OASIS Charter Submission Discuss

 View Only
Expand all | Collapse all

Draft STIX4Space* TC charter: Staff comments 2: transport and serialization

  • 1.  Draft STIX4Space* TC charter: Staff comments 2: transport and serialization

    Posted 08-19-2024 16:51
    The following additional comments are offered for the proposers to consider some possibly open questions, either during or after the chartering stage of the project.  This is not a request for charter change.

    One relates to TAXII, the transport layer message exchange standard paired with STIX.  I could imagine a prospect or reader asking whether this planned project's STIX-like deliverables are likely to use (or be compatible with) TAXII.  Is there a view on that?  

    Another goes to the use of JSON encoding and a few other common internet conventions (e.g. IPv4 using CIDR, Unicode) that are the canonical method for expressing some STIX objects and patterns.  Those requirements may be part of STIX conformance clauses.  Using the phrase "extending STIX", it's likely that readers will assume this means that all those same low-level encoding methods will be the same.  This would also be true if this project conforms to the published STIX Extension guidelines. 

    The group may wish to explore whether that's correct, or whether their plans may also lead to different types of messaging -- just as our OASIS standards include some very fault-tolerant non-JSON and non-XML encodings (like our MQTT and AMQP) for IoT/M2M use cases including satellites. 

    Thanks for your attention and thought.  We look forward to working with you. 
    Respectfully submitted,  JBC



  • 2.  RE: Draft STIX4Space* TC charter: Staff comments 2: transport and serialization

    Posted 08-19-2024 16:56
    James - I draw your attention to early work we did with STIXPreferred program that had different levels of certification on whether an entity requesting certification was getting STIX certified and/or STIX+TAXII certified.

    There is no requirement for someone that is compliant with the STIX specification to implement TAXII. Whereas, there is an expectation/requirement that someone that is compliant with TAXII is also compliant with STIX.

    Despite the STIXPreferred program not getting fully launched there is still a lot of thought and work that went into interoperability and compliance in the marketplace that is still very valid.

    Regards

    Allan


    On Aug 19, 2024, at 1:50 PM, James Bryce Clark via OASIS <Mail@mail.groups.oasis-open.org> wrote: