OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Re: [EXT] Re: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02


I can totally go for supported and unsupported...  Also, please see the definition for the "identifier".  We have tried to address how these will be different for SCOs and SDOs there.  The hope was to put all of the normative statements around "identifiers" in one place, instead of having them in 10 different places in the document (where they conflicted with each other and were never kept in sync).


Text for Identifier:

https://docs.google.com/document/d/1ShNq4c3e1CkfANmD9O--mdZ5H0O_GLnjN28a_yrEaco/edit#heading=h.64yvzeku5a5c



Bret



From: Kirillov, Ivan A. <ikirillov@mitre.org>
Sent: Friday, May 3, 2019 3:14:49 PM
To: Bret Jordan; Piazza, Rich; Allan Thomson
Cc: cti@lists.oasis-open.org
Subject: Re: [cti] Re: [EXT] Re: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02
 

I think this works fairly well, overall. I would agree with Allan that object-specific common properties (e.g., id for SCOs) would need to be specified in another way to avoid confusion. Also, I’m not sure if “used” is the best word describing these properties in relation to an object – maybe “supported” would work better? E.g., “Supported Common Properties” vs. “Unsupported Common Properties”.

 

Regards,

Ivan

 

From: <cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Friday, May 3, 2019 at 3:07 PM
To: Rich Piazza <rpiazza@mitre.org>, Allan Thomson <athomson@lookingglasscyber.com>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Re: [EXT] Re: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02

 


From: Piazza, Rich <rpiazza@mitre.org>
Sent: Friday, May 3, 2019 2:59:40 PM
To: Allan Thomson; Bret Jordan
Cc: cti@lists.oasis-open.org
Subject: Re: [EXT] Re: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02

 

Thanks Bret for including better examples.

 

I was realizing as I put the email together that Language Content wasn’t the best example…

 

From: Allan Thomson <athomson@lookingglasscyber.com>
Date: Friday, May 3, 2019 at 4:38 PM
To: Bret Jordan <Bret_Jordan@symantec.com>
Cc: Rich Piazza <rpiazza@mitre.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [EXT] Re: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02

 

That was not clear at all from the email Rich sent.

 

Was completely confused to say the least.

 

So you are saying that there will be 4 (FOUR) common property sections for each object type where each table will call out what is required vs optional for that specific object type.

 

Correct?

 

Allan

 

From: Bret Jordan <Bret_Jordan@symantec.com>
Date: Friday, May 3, 2019 at 1:37 PM
To: Allan Thomson <athomson@lookingglasscyber.com>
Cc: "Piazza, Rich" <rpiazza@mitre.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [EXT] Re: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02

 

Allan,

 

This is an example for language content and we can do an example of this for SCOs.

 

The point is, that we will call out what is used, required, and optional on each object. So modified and such right now, today, are not required for SCOs.  The table properties will reflect that.

 

Bret 

 

Sent from my Commodore 128D



PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050


On May 3, 2019, at 4:33 PM, Allan Thomson <athomson@lookingglasscyber.com> wrote:

Rich – SCO does not have a requirement for modified.

 

Secondly the id definition for a SCO is substantially different when using deterministic ids.

 

Suggesting that these are ‘common’ with such modified language will confuse more than help in my opinion.

 

Also most of the common properties defined in this table are not defined for a SCO at all.

 

This is substantially changing the definition of a SCO and I strongly object to this.

 

Allan

 

From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Piazza, Rich" <rpiazza@mitre.org>
Date: Friday, May 3, 2019 at 1:26 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02

 

All,

 

Bret and I noticed that because we have four different types of STIX Objects (SDOs, SROs, SCOs and STIX Meta Objects) that there is much redundancy in the specification documents describing the common properties.  Up until now, we have had almost the same text in four different places.  It is easy to get confused. 

 

We are proposing the following changes.  Please review them and give us your feedback in email, Slack or within the document itself. 

 

We have merged all of the common property sections into one (see section 3.2 of the Master Document).  Whether a property is optional or required is no longer specified in the new table.  The description should contain the text of any differences that were found in the four source descriptions of each property. 

 

This change has minor consequences for the object property tables.  Here is an example of how the Language Content property table might look (see section 7.1.1 of the Master Document):

 

  • The common properties used and not used are called out in the top of the table
  • The properties that are used are split into two lists: the required and optional properties
  • If a common property has some difference that is specific to the object type (the grey rows), they remain explicitly in the table
  • Object type specific properties are listed as before (not shown here).

 

Common Properties Used

Required:

type, spec_version, id, created, modified

 

Optional:

created_by_ref, revoked, labels, confidence, external_references, object_marking_refs, granular_markings

Common Properties Not Used or Not Defined

lang, id_method, id_method_details, is_defanged, extensions

Property Name

Type

Description

type (required)

string

The type property identifies the type of object. The value of this property MUST be language-content.

 

We hope you find these changes an improvement to the specification.

 

                Rich and Bret

                Your Humble Editors

 

-- 

 

Rich Piazza

The MITRE Corporation

781-271-3760

Image removed by sender. signature_1438984780

 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]