OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  Motion for STIX Identifiers

    Posted 04-11-2019 19:21
      |   view attached




    I make the following motion to the Chairs of the OASIS CTI TC.

     
    Motion

     


    Change the existing language of the 2.0 CSD for Identifier
    Remove the UUIDv4 restriction.  

     

    Type Name:   identifier

     

    An  identifier  universally
    and uniquely identifies a SDO, SRO, Bundle, or Marking Definition. Identifiers  MUST  follow the form  object-type -- UUID ,
    where  object-type  is the exact value (all type names are lowercase strings, by
    definition) from the  type  property of the object being identified or referenced and
    where the  UUID  is an RFC 4122-compliant   UUID.
    The   UUID  MUST  be generated according to the algorithm(s) defined in RFC 4122, [ RFC4122 ].

     

    Please note the following assertions:

     


    The   only   requirement for the   UUID portion of a STIX Identifier is uniqueness.
    Any RFC 4122 compliant ID form meets this requirement  (Including   UUIDv1).
    RFC 4122 addresses the requirements for how compliant   UUIDs are generated.
     
     
    Patrick Maroney
    DarkLight

    Email:   patrick.maroney@darklight.ai


     






  • 2.  Re: [EXT] [cti] Motion for STIX Identifiers

    Posted 04-11-2019 19:54
      |   view attached
    Thanks for the idea Pat, but this does not solve any of the problems that we have and are trying to address.  This would actually make things worse.  Bret From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Patrick Maroney <pmaroney@darklight.ai> Sent: Thursday, April 11, 2019 1:20:51 PM To: cti@lists.oasis-open.org Subject: [EXT] [cti] Motion for STIX Identifiers   I make the following motion to the Chairs of the OASIS CTI TC.   Motion   Change the existing language of the 2.0 CSD for Identifier Remove the UUIDv4 restriction.     Type Name:   identifier   An  identifier  universally and uniquely identifies a SDO, SRO, Bundle, or Marking Definition. Identifiers  MUST  follow the form  object-type -- UUID , where  object-type  is the exact value (all type names are lowercase strings, by definition) from the  type  property of the object being identified or referenced and where the  UUID  is an RFC 4122-compliant   UUID. The   UUID  MUST  be generated according to the algorithm(s) defined in RFC 4122, [ RFC4122 ].   Please note the following assertions:   The   only   requirement for the   UUID portion of a STIX Identifier is uniqueness. Any RFC 4122 compliant ID form meets this requirement  (Including   UUIDv1). RFC 4122 addresses the requirements for how compliant   UUIDs are generated.     Patrick Maroney DarkLight Email:   patrick.maroney@darklight.ai