[TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

Jordan, Bret
I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.






Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 


TAXII_JSON_Message_Binding_Specification_v0.5.pdf (306K) Download Attachment
signature.asc (858 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

Terry MacDonald
I'm not quite sure what the 'official' process is for seconding this addition, but in lieu of something like that...

I hereby support the inclusion of document “The JSON Message Binding Specification for TAXII 1.1” to be considered for formal adoption as an official TAXII specification.

I also support the creation of a formal standards submission and review process, to be documented shortly in another email :).

Cheers
Terry MacDonald
Threatloop.com

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

On 27 March 2015 at 07:23, Jordan, Bret <[hidden email]> wrote:
I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.






Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 



Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

mdavidson

Well…. there’s a good reason you’re not sure what the “official” process is: We don’t have one! TAXII 1.0 and TAXII 1.1 were very much a “Mark and Charles think it’s good. It’s going in!” type of effort (how’s that for process?).

 

I’ll propose that we use this as a starting point: Please provide comments on the JSON Message Binding spec Bret has posted. +1/-1 works, or a full opinion if you have one (on any aspect of potentially adding a JSON Message Binding). For now, let’s consider this a straw poll and a discussion of ideas. (Comments on this approach welcome)

 

Thank you.

-Mark

 

From: Terry MacDonald [mailto:[hidden email]]
Sent: Friday, March 27, 2015 5:29 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

I'm not quite sure what the 'official' process is for seconding this addition, but in lieu of something like that...

 

I hereby support the inclusion of document “The JSON Message Binding Specification for TAXII 1.1” to be considered for formal adoption as an official TAXII specification.

 

I also support the creation of a formal standards submission and review process, to be documented shortly in another email :).

 

Cheers
Terry MacDonald

Threatloop.com

 

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

 

On 27 March 2015 at 07:23, Jordan, Bret <[hidden email]> wrote:

I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

 

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.

 

 

 

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

Aharon Chernin

Mark, if the JSON spec is ratified, would Mitre add the capability to libTAXII? If so, what kind of time frame? Trying to get a feel for how long the community will be fragmented.



Aharon Chernin
CTO
SOLTRA | An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647

From: Davidson II, Mark S <[hidden email]>
Sent: Friday, March 27, 2015 8:13 AM
To: [hidden email]
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5
 

Well…. there’s a good reason you’re not sure what the “official” process is: We don’t have one! TAXII 1.0 and TAXII 1.1 were very much a “Mark and Charles think it’s good. It’s going in!” type of effort (how’s that for process?).

 

I’ll propose that we use this as a starting point: Please provide comments on the JSON Message Binding spec Bret has posted. +1/-1 works, or a full opinion if you have one (on any aspect of potentially adding a JSON Message Binding). For now, let’s consider this a straw poll and a discussion of ideas. (Comments on this approach welcome)

 

Thank you.

-Mark

 

From: Terry MacDonald [mailto:[hidden email]]
Sent: Friday, March 27, 2015 5:29 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

I'm not quite sure what the 'official' process is for seconding this addition, but in lieu of something like that...

 

I hereby support the inclusion of document “The JSON Message Binding Specification for TAXII 1.1” to be considered for formal adoption as an official TAXII specification.

 

I also support the creation of a formal standards submission and review process, to be documented shortly in another email :).

 

Cheers
Terry MacDonald

Threatloop.com

 

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

 

On 27 March 2015 at 07:23, Jordan, Bret <[hidden email]> wrote:

I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

 

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.

 

 

 

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

mdavidson

From the MITRE side, there’s also java-taxii and django-taxii-services to consider.

 

For libtaxii and java-taxii, I don’t think the effort would be all that high. I’m terrible at estimating development timeframes, but I’d say maybe 20 person-hours for each library; possibly more for java-taxii since the JSON is generated from the XML schema whereas libtaxii’s is hand-crafted and more easily modified.

 

As for django-taxii-services, once libtaxii is done, it might be 2-4 lines of code to support JSON (no, that’s not a typo). At least for the initial support – I’m sure there’s other side effects that will only show up in implementation.

 

In terms of a timeline, all the coding could reasonably performed in the calendar time it takes to have a substantive discussion about the JSON spec and its contents (in branches, of course).

 

Aharon – if I may make an inference from your question – it seems that your perspective is that the community will not be fragmented once the MITRE tooling (libtaxii, etc) supports the JSON spec. Is that the case? I personally have a fear that non-MITRE tooling will not be updated as quickly and that would be a contributor to fragmentation.

 

As an aside, I am really interested in the opinions of the community. Is this a good direction? Please speak up or your voice will not be heard.

 

Thank you.

-Mark

 

From: Aharon Chernin [mailto:[hidden email]]
Sent: Friday, March 27, 2015 8:30 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In; Davidson II, Mark S
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

Mark, if the JSON spec is ratified, would Mitre add the capability to libTAXII? If so, what kind of time frame? Trying to get a feel for how long the community will be fragmented.

 

 

Aharon Chernin
CTO

SOLTRA | An FS-ISAC & DTCC Company

18301 Bermuda green Dr

Tampa, fl 33647

813.470.2173 | [hidden email]


From: Davidson II, Mark S <[hidden email]>
Sent: Friday, March 27, 2015 8:13 AM
To: [hidden email]
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

Well…. there’s a good reason you’re not sure what the “official” process is: We don’t have one! TAXII 1.0 and TAXII 1.1 were very much a “Mark and Charles think it’s good. It’s going in!” type of effort (how’s that for process?).

 

I’ll propose that we use this as a starting point: Please provide comments on the JSON Message Binding spec Bret has posted. +1/-1 works, or a full opinion if you have one (on any aspect of potentially adding a JSON Message Binding). For now, let’s consider this a straw poll and a discussion of ideas. (Comments on this approach welcome)

 

Thank you.

-Mark

 

From: Terry MacDonald [[hidden email]]
Sent: Friday, March 27, 2015 5:29 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

I'm not quite sure what the 'official' process is for seconding this addition, but in lieu of something like that...

 

I hereby support the inclusion of document “The JSON Message Binding Specification for TAXII 1.1” to be considered for formal adoption as an official TAXII specification.

 

I also support the creation of a formal standards submission and review process, to be documented shortly in another email :).

 

Cheers
Terry MacDonald

Threatloop.com

 

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

 

On 27 March 2015 at 07:23, Jordan, Bret <[hidden email]> wrote:

I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

 

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.

 

 

 

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

Jason Keirstead
In reply to this post by Jordan, Bret

While I steadfastly support the idea of the JSON Message binding - I do feel that, if this specification is going to become formally ratified, we also need a JSON-Schema (http://json-schema.org/ / http://tools.ietf.org/html/draft-zyp-json-schema-04) to go along with it.. much like the MITRE XSD schema for the XML binding.

Schemas are vital to ensure that your code meets the specification as written.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for "Jordan, Bret" ---2015/03/26 05:25:33 PM---I am formally submitting the following document “The JSON"Jordan, Bret" ---2015/03/26 05:25:33 PM---I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.

From: "Jordan, Bret" <[hidden email]>
To: <[hidden email]>
Date: 2015/03/26 05:25 PM
Subject: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5





I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.

[attachment "TAXII_JSON_Message_Binding_Specification_v0.5.pdf" deleted by Jason Keirstead/CanEast/IBM]


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
[attachment "signature.asc" deleted by Jason Keirstead/CanEast/IBM]

Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

Aharon Chernin
In reply to this post by mdavidson

A vast majority of the TAXII servers we are connecting to today use libtaxii. I know there are a few that don't, but we can always negotiate back to XML for those systems if libtaxii supports XML/JSON negotiation.


Mark, your estimates are great :) The casual security user just wants their security things to connect and start talking. It's going to be tough to explain to the public why two systems, that both speak TAXII, can't talk to each other. It's not going to make for good TAXII PR to say the least. However, I feel more comfortable with the future prospects of JSON based on your library update timing estimates. Just the fact that libtaxii will EVENTUALLY support JSON is enough to reduce my worry.



Aharon Chernin
CTO
SOLTRA | An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647

From: Davidson II, Mark S <[hidden email]>
Sent: Friday, March 27, 2015 9:20 AM
To: Aharon Chernin; taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: RE: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5
 

From the MITRE side, there’s also java-taxii and django-taxii-services to consider.

 

For libtaxii and java-taxii, I don’t think the effort would be all that high. I’m terrible at estimating development timeframes, but I’d say maybe 20 person-hours for each library; possibly more for java-taxii since the JSON is generated from the XML schema whereas libtaxii’s is hand-crafted and more easily modified.

 

As for django-taxii-services, once libtaxii is done, it might be 2-4 lines of code to support JSON (no, that’s not a typo). At least for the initial support – I’m sure there’s other side effects that will only show up in implementation.

 

In terms of a timeline, all the coding could reasonably performed in the calendar time it takes to have a substantive discussion about the JSON spec and its contents (in branches, of course).

 

Aharon – if I may make an inference from your question – it seems that your perspective is that the community will not be fragmented once the MITRE tooling (libtaxii, etc) supports the JSON spec. Is that the case? I personally have a fear that non-MITRE tooling will not be updated as quickly and that would be a contributor to fragmentation.

 

As an aside, I am really interested in the opinions of the community. Is this a good direction? Please speak up or your voice will not be heard.

 

Thank you.

-Mark

 

From: Aharon Chernin [mailto:[hidden email]]
Sent: Friday, March 27, 2015 8:30 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In; Davidson II, Mark S
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

Mark, if the JSON spec is ratified, would Mitre add the capability to libTAXII? If so, what kind of time frame? Trying to get a feel for how long the community will be fragmented.

 

 

Aharon Chernin
CTO

SOLTRA | An FS-ISAC & DTCC Company

18301 Bermuda green Dr

Tampa, fl 33647

813.470.2173 | [hidden email]


From: Davidson II, Mark S <[hidden email]>
Sent: Friday, March 27, 2015 8:13 AM
To: [hidden email]
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

Well…. there’s a good reason you’re not sure what the “official” process is: We don’t have one! TAXII 1.0 and TAXII 1.1 were very much a “Mark and Charles think it’s good. It’s going in!” type of effort (how’s that for process?).

 

I’ll propose that we use this as a starting point: Please provide comments on the JSON Message Binding spec Bret has posted. +1/-1 works, or a full opinion if you have one (on any aspect of potentially adding a JSON Message Binding). For now, let’s consider this a straw poll and a discussion of ideas. (Comments on this approach welcome)

 

Thank you.

-Mark

 

From: Terry MacDonald [[hidden email]]
Sent: Friday, March 27, 2015 5:29 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

I'm not quite sure what the 'official' process is for seconding this addition, but in lieu of something like that...

 

I hereby support the inclusion of document “The JSON Message Binding Specification for TAXII 1.1” to be considered for formal adoption as an official TAXII specification.

 

I also support the creation of a formal standards submission and review process, to be documented shortly in another email :).

 

Cheers
Terry MacDonald

Threatloop.com

 

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

 

On 27 March 2015 at 07:23, Jordan, Bret <[hidden email]> wrote:

I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

 

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.

 

 

 

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

Wunder, John A.
I realize this is a TAXII discussion and not a STIX discussion, but to poke my STIX head in….what are the implications for transferring STIX XML inside TAXII JSON? Are there any challenges there?

From: Aharon Chernin
Reply-To: Aharon Chernin
Date: Friday, March 27, 2015 at 10:24 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

A vast majority of the TAXII servers we are connecting to today use libtaxii. I know there are a few that don't, but we can always negotiate back to XML for those systems if libtaxii supports XML/JSON negotiation.


Mark, your estimates are great :) The casual security user just wants their security things to connect and start talking. It's going to be tough to explain to the public why two systems, that both speak TAXII, can't talk to each other. It's not going to make for good TAXII PR to say the least. However, I feel more comfortable with the future prospects of JSON based on your library update timing estimates. Just the fact that libtaxii will EVENTUALLY support JSON is enough to reduce my worry.



Aharon Chernin
CTO
SOLTRA | An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647

From: Davidson II, Mark S <[hidden email]>
Sent: Friday, March 27, 2015 9:20 AM
To: Aharon Chernin; taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: RE: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5
 

From the MITRE side, there’s also java-taxii and django-taxii-services to consider.

 

For libtaxii and java-taxii, I don’t think the effort would be all that high. I’m terrible at estimating development timeframes, but I’d say maybe 20 person-hours for each library; possibly more for java-taxii since the JSON is generated from the XML schema whereas libtaxii’s is hand-crafted and more easily modified.

 

As for django-taxii-services, once libtaxii is done, it might be 2-4 lines of code to support JSON (no, that’s not a typo). At least for the initial support – I’m sure there’s other side effects that will only show up in implementation.

 

In terms of a timeline, all the coding could reasonably performed in the calendar time it takes to have a substantive discussion about the JSON spec and its contents (in branches, of course).

 

Aharon – if I may make an inference from your question – it seems that your perspective is that the community will not be fragmented once the MITRE tooling (libtaxii, etc) supports the JSON spec. Is that the case? I personally have a fear that non-MITRE tooling will not be updated as quickly and that would be a contributor to fragmentation.

 

As an aside, I am really interested in the opinions of the community. Is this a good direction? Please speak up or your voice will not be heard.

 

Thank you.

-Mark

 

From: Aharon Chernin [[hidden email]]
Sent: Friday, March 27, 2015 8:30 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In; Davidson II, Mark S
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

Mark, if the JSON spec is ratified, would Mitre add the capability to libTAXII? If so, what kind of time frame? Trying to get a feel for how long the community will be fragmented.

 

 

Aharon Chernin
CTO

SOLTRA | An FS-ISAC & DTCC Company

18301 Bermuda green Dr

Tampa, fl 33647

813.470.2173 | [hidden email]


From: Davidson II, Mark S <[hidden email]>
Sent: Friday, March 27, 2015 8:13 AM
To: [hidden email]
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

Well…. there’s a good reason you’re not sure what the “official” process is: We don’t have one! TAXII 1.0 and TAXII 1.1 were very much a “Mark and Charles think it’s good. It’s going in!” type of effort (how’s that for process?).

 

I’ll propose that we use this as a starting point: Please provide comments on the JSON Message Binding spec Bret has posted. +1/-1 works, or a full opinion if you have one (on any aspect of potentially adding a JSON Message Binding). For now, let’s consider this a straw poll and a discussion of ideas. (Comments on this approach welcome)

 

Thank you.

-Mark

 

From: Terry MacDonald [[hidden email]]
Sent: Friday, March 27, 2015 5:29 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

I'm not quite sure what the 'official' process is for seconding this addition, but in lieu of something like that...

 

I hereby support the inclusion of document “The JSON Message Binding Specification for TAXII 1.1” to be considered for formal adoption as an official TAXII specification.

 

I also support the creation of a formal standards submission and review process, to be documented shortly in another email :).

 

Cheers
Terry MacDonald

Threatloop.com

 

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

 

On 27 March 2015 at 07:23, Jordan, Bret <[hidden email]> wrote:

I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

 

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.

 

 

 

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

Jordan, Bret
In reply to this post by Jason Keirstead
Good point Jason.  I have been working with a developer at Intelworks, Joep’s company, and he is going to help me build full Schema’s for this JSON version.  So yes, we will have them.


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Mar 27, 2015, at 7:32 AM, Jason Keirstead <[hidden email]> wrote:

While I steadfastly support the idea of the JSON Message binding - I do feel that, if this specification is going to become formally ratified, we also need a JSON-Schema (http://json-schema.org/ / http://tools.ietf.org/html/draft-zyp-json-schema-04) to go along with it.. much like the MITRE XSD schema for the XML binding.

Schemas are vital to ensure that your code meets the specification as written.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


<graycol.gif>"Jordan, Bret" ---2015/03/26 05:25:33 PM---I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.

From: "Jordan, Bret" <[hidden email]>
To: <[hidden email]>
Date: 2015/03/26 05:25 PM
Subject: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5





I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.

[attachment "TAXII_JSON_Message_Binding_Specification_v0.5.pdf" deleted by Jason Keirstead/CanEast/IBM]


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
[attachment "signature.asc" deleted by Jason Keirstead/CanEast/IBM]



signature.asc (858 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

Jordan, Bret
In reply to this post by Wunder, John A.
There should be no issue, as the XML blob would end up in a JSON string which would then end up in some sort of variable / struct in your code. Once you figured out what type of mixed data you had, you would then parse it.  Basically the same as you would do today, since the current field can support “mixed” data.    




Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Mar 27, 2015, at 8:35 AM, Wunder, John A. <[hidden email]> wrote:

I realize this is a TAXII discussion and not a STIX discussion, but to poke my STIX head in….what are the implications for transferring STIX XML inside TAXII JSON? Are there any challenges there?

From: Aharon Chernin
Reply-To: Aharon Chernin
Date: Friday, March 27, 2015 at 10:24 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

A vast majority of the TAXII servers we are connecting to today use libtaxii. I know there are a few that don't, but we can always negotiate back to XML for those systems if libtaxii supports XML/JSON negotiation. 

Mark, your estimates are great :) The casual security user just wants their security things to connect and start talking. It's going to be tough to explain to the public why two systems, that both speak TAXII, can't talk to each other. It's not going to make for good TAXII PR to say the least. However, I feel more comfortable with the future prospects of JSON based on your library update timing estimates. Just the fact that libtaxii will EVENTUALLY support JSON is enough to reduce my worry.


Aharon Chernin
CTO
SOLTRA | An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647

From: Davidson II, Mark S <[hidden email]>
Sent: Friday, March 27, 2015 9:20 AM
To: Aharon Chernin; taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: RE: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5
 
From the MITRE side, there’s also java-taxii and django-taxii-services to consider.

 

For libtaxii and java-taxii, I don’t think the effort would be all that high. I’m terrible at estimating development timeframes, but I’d say maybe 20 person-hours for each library; possibly more for java-taxii since the JSON is generated from the XML schema whereas libtaxii’s is hand-crafted and more easily modified.

 

As for django-taxii-services, once libtaxii is done, it might be 2-4 lines of code to support JSON (no, that’s not a typo). At least for the initial support – I’m sure there’s other side effects that will only show up in implementation.

 

In terms of a timeline, all the coding could reasonably performed in the calendar time it takes to have a substantive discussion about the JSON spec and its contents (in branches, of course).

 

Aharon – if I may make an inference from your question – it seems that your perspective is that the community will not be fragmented once the MITRE tooling (libtaxii, etc) supports the JSON spec. Is that the case? I personally have a fear that non-MITRE tooling will not be updated as quickly and that would be a contributor to fragmentation.

 

As an aside, I am really interested in the opinions of the community. Is this a good direction? Please speak up or your voice will not be heard.

 

Thank you.
-Mark

 

From: Aharon Chernin [[hidden email]] 
Sent: Friday, March 27, 2015 8:30 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In; Davidson II, Mark S
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

Mark, if the JSON spec is ratified, would Mitre add the capability to libTAXII? If so, what kind of time frame? Trying to get a feel for how long the community will be fragmented.

 

 

Aharon Chernin
CTO
SOLTRA | An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647
813.470.2173 | [hidden email]

From: Davidson II, Mark S <[hidden email]>
Sent: Friday, March 27, 2015 8:13 AM
To: [hidden email]
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

Well…. there’s a good reason you’re not sure what the “official” process is: We don’t have one! TAXII 1.0 and TAXII 1.1 were very much a “Mark and Charles think it’s good. It’s going in!” type of effort (how’s that for process?). 

 

I’ll propose that we use this as a starting point: Please provide comments on the JSON Message Binding spec Bret has posted. +1/-1 works, or a full opinion if you have one (on any aspect of potentially adding a JSON Message Binding). For now, let’s consider this a straw poll and a discussion of ideas. (Comments on this approach welcome)

 

Thank you.
-Mark

 

From: Terry MacDonald [[hidden email]] 
Sent: Friday, March 27, 2015 5:29 AM
To: taxii-discussion-list Trusted Automated Exchange of Indicator In
Subject: Re: [TAXII] RFC and formal submission of JSON Message Binding Spec v0.5

 

I'm not quite sure what the 'official' process is for seconding this addition, but in lieu of something like that...

 

I hereby support the inclusion of document “The JSON Message Binding Specification for TAXII 1.1” to be considered for formal adoption as an official TAXII specification.

 

I also support the creation of a formal standards submission and review process, to be documented shortly in another email :).

 

Cheers
Terry MacDonald

 

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

 

On 27 March 2015 at 07:23, Jordan, Bret <[hidden email]> wrote:
I am formally submitting the following document “The JSON Message Binding Specification for TAXII 1.1” for comments and to be considered for formal adoption as an official TAXII specification.  

 

Please send any comments to me by Friday April 10th 2015. After the comment period is over and I have made any subsequent changes per community discussions, I would request that this document by added as an official TAXII specification at the end of April 2015.

 

 

 

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 


signature.asc (858 bytes) Download Attachment