I’m not sure if this is exactly where we’d want to land, but this describes the concept I’m attempting to articulate.
The goals are:
1.
Convey which policies are required for content SENT to the channel/collection
2.
Convey which policies are required for content RECEIVED from the channel/collection
3.
Provide method for adding new policies without revving TAXII
a.
E.g., if we had a property for each policy, then new policies require new properties
I realize this probably borders on looking overly complex, perhaps there is a way to reduce it. That said, I do think there’s a lot of value in satisfying Goal #3 articulated above.
Example JSON:
{
"policies":[
{
"policy_id":"tlp-markings-required",
"applicable_media_types":[
"application/stix2+json"
],
"required_for":[
"POST"
]
},
{
"policy_id":"IEP",
"applicable_media_types":[
"application/stix2+json"
],
"required_for":[
"GET"
]
}
]
}
Thank you.
-Mark
From:
Bret Jordan <
Bret_Jordan@symantec.com>
Date: Friday, August 18, 2017 at 4:17 PM
To: Mark Davidson <
Mark.Davidson@nc4.com>, Jason Keirstead <
Jason.Keirstead@ca.ibm.com>, "Maxwell, Kyle R." <
kyle.r.maxwell@accenture.com>
Cc: "cti-taxii@lists.oasis-open.org" <
cti-taxii@lists.oasis-open.org>
Subject: Re: [cti-taxii] Re: [EXT] Re: [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1
Mark,
Can you give some examples?
Bret
From: Mark Davidson <
Mark.Davidson@nc4.com>
Sent: Friday, August 18, 2017 6:34:16 AM
To: Bret Jordan; Jason Keirstead; Maxwell, Kyle R.
Cc:
cti-taxii@lists.oasis-open.org Subject: Re: [cti-taxii] Re: [EXT] Re: [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1
Personally I would go for a more generic policy structure. I like the concept overall, I would just push it one level of abstraction higher. Markings are just one kind of policy statement.
Thank you.
-Mark
From:
<
cti-taxii@lists.oasis-open.org> on behalf of Bret Jordan <
Bret_Jordan@symantec.com>
Date: Friday, August 11, 2017 at 1:35 PM
To: Jason Keirstead <
Jason.Keirstead@ca.ibm.com>, "Maxwell, Kyle R." <
kyle.r.maxwell@accenture.com>
Cc: "cti-taxii@lists.oasis-open.org" <
cti-taxii@lists.oasis-open.org>
Subject: [cti-taxii] Re: [EXT] Re: [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1
That is a good option too. I do like the idea of doing some sort of client / server negotiations.
Bret
From: Jason Keirstead <
Jason.Keirstead@ca.ibm.com>
Sent: Friday, August 11, 2017 6:07:37 AM
To: Maxwell, Kyle R.
Cc: Bret Jordan;
cti-taxii@lists.oasis-open.org Subject: [EXT] Re: [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1
My proposal was that it would be on the TAXII collection, not the objects.
required_markings="TLP" on a collection means that every object submitted must contain a TLP marking, if it does not, it is rejected.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security Without data, all you are is just another person with an opinion - Unknown
From: "Maxwell, Kyle R." <
kyle.r.maxwell@accenture.com>
To: Bret Jordan <
Bret_Jordan@symantec.com>, "cti-taxii@lists.oasis-open.org" <
cti-taxii@lists.oasis-open.org>
Date: 08/10/2017 06:29 PM
Subject: [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1
Sent by: <
cti-taxii@lists.oasis-open.org>
Is the intent that these properties live within TAXII or on the STIX objects themselves?
From: <
cti-taxii@lists.oasis-open.org> on behalf of Bret Jordan <
Bret_Jordan@symantec.com>
Date: Thursday, August 10, 2017 at 2:51 PM
To: "cti-taxii@lists.oasis-open.org" <
cti-taxii@lists.oasis-open.org>
Subject: [External] [cti-taxii] New properties for TAXII 2.1
All,
It has been proposed that we add some properties to collections to help identify what data markings are needed / supported in this collection. One driving aspect is with the upcoming IEP policy stuff.
It has been proposed that we add something like the following two properties:
supported_markings
required_markings
The property terms may need to be word smithed and we need to figure out how to best capture the data. But the question right now is, should we support this functionality on collections?
If so, I will add them to the TAXII 2.1 working specification so that we can being work on what they will mean.
Bret
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by
you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of
internal compliance with Accenture policy.
______________________________________________________________________________________
www.accenture.com Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you
are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in
error, please notify the sender and destroy and delete any copies you may have received.