Thanks for the idea Pat, but this does not solve any of the problems that we have and are trying to address. This would actually make things worse.
Bret
Sent: Thursday, April 11, 2019 1:20:51 PM
To: cti@lists.oasis-open.org
Subject: [EXT] [cti] Motion for STIX Identifiers
I make the following motion to the Chairs of the OASIS CTI TC.
Motion
- Change the existing language of the 2.0 CSD for Identifier
- Remove the UUIDv4 restriction.
Type Name: identifier
An identifier universally and uniquely identifies a SDO, SRO, Bundle, or Marking Definition. Identifiers MUST follow the form object-type--UUID, where object-type is the exact value (all type names are lowercase strings, by definition) from the type property of the object being identified or referenced and where the UUID is an RFC 4122-compliant UUID. The UUID MUST be generated according to the algorithm(s) defined in RFC 4122, [RFC4122].
Please note the following assertions:
- The only requirement for the UUID portion of a STIX Identifier is uniqueness.
- Any RFC 4122 compliant ID form meets this requirement (Including UUIDv1).
- RFC 4122 addresses the requirements for how compliant UUIDs are generated.
Patrick Maroney
DarkLight
Email: patrick.maroney@darklight.ai
