OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

openc2-lang message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [openc2-lang] New properties

To be clear wrt ID - I think you are asking:
1) move id from being under command-option to being a peer to action/target/actuator/command-option
2) id to be mandatory (I'm presuming you meant that based on #1)
3) a specific format for the ID - UUIDv4

Did I get it right? If so, I think they are 3 separate, related issues. #2 got some discussion at the last LSC meeting.

Wrt UUIDv4 - are there other choices we should consider? Why v4 not v5? (which I think is a one-time vs reproducible argument that might be like a religious war). Note I don't know enough to favor one or other - I'm just asking since someone eventually will.

Wrt created/timestamp - Am I correct that you would prefer this as a 'top level' part of the json as opposed to it being under command-options? Could you explain logic of when you'd prefer top-level vs when under command-options? Or would you prefer all command-options to be top-level?

Wrt created/timestamp - could you provide the usecase for including this in the openc2 language? In particular why it's in the json itself as opposed to being in the transport (particularly in the STIX case which has one of it's own) or in the logging? I'll confess the use cases that interest me (as sFractal, not co-chair) the most are 2 authenticated entities talking directly so there is no transport delay to speak of so the producer doesn't need to send the consumer the time it was sent.

Similarly for creator/author - could you provide the use case? Ditto my previous confession since directly connected mutually-authenticated entities know the other end.

I agree the multiple target commands have issues we have yet to address. I would think the command id and target specifiers would be sufficient but maybe i'm just not seeing the use case you have in mind where that would not work. I think I may be stuck in the 'simple' use cases where we know the actuator(s) we are sending to. In the 'variable' cases the STIX COA have been discussing, the actuator/specifiers are not know a priori. But I'm not sure you could serial number it if you couldn't target-specifier it. I agree it needs more discussion.

My preference would be kick multiple-targets down the road until after January's 1.0. I fine with it being top of the list for next version but personally (Duncan as sFractal, not co-chair) I'd rather get the 'simple' use cases handled first.

Joe, Sounil,
This might be a good area to ask for input from the cyber-user council as to their priorities and urgencies.

Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize

-------- Original Message --------
Subject: [openc2-lang] New properties
From: Bret Jordan <Bret_Jordan@symantec.com>
Date: Wed, October 04, 2017 2:37 pm
To: "openc2-lang@lists.oasis-open.org"

I would like to propose that the language SC consider adding the following top-level properties to all commands:

id (UUIDv4)
created (timestamp)
creator or author or something  (an ID to a STIX Identifier or some sort of other identity)

We should also have some sort of serial number as well.  So that if you have a command with and ID of 1234 and you issue that command to 400 systems, you will need some way of knowing which systems / serial numbers accepted and processed that command successfully.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]