Having newly joined the CACAO TC, I can now join this conversation directly. Unfortunately I will not be able to participate in any related discussions during the 17 September meeting due to a previously planned family trip.
I'll start with a "bottom line" request: please read the draft (links are in the first message Bret forwarded).
Regardless of how its content is eventually published I believe that having participants on both sides review the draft extension provides the best foundation for productive and substantive discussions about improving the integration of OpenC2 and CACAO. One possible path would to be to incorporate the draft's specific changes to -OVs and object structure into a v2.x CACAO specification and repurpose other content into an appendix as an OpenC2 integration example.
Other responses in more detail (My thanks to Dave Kemp for his inputs to this material):
Allan said:
· Isn't a CACAO extension not the responsibility of the CACAO TC to craft and approve?
Maybe, maybe not. OpenC2 calls them "profiles" rather than "extensions", based on the philosophy that communities of interest may develop their own, publish them as open source or keep them as proprietary, and optionally register their existence with the OpenC2 TC. The CACAO TC sets the rules for its own work products, of course.
Bret said:
· What I am more interested in, is folding these ideas into the 2.1 release of CACAO. I understand the need, at times, to produce an extension and there are good use cases for them. But a core feature like this, is not one of them, IMHO.
We agree that everyone working on CACAO and OpenC2 should understand both to ensure that their interactions are designed correctly. Dave Lemire's original message has a great introduction to OpenC2 for the CACAO community. Some additional points about abstraction:
· OpenC2 is defined as an information model that does not specify any particular message encoding form
· OpenC2 messages can be conveyed using a variety of transfer mechanisms
plus:
· OpenC2 defines atomic actions separately from the existence of messages/protocols. Command, response, or event content can exist in a document such as a playbook independently of whether or how it was or may be communicated.
The OpenC2 TC believe that at this point a review of the draft extension by the CACAO community will provide the best basis for meaningful technical discussion regarding how to better integrate our two efforts (Bret's stated goal, which we support). We do need discussion to reach agreement, and the agreement needs to result in "words on paper". A discussion informed by draft "words on paper" seems more efficient, especially given that they already exist. One outcome of the discussion can be a plan for how best to proceed, including both technical improvements and whether the material evolves into CACAO v2.1 content or remains separate. We will still have to work out the procedural issues associated with a joint meeting, as Duncan has previously noted.
I would add that members of our TC have invested considerable effort since the start of CY2025 in understanding the CACAO v2.0 Specification, and engaging with it and the CACAO Roaster project. This has resulted in us providing feedback to both CACAO and Roaster via GitHub issue postings. We have also used Roaster to develop a CACAO playbook to illustrate our OpenC2 / Kestrel integration for the April 2024 CASP event and to aid in developing examples in the draft specification. This isn't a claim to be CACAO experts but to note that the draft we have developed wasn't created in a vacuum and we believe is very much in the spirit of the CACAO v2.0 Specification.
------------------------------
David Lemire, CISSP
HII / National Security Agency
OpenC2 TC Secretary
david.lemire@hii-tsd.com------------------------------
Original Message:
Sent: 08-21-2024 16:23
From: Allan Thomson
Subject: Email from Dave Lemire
Extension's can be defined but shouldn't both the TC and the extension creator's *want* to ensure they all agree on its definition?
I don't care about the rules here (so much) but more about pragmatic/practical best practices that most multi-team development organizations/cross- organizations do as part of making sure that what is designed *actually* makes sense and is good for all.
If OpenC2 community want to design something for CACAO standard/extension (or not) then kudos for initiating the work. But that does *not* mean that both communities should just accept that work as-is or that It makes sense.
We should work together to make a solution that is the result of the best minds from both communities.
Both TC's are OASIS groups. We should be collaborating not acting like we're ships in the night. That is *especially* true for something that crosses both standards.
What I am more interested in, is folding these ideas into the 2.1 release of CACAO. I understand the need, at times, to produce an extension and there are good use cases for them. But a core feature like this, is not one of them, IMHO. I am grateful that OpenC2 has worked on these ideas. But what I would like is a session between OpenC2 and CACAO to make sure CACAO is using OpenC2 correctly. I have tried unsuccessfully for a LONG time to get people that know each sides to come together and talk through how to make this work.
Bret
I thought extensions could be done by anyone (ie doesn't need CACAO TC approval). Note OpenC2 has informed CACAO TC of this work in the past ...
| Re: Email from Dave Lemire | | | | | I thought extensions could be done by anyone (ie doesn't need CACAO TC approval). Note OpenC2 has informed CACAO TC of this work in the past (and all we got back was crickets). Note OpenC2 is not sending out for public comment. The main reason it was made into a CSD was so CACAO TC would have a reasonably complete draft to comment on (and it might prod people to actually look at it). It's just a draft (ie CSD not CS) and can easily change if it needs changing. -- Duncan Sparrell sFractal Consulting iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ | | | Reply to Group via Email Reply to Sender via Email View Thread Recommend Forward | |
Original Message:
Sent: 8/21/2024 3:32:00 PM | |
| |
I thought extensions could be done by anyone (ie doesn't need CACAO TC approval).
Note OpenC2 has informed CACAO TC of this work in the past (and all we got back was crickets).
Note OpenC2 is not sending out for public comment. The main reason it was made into a CSD was so CACAO TC would have a reasonably complete draft to comment on (and it might prod people to actually look at it). It's just a draft (ie CSD not CS) and can easily change if it needs changing.
--
Duncan Sparrell
sFractal Consulting
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more at http://vsre.info/
Bret et al - shouldn't we (cacao tc) agree on a working call to the details of this new extension before the openc2 tc approve a csd?
Seems like getting any feedback to them before a formal csd vote would cut down the time involved in csd approval and any necessary subsequent updates?
Also - isnt a cacao extension not the responsibility of the cacao tc to craft and approve?
I'm not that much of a stickler for formal process but an openc2 group approving a cacao extension seems incorrect.
Allan
All,I was asked to forward the following email to the CACAO TCBret###BEGIN I've cc'd our TC's mail list here for broader visibility of your...