HI everyone,
Both Jason and Allan have proposed storing identity objects for producers and consumers in the STIX common object repository.
This sounds like a good idea to me. The repo could act as a “white pages” for STIX users.
If you receive some content but it doesn’t include the Identity object referred to in the created_by_ref property, not knowing who created the content could be an impediment to trusting/using it. Additionally,
if an extension definition is stored in the repository, you might want contact information of the creator to discuss how to use the extension.
Of course, some STIX users will prefer to remain anonymous – so this would not be for them. There is the problem of having a common place to find Identity objects to facilitate spoofing the creator of a submission,
although there is nothing to prevent that currently.
There would need to be some protocol to vet any Identity object submissions to the repository and there might be multiple identities for an individual/organization, but those details can be worked out.
Comments??
Rich P.
--
Rich Piazza
Lead Cyber Security Engineer
The MITRE Corporation
781-271-3760
