Patrick, below are the competing proposals (to the best of my knowledge) that have been presented to the TC as an option for TAXII Filtering or Querying.
On our part, we have presented two different ideas and are fundamentally different proposals in the interest of adopting or attracting some level of consensus within the TC. Hope this helps.
Thanks,
Emmanuelle
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
On Behalf Of Bret Jordan
Sent: Saturday, January 11, 2020 1:30 PM
To: MARONEY, PATRICK <rx118r@att.com>
Cc: OASIS CTI TC Discussion List <cti@lists.oasis-open.org>; Taylor, Marlon <Marlon.Taylor@cisa.dhs.gov>
Subject: [EXT] Re: [RFI]: [cti] TAXII 2.1 CS Motion
They should be in the minutes from previous meetings. I know I sent an email to the list around July 19th 2019 talking about a dedicated call. This was after several months of discussions over slack and working calls to try and come to
consensus.
Ideally I think now that there might be a way to merge these ideas together and release this as a separate TAXII Query specification. This way, we can have different conformance levels. So people that want to follow the Jason/Terry proposal,
a more simplified version of the Jason/Terry proposal, the original Trey proposal, or want an expanded query through filtering can do so. But as we talked, this would require the TAXII server via the api-root resource identifying what types of queries it can
support. But there is a lot of things to figure out, a lot of prose text to write, and overall we need TC consensus on a solution. The last time we did an informal vote on a working call, the overwhelming majority 90+% said to push this out of TAXII 2.1 and
do it later.
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
On Sat, Jan 11, 2020 at 9:18 AM MARONEY, PATRICK <rx118r@att.com> wrote:
Re: âHowever, to level set, right now we
have three competing ideas / proposals for adding this type of functionality to TAXIIâ
Where do interested stakeholders find these three competing proposals? We could only find the proposal submitted by DHS on December 9, 2019 in the Public discourse.
Could these perhaps be uploaded as Working Documents to the TC/SC?
Patrick Maroney
Principal âTechnology Security
AT&T Chief Security Office
Hi Bret,
Yes, there have been several proposals submitted to address these concerns however the TC has not evaluated them. The has made great progress while in the others areas and now has
the opportunity to refocus on this area. During previous meetings including Face-to-Face sessions, the TC agreed to include these use-cases within TAXII 2.1.
While you may see no convergence in sight, TC members are actively at work (providing proposals, software implementations, etc.) to resolve this this concern within TAXII 2.1 so
I wouldnât agree there is a TC wide-census to send TAXII 2.1 as is. It would be an injustice to the TC and TAXII community to move toward as a CS knowing the current situation and not trying to evaluate and resolve them within the TC before going release.
-Marlon
From:
cti@lists.oasis-open.org <cti@lists.oasis-open.org>
On Behalf Of Bret Jordan
Sent: Thursday, January 9, 2020 4:11 PM
To: Taylor, Marlon <Marlon.Taylor@cisa.dhs.gov>
Cc: OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Subject: Re: [cti] TAXII 2.1 CS Motion
Marlon,
Thank you for your comments. However, to level set, right now we have three competing ideas / proposals for adding this type of functionality to TAXII and no convergence in sight.
In order to get a solution that works for all parties, my best guess is that it would be 5-6 months of work and testing.
While I personally would have liked to see this get done 12 months ago, we did not then, nor do we now have consensus in the TC to add anything else to TAXII. What we do have is
TC wide consensus to ship TAXII 2.1 as is. Keep in mind we have done 4 CSDs and 3 public reviews, and the TC as a whole is not saying that TAXII 2.1 needs anything else.
This is also why I proposed that we work on a solution that we could release as a standalone specification after TAXII 2.1 ships. Maybe call it TAXII 2.1 Query or something like
that. To do this we would need to find a solution that works for all parties so we can have TC wide consensus on the solution. If we went this route, then we can release TAXII 2.1 now, release the TAXII 2.1 Query specification whenever it gets done, and then
fold that Query specification in to TAXII 2.2 whenever we start that work.
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an
egg."
Hi TC,
I object to this motion, based on the original goal to address several down-selection use-cases within TAXII 2.1 which have proposals ready for TC evaluation that have not been
resolved. The most recent proposal was provided in Dec 2019 and with âsuggestion/editâ permissions regranted to TC members can be added for review with the TC documents.
As a member of this TC and member (in an addition to representative of other members) within the STIX/TAXII community, I truly appreciate and value all the work we have contributed
to get to this point and anticipate supporting the remaining use-cases needed to increase the success of this TC and the ecosystems that will rely on what we provide.
Looking forward to TAXII 2.1,
-Marlon
We have made several accomplishments however moving forward with TAXII 2.1 a CS without additional support for TAXII Filtering which has been long requested capability throughout
the community and can be accomplished via a minor spec change would be a disservice to the TC and TAXII community.
Looking forward to TAXII 2.1,
Cybersecurity and Infrastructure Security Agency
I second this motion.
Thanks,
Justin Stewart
CTI-TC Interop SC co-chair
All,
Over the past couple of years the CTI TC has done a lot of work on the TAXII 2.1 specification. During this time the TC has released 10 working drafts, 4 committee specification drafts,
and 3 public reviews. The last public review for TAXII 2.1 was completed in December with no new comments or issues.
I am also pleased to report that all required sponsorship activities for TAXII 2.1 are complete. We now have at least 2 independent implementations of all new features and changes. Further
all implementers have reported that the design works and it is implementable.
At this time, I believe we are ready to move forward. As such:
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|