OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

openc2 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [openc2] RE: [EXT] [openc2] Modifier to become Action-Option


I do not see wikis as being stifling or particularly hard to work with, but if others see it that way, then so be it.   The general TC email distro is not the best place to deliberate (my opinion and for the reasons I identified yesterday).   Consider the SC email alias? 

 

From: openc2@lists.oasis-open.org [mailto:openc2@lists.oasis-open.org] On Behalf Of Bret Jordan
Sent: Thursday, September 7, 2017 6:15 PM
To: Allan Thomson <athomson@lookingglasscyber.com>; Brule, Joseph M <jmbrule@radium.ncsc.mil>; Waltermire, David <david.waltermire@nist.gov>; duncan@sfractal.com; TC OpenC2 <openc2@lists.oasis-open.org>
Subject: [Non-DoD Source] Re: [openc2] RE: [EXT] [openc2] Modifier to become Action-Option

 

I agree with Allan.

 

 

I do not think a Wiki is a good place to do deliberation.  It is a good place to capture consensus after deliberation has occurred.  Using a wiki will do one of two things:

 

1) Stifle discussion due to the pain of working with a wiki

2) Cause an explosion of data on the wiki to the point where you can not make heads or tails of what is going on. 

 

IMHO a wiki should be use only after deliberation has happened and general consensus has been achieved. 

 

Bret


From: Allan Thomson <athomson@lookingglasscyber.com>
Sent: Thursday, September 7, 2017 12:22:35 PM
To: Brule, Joseph M; Waltermire, David; Bret Jordan; duncan@sfractal.com; TC OpenC2
Subject: Re: [openc2] RE: [EXT] [openc2] Modifier to become Action-Option

 

Joe – the proposal by David where the targets are a flat array works. On the wiki you capture my input as ‘nested’. I was pointing out a problem with the flat design that needs to be resolved.

 

We don’t need nested. We just need unambiguity of the JSON fields. Otherwise you have a broken spec.

 

Allan Thomson,

CTO, Lookingglass Cyber Solutions

This electronic message transmission contains information from LookingGlass Cyber Solutions, Inc. which may be attorney-client privileged, proprietary and/or confidential. The information in this message is intended only for use by the individual(s) to whom it is addressed.  If you believe that you have received this message in error, please contact the sender, delete this message, and be aware that any review, use, disclosure, copying or distribution of the contents contained within is strictly prohibited

 

 

From: "Brule, Joseph M" <jmbrule@radium.ncsc.mil>
Date: Thursday, September 7, 2017 at 11:08 AM
To: "Waltermire, David" <david.waltermire@nist.gov>, Allan Thomson <athomson@lookingglasscyber.com>, Bret Jordan <Bret_Jordan@symantec.com>, "duncan@sfractal.com" <duncan@sfractal.com>, TC OpenC2 <openc2@lists.oasis-open.org>
Subject: RE: [openc2] RE: [EXT] [openc2] Modifier to become Action-Option

 

All,

 

I am in the process of gleaning the relevant items from this thread (and other sources such as slack) so that we could move this to a wiki.  A wiki will provide a more concise and organized collection of the points and counterpoints. 

 

I think if we work on our OASIS wiki, we will be able to provide the points, counterpoints and discussion in a single and easy to navigate location.  This can provide background and context to the discussion(s). 

 

Does it make sense to use the email distro as a means for communicating resolutions and other media (such as wiki) for deliberation?  I am concerned that some of the context and discussion will get obfuscated in a sea of email….

 

https://wiki.oasis-open.org/openc2/EncodingStyle

 

From: openc2@lists.oasis-open.org [mailto:openc2@lists.oasis-open.org] On Behalf Of Waltermire, David A. (Fed)
Sent: Wednesday, September 6, 2017 2:20 PM
To: Allan Thomson <athomson@lookingglasscyber.com>; Bret Jordan <Bret_Jordan@symantec.com>; duncan@sfractal.com; TC OpenC2 <openc2@lists.oasis-open.org>
Subject: [Non-DoD Source] RE: [openc2] RE: [EXT] [openc2] Modifier to become Action-Option

 

Multiple targets could be represented like this:

 

{

  "action": {

    "type": "copy",

    "options": {}

  },

  "targets": [

     {

        "type" : "file",

        "specifiers: {},

        "options": {}

    },

    {

        “type” : “registry-key”,

        “specifiers: {},

        “options: {}

    }

  ]

}

 

A single target could be represented as a single array member.

 

Thoughts?

 

Regards,

Dave

 

From: Allan Thomson [mailto:athomson@lookingglasscyber.com]
Sent: Wednesday, September 06, 2017 1:51 PM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>; Bret Jordan <Bret_Jordan@symantec.com>; duncan@sfractal.com; TC OpenC2 <openc2@lists.oasis-open.org>
Subject: Re: [openc2] RE: [EXT] [openc2] Modifier to become Action-Option

 

The only issue I see with Option 1 is that if there is an intention to have multiple targets in the same target specification.

 

For example with Option 1 the following would *not* be possible as specifiers and options are now ambiguous.

 

Option 1:

{

  "action": {

    "type": "copy",

    "options": {}

  },

  "target": {

    "type" : "file",

    "specifiers: {},

    "options": {}

    “type” : “registry-key”,

    “specifiers: {},

    “options: {}

  }

}

 

Whereas with Option 2 (the specifiers and options are not ambiguous):

 

Option 2:

{

  "action": {

    "copy": {

      "options": {}

    }

  },

  "target": {

    "file": {

      "specifiers: {},

      "options": {}

    },

    “registry-key” : {

      "specifiers: {},

      "options": {}

   }

  }

}

 

So if having multiple targets in the same target specification is not needed then it’s a non-issue.

 

If multiple targets are needed then this problem needs a solution.

 

Therefore I have a slight preference for Option 2 (*if* multiple targets are needed).

 

Allan

 

p.s. Option 1 could be solved by naming the specifiers and options as “file-specifier” and “file-options” but that is not ideal.

 

From: <openc2@lists.oasis-open.org> on behalf of "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Date: Wednesday, September 6, 2017 at 9:39 AM
To: Bret Jordan <Bret_Jordan@symantec.com>, "duncan@sfractal.com" <duncan@sfractal.com>, TC OpenC2 <openc2@lists.oasis-open.org>
Subject: [openc2] RE: [EXT] [openc2] Modifier to become Action-Option

 

I have a preference for option 1 largely because I believe the BNF can be made more simple around this syntax, without having to account for specific target types. Enforcement of specific target types and type specific options can then be handled post-parse by business logic enforcing content co-constraints.

 

Regards,

Dave

 

From: openc2@lists.oasis-open.org [mailto:openc2@lists.oasis-open.org] On Behalf Of Bret Jordan
Sent: Wednesday, September 06, 2017 11:17 AM
To: duncan@sfractal.com; TC OpenC2 <openc2@lists.oasis-open.org>
Subject: [openc2] Re: [EXT] [openc2] Modifier to become Action-Option

 

Yes, I fully support this change.  In addition to this we have design issue with our current structure.  Today we have:

 

{

  "action": {

    "type": "copy",

    "options": {}

  },

  "target": {

    "file": {

      "specifiers: {},

      "options": {}

    }

  }

}

 

 

This represents a bad form with its design.  The action property is flat while the target is nested.  We should do one or the other. There are two real options here, and they both have the same semantic meaning.  Personally, flat designs are generally more preferable, and they represent a good design principle (flatter is better than nested).  The advantage of nested is you can quickly make parsing decisions about which struct to unmarshal content in to based on the key name. So I can go either way, but we should pick one style of encoding.   

 

Option 1:

{

  "action": {

    "type": "copy",

    "options": {}

  },

  "target": {

    "type" : "file",

    "specifiers: {},

    "options": {}

  }

}

 

 

Option 2:

{

  "action": {

    "copy": {

      "options": {}

    }

  },

  "target": {

    "file": {

      "specifiers: {},

      "options": {}

    }

  }

}

 

Bret

 

 

 


From: openc2@lists.oasis-open.org <openc2@lists.oasis-open.org> on behalf of duncan@sfractal.com <duncan@sfractal.com>
Sent: Monday, September 4, 2017 3:18:37 PM
To: TC OpenC2
Subject: [EXT] [openc2] Modifier to become Action-Option

 

An issue was discussed and resolved at the last Language Subcommittee
that the Modifier field move under Action and be action-option. Since
this is a relatively major change, it is being communicated to the the
TC mailing list.

A wiki page was created for this issue at
https://clicktime.symantec.com/a/1/4ZB73huEVk4m4G4BVhqWi7fMUB0u1Oc_vLzhEIH4Qr8=?d=lgF3yCMdJLpr2hoS6bxs4YL-vUnzWGbkKQEzB2bgA_H5mbF_oFvunb9iw0XNrDodmItASA4L3KRPul2fmVkB74LP2gBcgZRiTA4mpq_PESfctOcLwm9LDtlauaaYY8oL3vVIq3fkEqEs9IYXuI3tFnAmdE2M8qSUgk5a3ZY6P4zZJej-ZSP8VamePJyrY9yJkSEuJTr63eRaeHzIBx0R4N1GA8Zy9QY2RVWdF2bXWm3QmJz94qdql27QkX09F7SPJn-2l61rhwh8RdeWnYTR5iZx41tT1YrBTn7kimp3M41Jl7vRgzyGo3hqh45e9QwK36pQTtzJY91NCdq7FP-zA0gUPhKwcRmJdjoWXk8ojA8lGd0iM3dMW1N0xOPUvADrwK6dz7f7rW4SZSu6gKs9DBKMCAyvr4kpjShh0BEi-OB7almext8XHOClGRH7-_aFMqz7rslqaa_zi9YJxajl56ANUeRrw1cO0ipBXM4kYOk%3D&u=https%3A%2F%2Fwiki.oasis-open.org%2Fopenc2%2FModifierOnAction but the content will
be repeated here:

"The language specification previously defined the openc2 command as
having 4 components:

+ action (mandatory)
+ target (mandatory)
+ actuator (optional)
+ modifier (optional)

At the 29-Aug-2017 Language Subcommittee meeting, Allan Thomson of
Looking Glass raised the issue of whether 'modifier' belonged as a peer
to action or as part of action. Targets have target-specifiers and
target-options and the issue was whether modifier was really an
action-option. Bret Jordan of Symantec supported this view with the
argument it would be easier for vendors to adopt openc2 since it would
be easier to understand. The issue was raised by DuncanSparrell
(speaking as sFractal Consulting and software developer of ocas, not as
co-chair) that this was a significant change to something that has been
stable for 2 years and that any software already written would have to
be changed. It was observed that the purpose of the SC was to get input
and that changes were to be expected.
The argument that it would increase vendor adoption was significant as
everyone agreed that increased vendor adoption would be beneficial.
Consensus was reached that modifier would move to action-option. The
changes to the Language Specification that result from this will be
reviewed at the next meeting."


Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://clicktime.symantec.com/a/1/Km-wOTq-1nndQkBooSUDh3NIDtFY7FPX5qgQs5818tI=?d=lgF3yCMdJLpr2hoS6bxs4YL-vUnzWGbkKQEzB2bgA_H5mbF_oFvunb9iw0XNrDodmItASA4L3KRPul2fmVkB74LP2gBcgZRiTA4mpq_PESfctOcLwm9LDtlauaaYY8oL3vVIq3fkEqEs9IYXuI3tFnAmdE2M8qSUgk5a3ZY6P4zZJej-ZSP8VamePJyrY9yJkSEuJTr63eRaeHzIBx0R4N1GA8Zy9QY2RVWdF2bXWm3QmJz94qdql27QkX09F7SPJn-2l61rhwh8RdeWnYTR5iZx41tT1YrBTn7kimp3M41Jl7vRgzyGo3hqh45e9QwK36pQTtzJY91NCdq7FP-zA0gUPhKwcRmJdjoWXk8ojA8lGd0iM3dMW1N0xOPUvADrwK6dz7f7rW4SZSu6gKs9DBKMCAyvr4kpjShh0BEi-OB7almext8XHOClGRH7-_aFMqz7rslqaa_zi9YJxajl56ANUeRrw1cO0ipBXM4kYOk%3D&u=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]