OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

openc2-imple message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] Re: [openc2-imple] HTTPS REST API

Before we rush into picking a solution, we really need to spend the time up front identifying the use cases and requirements.


Sent from my Commodore 128D

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

On Mar 16, 2018, at 9:10 PM, Danny Martinez <danny.martinez@g2-inc.com> wrote:


I think that this would be a great use case to explore. I recently had a conversation with Dave Lemire about this. 

Of particular interest are devices that are inaccessible by an orchestrator, like devices that may be using NAT or behind a firewall with no port fowarding. The "Polling" mode of initiation where an actuator reaches out to an orchestrator in order to see if any actions need to be carried out. 

This is not to omit the cases when the orchestrator does have access to an actuator. This has merit as well.

However, HTTPS and REST API are known to work well in scenarios where they are being queried at high volume and therefore I think that a "polling" scenario would benefit from this type of transport mechanism, specially if exposed to the internet such as IOT devices.


On Fri, Mar 16, 2018 at 4:18 PM, <duncan@sfractal.com> wrote:
I personally think (and I believe IC-SC had previously agreed) that one of the transport mechanisms be a HTTPS REST API. I recommend the IC-SC begin to draft such a specification and I would agree to be a co-editor of that spec if desired.
I recommend the HTTPS REST API be specified using another existing standard - OpenAPI (https://www.openapis.org/). I believe we should use OpenAPI V2 since V3 is still being worked (but switch to V3 once it is available). OpenAPI specifications can written in JSON or YAML - I recommend we use JSON since it would be weird (but I guess allowed) to write a YAML spec on how to send JSON. Note code generation for OpenAPI specified API's exist in over 40 languages, and OpenAPI is used in many API specifications (Google's probably being the most well known - I am at a conference at the moment, literally sitting in talk by Google on their use of OpenAPI, which prompted me to sent these emails).

Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


Danny Martinez

Cybersecurity Engineer

G2, Inc.

302 Sentinel Drive, Suite 300

Annapolis Junction, MD 20701

Mobile: 407-257-0031

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]