in their name, so I would propose we use the name: "cti-sep-repository"

2) This repository will only be used for the following types of SEPs.

  • New STIX Domain Objects (SDOs) 
  • New STIX Relationship Objects (SROs)
  • New STIX Cyber Observables (SCOs)
  • New STIX Object Extensions
    • These are named groups of properties.

3) The following types of SEPs are out of scope for this repository and work:

  • Redefining an existing property on an object to add clarity or enhanced meaning.
    • For example, explaining double or triple tagging of data in a "tags" property.
  • Redefining the semantics of existing SDOs, SROs, and/or SCOs (or properties thereof) which are already defined in CSDs and/or CSs.
  • Adding to or redefining the semantics of STIX Patterning (including, but not limited to adding new elements, expressions, operators, or language elements). 

4) This repository and registry will be used for SEPs that are officially submitted to the TC by TC members or for SEPs created by the TC itself. 

5) We will in the coming weeks investigate a different option for registering enhancements / extensions from:
  • TC members that do not wish to submit their IPR to the TC
  • TC members that do wish to submit their SEP to the TC as long as it is unmodified.
  • Third-Parties that do not wish to submit their IPR to the TC
  • Third-Parties that do wish to submit their IPR to the TC

On the working call today I was okay with coming to middle ground to address Allan's concerns, however, the motion did not capture what I believe we agreed to on the call. If my caveats are accepted as part of the motion, then I am okay with this moving forward.


From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Trey Darley <trey@newcontext.com>
Sent: Tuesday, July 31, 2018 2:17:11 PM
Subject: [EXT] [cti] Motion for an OASIS Open Repository for STIX Enhancement Proposals (SEPs)
I move that the TC approve by unanimous consent requesting OASIS to
set up an OASIS Open Repository using the following pieces of

    * Purpose Statement: To host the Registry and the Repository for
      STIX Enhancement Proposals (SEPs).
    * Initial Maintainers: Trey Darley, Bret Jordan, Ivan Kirillov
    * Open Source License: BSD-3-Clause License
    * GitHub Name: stix-enhancement-proposals
    * Short Description: OASIS Open Repository: STIX Enhancement
      Proposals (SEPs)

If there have been no objections by Tuesday, 07 August at 21h UTC
Bret, Ivan, or I will submit the form [1] to request OASIS staff to
create the repository.

This is intended to facilitate experimentation with SEPs with the goal
of first coming up with a process that works for the TC and then
codifying that in normative text. This is not intended to shortcut the
process of formally codifying that process but rather as an aid. Just
as one of the primary drivers behind SEPs is to make spec development
more agile and bottom-up (demonstrating an idea in working code prior
to codifying it in normative text), so with this motion. Let's get a
straw-man going, kick the tires, work out the kinks, and based on that
learning process codify SEPs in normative text.

Towards that end, similarly to how we have defined the definition of
done for new SDOs and whatnot based on having two sponsors with
working POC implementations within 185 days of including a new SDO in
a CSD, I further motion to include a sunset clause such that 185 days
after this OASIS Open Repository is opened, unless:

    a) the TC has codified SEPs in the standard or,
    b) the TC approves extending the sunset clause,

that upon reaching the sunset date 185 days after this repository are
activated, that it would be made read-only.

[1]: https://clicktime.symantec.com/a/1/jjlYjqFar89MNqsxH6qpEB1bXRah5u3zgP0fRPbpHaU=?d=GU20wLztLMCnOLVA2w4nynnqAUZ6zRRYgreCiRjtZxyp0X6IauYOef6eT9myFIrWCZ9RkIHOXcrvBlxbai4UvGINuM-b_db9Ci0RZYu7nTPcR5-lmHfECgHvlCBDIjF1QlABZSy4tZUMur2C1aFCHPjOAIAo2AhnBvmP-YvZVV3AIMerlDmYAd46ACwmNZp-HtjEy13iG4gCsn9j6ygPPS4dlfZEnlirfNwIIQDvRGM_9SB0H57UGmI7VtwcW0DyKPKbXXVbmS7Wufac8vVBl5NbIoXT1AElSmtz2P1hIzm0QBmQLUv-wWJ18cQ1yhkoTMXovIqHr3m0S6kJJ5v4DGN7TRO0hHFO-AFbaw9o-bZpqTAh0V495VAkwyIBy2UvbJ4KgMRCGy7ksPLskY8Ii5bo2C8w0Bj_v6vmbEgi9gbq1NYAXCSPv_U1Ys9aYU7jNgarPo_a_5ZJ6ThEHgw-PPfNzwuZLjh-SZWmC6smj4b-cWZBuOeL_pvlQqedAIq1v3zzgO6e-7i9cEo%3D&u=https%3A%2F%2Fwww.oasis-open.org%2Fresources%2Ftc-admin-requests%2Fopen-repository-request

Director of Standards Development, New Context
gpg fingerprint: 3918 9D7E 50F5 088F 823F  018A 831A 270A 6C4F C338
"We are continually faced with great opportunities which are
brilliantly disguised as unsolvable problems." --Margaret Mead

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]