OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

openc2 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [Non-DoD Source] Re: [openc2] OpenC2 Language Specification draft for approval


Jason,

 

The ‘strategy’ behind the incremental approach is to get ‘agreement on what we agree on’ and move forward rather than attempt an ‘uber spec’ that spans the entire language spec.  I think two weeks is a good duration for a particular ballot.  I am not convinced that we are ‘writing off’ any appreciable time by having the four increments.  The fact that the changes to a document in CSD increment ‘1,2,3 or 4’ during the ballot process does not preclude us from working on other portions of the document. 

 

The first increment is focusing on the 31 ‘actions’, the frame, general format of the document.   

The second increment is focusing on the target types and target data model.  There is nothing to stop us from working on increment two while increment one is in the two week ballot status.

Rinse and repeat for three and four. 

 

VR

 

Joe B

 

From: openc2@lists.oasis-open.org [mailto:openc2@lists.oasis-open.org] On Behalf Of Jason Keirstead
Sent: Thursday, October 12, 2017 12:51 PM
To: Duncan <duncan@sfractal.com>
Cc: openc2@lists.oasis-open.org
Subject: [Non-DoD Source] Re: [openc2] OpenC2 Language Specification draft for approval

 

Just my opinion - I think one of the things not being considered here is how long it takes for a ballot.

While there is no official oasis rule on the time-frame, a ballot for a CSD has to be open for a *reasonable* period of time to allow TC members to vote. Given the importance of a CSD, that time-frame should be at least in the two week range to account for people's schedules and vacations etc.

If you are pre-planning to do 4 CSDs, you're basically pre-writing-off 2 months of time waiting for ballots, as you can't make any material changes to the document while people are voting.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

Without data, all you are is just another person with an opinion - Unknown




From:        Duncan <duncan@sfractal.com>
To:        <openc2@lists.oasis-open.org>
Date:        10/11/2017 05:45 PM
Subject:        Re: [openc2] OpenC2 Language Specification draft for approval
Sent by:        <openc2@lists.oasis-open.org>






Allan,
Yes I am proposing a different approach from CTI. I would not word it as ‘more immature’ but I do agree it will take more ballots. I’m just trying to incrementally get full agreement on I think we have already reached agreement on. If nothing else, this should draw out issues if there are any in what we thought we’d already agreed to. My understanding of the CSD process is that it was designed to allow this incremental approach. The current work plan calls for us reaching CSD04 before going for CS. Ie we have broken the work down into 4 increments. Quickie OASIS searches show 212 standards have made it to CSD04 before approval. 167 made it to CSD05. 2 have even made it to CDS10. Hopefully we don’t make it to 10 for no other reason than that would take 10 month and we are hopefully to finish sooner than that :-)

iPhone, iTypo, iApologize

Duncan Sparrell
sFractal Consulting, LLC
The closer you look, the more you see
_____________________________
From: Allan Thomson <athomson@lookingglasscyber.com>
Sent: Wednesday, October 11, 2017 4:08 PM
Subject: Re: [openc2] OpenC2 Language Specification draft for approval
To: <duncan@sfractal.com>, <openc2@lists.oasis-open.org>


Duncan – I’m only comparing the process in which STIX/TAXII followed for CSD process vs google doc review.
 
The STIx/TAXII community spent significant time on the google doc (as it was easier to revise/edit) and getting that close enough to the 95% of what a final CSD would look like.
 
It sounds like the OpenC2 TC want to follow a route where the CSD is much more immature and therefore will require many more ballots/edits.
 
I’m only one voice and observing the difference between the processes. Whether one is better than the other, time will tell.
 
Allan
 
From: <<openc2@lists.oasis-open.org> on behalf of "duncan@sfractal.com" <duncan@sfractal.com>
Date:
Wednesday, October 11, 2017 at 12:37 PM
To:
"
openc2@lists.oasis-open.org" <openc2@lists.oasis-open.org>
Subject:
[openc2] OpenC2 Language Specification draft for approval

 
Alan,
We did review the document at the last LSC, which I realize you could not attend. I thought we did actually take alot of your comments into account and made changes. For example you'll note that in the approval copy the entire Goals section consists of "TBS". We took out the existing text since you had issues with it so we kicked that text into future versions. We did similar with your comments on serialization (ie we took out the text and replaced with TBS) and did the same with the text on actuator type.
 
The substantive thing being agreed to is the list of actions. Do you have issues with the action list?
 
And let me point out again - the text being proposed for the CSD is only 13 pages. The google doc is 150 pages. We are only including the parts we think we've have reached agreement on. We are eating the whale in smaller bites.
 
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
 
-------- Original Message --------
Subject: Re: [openc2] Groups - OpenC2 Language Specification uploaded
From: Allan Thomson <
athomson@lookingglasscyber.com>
Date: Wed, October 11, 2017 3:13 pm
To: Duncan Sparrell <
duncan@sfractal.com>, "openc2@lists.oasis-open.org"
<
openc2@lists.oasis-open.org>
Duncan – thanks for the heads up.
 
At this point, I’ve reviewed a lot of the google document and I’m concerned that we would push for a ballot on such raw text at this point.
 
The specification is not at the level it needs to be for a CSD ballot, in my opinion.
 
I suggest we consider resolving a lot more of the content in question/comments in the google document before spending time on a CSD. I have not seen resolution of many of the issues to my comments alone far less anyone elses comments. So therefore in all honesty I couldn’t say I would vote yes for this document as a CSD 1.0.
 
Regards
 
Allan
 
 
 
From:<openc2@lists.oasis-open.org> on behalf of Duncan Sparrell <duncan@sfractal.com>
Date:
Wednesday, October 11, 2017 at 11:45 AM
To:
"
openc2@lists.oasis-open.org" <openc2@lists.oasis-open.org>
Subject:
[openc2] Groups - OpenC2 Language Specification uploaded

 
Submitter's message
The OpenC2 Language Subcommittee has been reviewing the OpenC2 Language Specification, which is currently a 150-page google doc at
https://docs.google.com/document/d/1l7rIZl_I_zZb1FQOMYZkfUI04O7sNasZ-ozUvMn5SMU/. This gdoc contains both agreed-to text, and text still being debated.

The attached zip file contains 3 documents which contain the same 13-page content in 3 file formats (pdf, word, html). It only contains text that I believe the
Language Subcommittee has reached consensus (but not necessarily unanimous agreement) on.

I intend to make a motion at the Oct-18 TC meeting to approve this text as a Committee Specification Draft (CSD). My intent is to document what we have reached agreement on, and to draw out any issues we don’t realize we have. Note a CSD is a draft - we will be adding to this several times before we are ready for publishing as a verison 1.0.0 Specification. This document contains a lot of boilerplate and the substantive text is that it contains the list of agreed-to OpenC2 actions.

The motion will be something along the lines of:
"I move that the OASIS OpenC2 TC approve the OpenC2 Language Specification, Version 1.0.0, Working Draft revision 03 and all associated artifacts packaged together in (Link to this page) as a Committee Specification Draft and designate the PDF version of the specification as authoritative."

-- Mr. Duncan Sparrell

Document Name:OpenC2 Language Specification



Description
Open Command and Control (OpenC2) is a concise and extensible language to
enable the command and control of cyber defense components, subsystems
and/or systems in a manner that is agnostic of the underlying products,
technologies, transport mechanisms or other aspects of the implementation.
Download Latest Revision
Public Download Link



Submitter: Mr. Duncan Sparrell
Group
: OASIS Open Command and Control (OpenC2) TC
Folder
: Working Drafts
Date submitted
: 2017-10-11 11:44:35


 
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]