[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [openc2-imple] Re: [EXT] [openc2-imple] HTTPS REST API use case
While I like HTTP, I am not sure this is actually going to meet the requirements. I would further state that a short list from 1-2 people is not a list of requirements.
The transport we end up picking may have implications on the information model, so we need to make sure we do this carefully. It is not just a matter of picking something.
Bret
From: Dave Lemire <dave.lemire@g2-inc.com>
Sent: Monday, March 19, 2018 9:27:17 AM
To: Bret Jordan
Cc: duncan@sfractal.com; openc2-imple@lists.oasis-open.org
Subject: Re: [openc2-imple] Re: [EXT] [openc2-imple] HTTPS REST API use caseSimply put: It seems pretty obvious to me that an HTTPS transfer solution would be widely applicable.
I'd also agree with Duncan that I think use cases exist. I've been looking back of IC-SC meeting notes, and as Duncan has noted we agreed back in September that HTTPS would be one of the transfer solutions.
DaveDavid P. Lemire, CISSP
OpenC2 Technical Committee Executive Secretary
OpenC2 Implementation Considerations SC Co-chair
Contractor support to NSA
Email: dave.lemire@g2-inc.com
Office: 301-575-5190 / Mobile: 240-938-9350
On Sat, Mar 17, 2018 at 4:40 PM, Bret Jordan <Bret_Jordan@symantec.com> wrote:
Agile development works when you first understand what you are trying to build. Without sufficient up front analysis from many different contributors we run the risk of using agile development to build something that does not meet our needs or does not work for the market.
Bret
Sent from my Commodore 128D
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050Bret, et al,
Wrt to use cases for an HTTPS REST API use cases - I thought we had done
that already.
I submitted a google doc to the IC-SC on Aug 2, 2017. Subsequently I
started using git hub and I would point to
https://clicktime.symantec.com/a/1/NFnt0U2e_KC4qxCkJCdBlHZIP Enhk6xVJKJFd3j-fvc=?d= DQ7Uj2q5BykOg7rB9_jlPB7w7ExgQx f3wRhm0gEDR3PMa72iYXx_ Ppi0bYiKvFQhBNaR-rJeb3jcb1ZvBS Ou04ZtaySN4oszwy6pJY9Z6cHBF4RX YDSFXC_qR14Jw4Plfe1wdTdAkzeVHG 1pTW-rDhjJ04LrUnUAx6Fzn_XlDCLa ysyr6O6JqF0dJ53CpgActaNgSgzOYp 7KM1PiY5Hs2fkackSkjt8wIqcvk0qn Aji4oiJFDwHnXyxQM_tnTDwQYR5qaq fzhOQVT05PiDp2pJoPv7tL3N8x4pBT qOJZxHnUoQ18Qvgl0l0BUKxb7F85iE OP3pFKI2JjrQZuzJAIBlEFsRyzgJLz 00s1rq9X6rTj4p97-g1GngwUPKzJ0p O0NIjxUT2gOuXFvEsISugGu4gzg3ry 3XdB8hn51v96l1MvIKpuVPLMYPll7O 09vsCN7yCv1PXTkkK5FyNP7xd-Q6rC XDPDp6EohgLrUzjRLs7Iiw%3D%3D& u=https%3A%2F%2Fgithub.com%2Fo asis-tcs%2Fopenc2-lsc-usecases %2Fblob%2Fmaster%2FsFractalCon sulting%2F01.another_user.md
as an example use case for HTTPS REST API. In that particular use case
openc2 is used over an https rest api's to two different firewalls.
Sidenote: it's good sending this email caused me to reread that use case
because I caught a typo :-).
Wrt requirements I would propose an incremental agile approach over a
waterfall approach.
Note that in 01.another_user.md that one of the firewalls is a CSA SDP
enabled firewall. My intent is to add code to the proposed
openc2-lycan-beam open source repository to put an https rest api openc2
interface to the code Mike Stair wrote and was just accepted by the
fwknop project in pull request 260
(https://clicktime.symantec.com/a/1/MpJGlz-f9dikbuiYnvVlSy7z ) to be able to accomplish thatTHKKoudsuJ7q_LYq1c4=?d= DQ7Uj2q5BykOg7rB9_jlPB7w7ExgQx f3wRhm0gEDR3PMa72iYXx_ Ppi0bYiKvFQhBNaR-rJeb3jcb1ZvBS Ou04ZtaySN4oszwy6pJY9Z6cHBF4RX YDSFXC_qR14Jw4Plfe1wdTdAkzeVHG 1pTW-rDhjJ04LrUnUAx6Fzn_XlDCLa ysyr6O6JqF0dJ53CpgActaNgSgzOYp 7KM1PiY5Hs2fkackSkjt8wIqcvk0qn Aji4oiJFDwHnXyxQM_tnTDwQYR5qaq fzhOQVT05PiDp2pJoPv7tL3N8x4pBT qOJZxHnUoQ18Qvgl0l0BUKxb7F85iE OP3pFKI2JjrQZuzJAIBlEFsRyzgJLz 00s1rq9X6rTj4p97-g1GngwUPKzJ0p O0NIjxUT2gOuXFvEsISugGu4gzg3ry 3XdB8hn51v96l1MvIKpuVPLMYPll7O 09vsCN7yCv1PXTkkK5FyNP7xd-Q6rC XDPDp6EohgLrUzjRLs7Iiw%3D%3D& u=https%3A%2F%2Fgithub.com%2Fm rash%2Ffwknop%2Fpull%2F260
part of the use case. I also plan to add openc2 to the existing pfsense
https rest api
(https://clicktime.symantec.com/a/1/sWb5GVMwyNoLHv4RTlwOx18V ) butwHTeryAunBmuspyvgII=?d=DQ7Uj2q 5BykOg7rB9_jlPB7w7ExgQxf3wRhm0 gEDR3PMa72iYXx_ Ppi0bYiKvFQhBNaR-rJeb3jcb1ZvBS Ou04ZtaySN4oszwy6pJY9Z6cHBF4RX YDSFXC_qR14Jw4Plfe1wdTdAkzeVHG 1pTW-rDhjJ04LrUnUAx6Fzn_XlDCLa ysyr6O6JqF0dJ53CpgActaNgSgzOYp 7KM1PiY5Hs2fkackSkjt8wIqcvk0qn Aji4oiJFDwHnXyxQM_tnTDwQYR5qaq fzhOQVT05PiDp2pJoPv7tL3N8x4pBT qOJZxHnUoQ18Qvgl0l0BUKxb7F85iE OP3pFKI2JjrQZuzJAIBlEFsRyzgJLz 00s1rq9X6rTj4p97-g1GngwUPKzJ0p O0NIjxUT2gOuXFvEsISugGu4gzg3ry 3XdB8hn51v96l1MvIKpuVPLMYPll7O 09vsCN7yCv1PXTkkK5FyNP7xd-Q6rC XDPDp6EohgLrUzjRLs7Iiw%3D%3D& u=https%3A%2F%2Fgithub.com%2Fn dejong%2Fpfsense_fauxapi%2Fblo b%2Fmaster%2FREADME.md standard - OpenAPI (https://clicktime.symantec.co
that is more challenging and further down the pike.
Since you (Bret) work at Symantec, I thought I'd point out Symantec
Endpoint Protection Manager as a potential use case the group may want
to consider as well. I note the Phantom usecases do not include the
Symantec Endpoint Protection Manager by name in the use case they have
been focusing on but they do include it the 'all_actions_in_phantom' use
case (ie it's one of the hundreds we haven't gotten to yet - but it
shows it is of interest to their customers). Symantec has good
documentation for this REST API at
https://symwisedownload.symantec.com//resources/sites/SYMWIS E/content/live/DOCUMENTATION/ 9000/DOC9447/en_US/REST_API_ Ref_SEP14.pdf
and I would think would be a candidate for OpenC2. Even if we don't use
it as an use case, it is good as a reference for requirements we should
consider. In the Language SC the debate has been over how to do
versioning (among other things). The Symantec interface is a good
example of how the version is in the URL of each command (not in the
JSON) - search GET or POST in the document and you will see url's like
"GET /api/v1/policy-objects/fingerprints" which has v1 in the URL. I
personally recommend a similar
approach (ie version in the url) be specified in the Openc2 https rest
api.
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
-------- Original Message --------
Subject: [openc2-imple] Re: [EXT] Re: [openc2-imple] HTTPS REST API
From: Bret Jordan <Bret_Jordan@symantec.com>
Date: Sat, March 17, 2018 5:10 am
To: Danny Martinez <danny.martinez@g2-inc.com>
Cc: Duncan Sparrell <duncan@sfractal.com>,
"openc2-imple@lists.oasis-open.org " <openc2-imple@lists.oasis-open.org >
Before we rush into picking a solution, we really need to spend the
time up front identifying the use cases and requirements.
Bret
Sent from my Commodore 128D
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
On Mar 16, 2018, at 9:10 PM, Danny Martinez <danny.martinez@g2-inc.com>
wrote:
Duncan,
I think that this would be a great use case to explore. I recently had a
conversation with Dave Lemire about this.
Of particular interest are devices that are inaccessible by an
orchestrator, like devices that may be using NAT or behind a firewall
with no port fowarding. The "Polling" mode of initiation where an
actuator reaches out to an orchestrator in order to see if any actions
need to be carried out.
This is not to omit the cases when the orchestrator does have access to
an actuator. This has merit as well.
However, HTTPS and REST API are known to work well in scenarios where
they are being queried at high volume and therefore I think that a
"polling" scenario would benefit from this type of transport mechanism,
specially if exposed to the internet such as IOT devices.
V/R
On Fri, Mar 16, 2018 at 4:18 PM, <duncan@sfractal.com> wrote:
I personally think (and I believe IC-SC had previously agreed) that
one of the transport mechanisms be a HTTPS REST API. I recommend the
IC-SC begin to draft such a specification and I would agree to be a
co-editor of that spec if desired.
I recommend the HTTPS REST API be specified using another existing
m/a/1/G86C9_RT469ZSdONjkaMQ7-w ). I believe we should useU9Hm1JjapblOgJDEvSo=?d=DQ7Uj2q 5BykOg7rB9_jlPB7w7ExgQxf3wRhm0 gEDR3PMa72iYXx_ Ppi0bYiKvFQhBNaR-rJeb3jcb1ZvBS Ou04ZtaySN4oszwy6pJY9Z6cHBF4RX YDSFXC_qR14Jw4Plfe1wdTdAkzeVHG 1pTW-rDhjJ04LrUnUAx6Fzn_XlDCLa ysyr6O6JqF0dJ53CpgActaNgSgzOYp 7KM1PiY5Hs2fkackSkjt8wIqcvk0qn Aji4oiJFDwHnXyxQM_tnTDwQYR5qaq fzhOQVT05PiDp2pJoPv7tL3N8x4pBT qOJZxHnUoQ18Qvgl0l0BUKxb7F85iE OP3pFKI2JjrQZuzJAIBlEFsRyzgJLz 00s1rq9X6rTj4p97-g1GngwUPKzJ0p O0NIjxUT2gOuXFvEsISugGu4gzg3ry 3XdB8hn51v96l1MvIKpuVPLMYPll7O 09vsCN7yCv1PXTkkK5FyNP7xd-Q6rC XDPDp6EohgLrUzjRLs7Iiw%3D%3D& u=https%3A%2F%2Fwww.openapis. org%2F
OpenAPI V2 since V3 is still being worked (but switch to V3 once it is
available). OpenAPI specifications can written in JSON or YAML - I
recommend we use JSON since it would be weird (but I guess allowed) to
write a YAML spec on how to send JSON. Note code generation for OpenAPI
specified API's exist in over 40 languages, and OpenAPI is used in many
API specifications (Google's probably being the most well known - I am
at a conference at the moment, literally sitting in talk by Google on
their use of OpenAPI, which prompted me to sent these emails).
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
------------------------------------------------------------ --------- To
unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://clicktime.symantec.com/a/1/a2jDHa7iAvYSIkGKUmRT-9fK- QKSt1VW8bqgTPVwf_w=?d=DQ7Uj2q5 BykOg7rB9_jlPB7w7ExgQxf3wRhm0g EDR3PMa72iYXx_ Ppi0bYiKvFQhBNaR-rJeb3jcb1ZvBS Ou04ZtaySN4oszwy6pJY9Z6cHBF4RX YDSFXC_qR14Jw4Plfe1wdTdAkzeVHG 1pTW-rDhjJ04LrUnUAx6Fzn_XlDCLa ysyr6O6JqF0dJ53CpgActaNgSgzOYp 7KM1PiY5Hs2fkackSkjt8wIqcvk0qn Aji4oiJFDwHnXyxQM_tnTDwQYR5qaq fzhOQVT05PiDp2pJoPv7tL3N8x4pBT qOJZxHnUoQ18Qvgl0l0BUKxb7F85iE OP3pFKI2JjrQZuzJAIBlEFsRyzgJLz 00s1rq9X6rTj4p97-g1GngwUPKzJ0p O0NIjxUT2gOuXFvEsISugGu4gzg3ry 3XdB8hn51v96l1MvIKpuVPLMYPll7O 09vsCN7yCv1PXTkkK5FyNP7xd-Q6rC XDPDp6EohgLrUzjRLs7Iiw%3D%3D& u=https%3A%2F%2Fwww.oasis-open .org%2Fapps%2Forg%2Fworkgroup% 2Fportal%2Fmy_workgroups.php
--
Danny Martinez
Cybersecurity Engineer
G2, Inc.
302 Sentinel Drive, Suite 300
Annapolis Junction, MD 20701
Mobile: 407-257-0031
------------------------------------------------------------ ---------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://clicktime.symantec.com/a/1/a2jDHa7iAvYSIkGKUmRT-9fK- QKSt1VW8bqgTPVwf_w=?d=DQ7Uj2q5 BykOg7rB9_jlPB7w7ExgQxf3wRhm0g EDR3PMa72iYXx_ Ppi0bYiKvFQhBNaR-rJeb3jcb1ZvBS Ou04ZtaySN4oszwy6pJY9Z6cHBF4RX YDSFXC_qR14Jw4Plfe1wdTdAkzeVHG 1pTW-rDhjJ04LrUnUAx6Fzn_XlDCLa ysyr6O6JqF0dJ53CpgActaNgSgzOYp 7KM1PiY5Hs2fkackSkjt8wIqcvk0qn Aji4oiJFDwHnXyxQM_tnTDwQYR5qaq fzhOQVT05PiDp2pJoPv7tL3N8x4pBT qOJZxHnUoQ18Qvgl0l0BUKxb7F85iE OP3pFKI2JjrQZuzJAIBlEFsRyzgJLz 00s1rq9X6rTj4p97-g1GngwUPKzJ0p O0NIjxUT2gOuXFvEsISugGu4gzg3ry 3XdB8hn51v96l1MvIKpuVPLMYPll7O 09vsCN7yCv1PXTkkK5FyNP7xd-Q6rC XDPDp6EohgLrUzjRLs7Iiw%3D%3D& u=https%3A%2F%2Fwww.oasis-open .org%2Fapps%2Forg%2Fworkgroup% 2Fportal%2Fmy_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]