For anyone not on the cit-comment list. Allan Begin forwarded message: From: aa tt <
atcyber1000@gmail.com > Subject: Re: [cti-comment] question about STIX v2.1 section 7.3.2 Date: March 30, 2021 at 1:46:14 PM PDT To: Mark Finlayson <
markaf@fiu.edu > Cc:
cti-comment@lists.oasis-open.org <
cti-comment@lists.oasis-open.org > Mark - I believe you are correct that these examples are incorrectly defined. I suspect copy/paste errors during the final push to get the document out. Apologize on behalf of the TC for this error and THANK YOU for such detailed review. Here is a Word document (with track changes on to highlight the corrections) with the proposed corrections that the TC should consider fixing in the document. The TC should check my suggested fixes and incorporate as appropriate. regards Allan Attachment: extension-example-corrections.docx Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document On Mar 30, 2021, at 12:44 PM, Mark Finlayson <
markaf@fiu.edu > wrote: Hello, In reviewing the STIX Version 2.1 Committee Specification 02, dated 25 Jan 2021, I was confused by the examples provided in section 7.3.2. In particular, there are 3 examples on pages 209-211. In the second example, ( Adding properties to an existing STIX object instance , p210), the id of the definition matches the extension id found in the extensions dictionary ( extension-definition--d83fce45-ef58-4c6c-a3f4-1fbc32e98c6e ) of the object below. This is what I expected. However, they extension definition ids do not match in the other two examples, and unless I am confused they should. In the first example ( create a new object type , p209) the extension definition of my-favorite-sdo has an id of extension-definition--a932fcc6-e032-176c-126f-cb970a5a1fff but then the object of that type presented just below references the id extension-definition--04b2d3ef-d061-4912-ab77-6bbe807a5bd5 , which is different. A search of the document reveals that the second id appears again on page 291 in Appendix C for the examples, where it actually matches internally to the example, as I would expect. This makes me suspect a typo in the first and third examples on pages 209-211. Can someone confirm or else explain how I am misunderstanding the specification? I will be much obliged. Best regards, Mark _______________________ Mark A. Finlayson, Ph.D. Eminent Scholar Chaired Associate Professor, FIU KFSCIS, Cognac Lab Interim Associate Director, FIU KFSCIS Edison Fellow for AI, USPTO 11200 SW 8th Street, CASE Room 362, Miami, FL 33199 +1.305.348.7988 (office); +1.617.515.0708 (mobile);
markaf@fiu.edu . Attachment: signature.asc Description: Message signed with OpenPGP