Rich â I think we need an example because on the surface your suggestion makes sense but I want to understand the following.
What object has is worth conveying if *all* the properties are optional *and* *all* of them are
empty. What exactly is that object conveying then? It sounds like an empty object with no actual content.
I question the definition of the object in the 1st place so I assume thereâs a specific example that helps show that your change is helping.
But my concern about adding the language you are suggesting is actually more on what object has this problem.
Allan Thomson
CTO (+1-408-331-6646)
LookingGlass Cyber Solutions
From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Piazza, Rich" <rpiazza@mitre.org>
Date: Friday, August 16, 2019 at 11:45 AM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Adding some text to the deterministic ID description in section 2.9 of the STIX specification
As MITRE was incorporating deterministic ids into cti-python-stix2 API, the implementer came across the issue that I mentioned on one of the working calls. That is â what if the contributing properties are
all optional, and none of them are present in the object? What should the ID be?
The most obvious answer (to me) is that a UUIDv4 should be used in these cases. However, no text exists in the specification to clarify this. Iâm suggesting the following be added to section 2.9 as the fourth
bullet point of the paragraph which begins âSTIX Cyber-observable Objects SHOULD use UUIDv5ââ
- If the contributing properties are all optional, and none are present on the SCO, then a UUIDv4
SHOULD be used.
Bret and I discussed this, and even though it is a new normative statement, we feel that it is not really a substantive change.
This will be discussed on the next working call.
Rich
--
Rich Piazza
The MITRE Corporation
781-271-3760