[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] RE: [EXT] [cti] Structural Changes to the STIX Docs
These are good points, but I also agree with the point Bret has brought up a few times ab out how it can be confusing to see how Data Markings, Language Content, Bundle, etc. all relate to the other objects. A smaller scale version of this
would be to clearly define the classes of objects in Part 1:
In each of those sections we can be very explicit about what that means, and in each object definition we describe that itâs a STIX ___ Object. That requires very little reorganization but also (hopefully) makes the taxonomy of object types
and when weâre talking about each very clear. Part 3 merge I think should be considered once the observable objects proposal is finalized and accepted â it just depends on how much overlap there is and what it would look like to merge it in to parts 1 and 4. The vocabs probably should have been in Part 2 from the start, though along the lines of what Sarah suggested I wouldnât make the change in a point release when so much other stuff is changing. John From: <cti@lists.oasis-open.org> on behalf of "Kelley, Sarah E." <skelley@mitre.org> My biggest concern with making these changes is that it feels like it might be a lot of change for a dot release. Like if someone is just looking for what has changed between 2.0 and 2.1 itâs going to be much harder to figure it out if
we totally rearrange where to find things in the docs. Iâm not opposed to the changes, but maybe this isnât the best time. I also agree with Rich that this would take a considerable amount of time and thus potentially delay 2.1. Thanks, Sarah Kelley Lead Cybersecurity Engineer, T8B2 Defensive Operations The MITRE Corporation 703-983-6242 From: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
On Behalf Of Piazza, Rich Iâm open to discussing these changes. I have to read thru the changes from the F2F, and I havenât had the time yet. My initial comment is that I kinda like have the underlying objects (the SOOs) in a separate document. It helps make a clean separation of between SDOs which are about the CTI information in the content, and SOOs which is more like metadata. On the other hand, I never understood why the Vocabularies werenât in Part 2. I also see the common properties as metadata. If Part 1 is all about metadata perhaps Part 3 could be merged in, since Part 3 is all about cyber observables metadata.
The custom sections on Part 1 and 3 do seem somewhat redundant. I just want to state that if making these editorial changes would significantly delay the release of STIX 2.1, then I would suggest we defer this to 2.2. From: <cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com> All, As one of your editors on STIX, I would like to propose a few structural changes to the documents. 1) I would like to move all STIX objects to Part 2 and have the Common Properties be the first section in Part 2. Basically have a STIX Domain Objects section, a STIX Relationship Objects section,
and a STIX Other Objects section for the Bundle, Language Content, and Marking Definition. 2) I would like to see about merging Part 3 in to Part 1. The lines between them and the Chinese wall that we had between them, is fading fast. 3) I would like to have a common properties section in Part 4, as the first section. Basically all of the common properties for Cyber Observable Objects. This would then leave us with 3 main parts + pattern instead of 4 + patterning I would then like to change the definition of STIX Objects to include SDOs, SROs, SOOs, and SCOs. I think this will help people better understand what we are talking about and give us a better
way of referencing all of the parts. Bret |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]