RE: [cti] Groups - November 2020 - Monthly Call

Hi Jane,

Thank you for your question.

(Sorry that I have not been able to join the

Interop conversations real-time. )

What I see fit is the following:

- There is a unit test marked "Required," where

- an SDO, "unknown-to-consumer," which is unknown to the TIP

(and other relevant personas), is defined using SEP, and

- The TIP receives a STIX with the "unknown-to-consumer" SDO

in it.

- When the TIP is requested for the STIX, the TIP returns

the STIX as is (including the "unknown-to-consumer" SDO).

I believe that this is necessary for communities to be able

to introduce (gradually) new SDOs using SEP and that

it will lead to adoption and success of SEP.

Regards,

Ryu

From: JG <jg@ctin.us>
Sent: Thursday, November 26, 2020 2:24 AM
To: Masuoka, Ryusuke/çå çä <masuoka.ryusuke@fujitsu.com>; cti@lists.oasis-open.org
Subject: Re: [cti] Groups - November 2020 - Monthly Call - Session 2 uploaded

Ryu:

Thanks for the clarification on this point. I expect Rajesh Patil and Michael Rosa, our two Interop Co-Chairs, will appreciate your points of clarification on this matter for their revisions to the Part 1 Interop Committee Note.

Let me ask you this. If any SDOs that would be included in a unit test for a specific Persona in the Interop Committee Note, Part 1 would only be marked as 'Optional', would that meet your need? For example if a 'Location' SDO were specified as an Optional unit test for a TIP, would that work for you? What about a unit test for the 'Confidence' property? Do you think that should be included in the Part 1 unit tests as Optional?

Jane Ginn

On 11/24/2020 2:50 AM, masuoka.ryusuke@fujitsu.com wrote:

Hi Jane,

Thank you for the minutes.

Please let me clarify my points as to the custom objects/SEP

conversation below. (I am afraid it might be a little confusing.)

> Ryusuke Masuoka

> [Wants to make sure custom objects are maintained]

> Richard Struse

> [Wants to make sure we maintain the validation for custom objects]

> Ryusuke Masuoka

> I am very insistent that we cover this in the Interop Committee Note

What I would like to see is that TIP implementations at least

ignore SDOs they do not understand, not raise errors.

I am insistent on this because there were TIP implementations

that raise errors for about-to-be-deprecated custom objects

they do not understand.

I am afraid that this will hamper adoption of SEP as people would hesitate

to start using the SEP mechanism to introduce new SDOs

if there are TIP implementations to raise errors when they

see SDOs they do not understand.

Through discussions on this issue on this CTI ML, I understand

this have to be reflected in the Interop Documents, not

in the STIX standard.

And I understand what Rich told was that TIP implementations

should process the STIX files with unknown SEP SDOs as long

as they are STIX conformant as they are supposed to share the STIX

as is. (Rich, please fix this if any misunderstanding.)

Regards,

Ryu

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> On Behalf Of Jane Ginn
Sent: Saturday, November 21, 2020 5:26 AM
To: cti@lists.oasis-open.org
Subject: [cti] Groups - November 2020 - Monthly Call - Session 2 uploaded

Submitter's message
CTI TC:

Here are the meeting notes from Session #2.

Best regards,

Jane Ginn
-- Ms. Jane Ginn

Document Name: November 2020 - Monthly Call - Session 2

No description provided.
Download Latest Revision
Public Download Link

Submitter: Ms. Jane Ginn
Group: OASIS Cyber Threat Intelligence (CTI) TC
Folder: Meeting Notes
Date submitted: 2020-11-20 12:25:51

--

*****************************

Jane Ginn, MSIA, MRP

Secretary, OASIS CTI TC

Sponsor, TAC TC

Sponsor, BP TC

jg@ctin.us

001 (928) 399-0509

*****************************

cti message