[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] Re: [EXT] Re: [cti-taxii] TAXII Query / Search
Jason, Thatâs a good question. One which I can provide my response, but I believe requires a larger discussion, which is part of the reason why I believe we should get an MVP out now, rather than waiting. To Bretâs point, Iâd rather not
wait 6-12 months to get a release out. Currently we have ways to easily search for a STIX object. It does not allow for STIX querying or the complex use cases we have identified, but it does allow someone to easily retrieve an SDO. And that is a good thing. There should
be an easy way to perform a search, whether that is for an object or a relationship and it should be easy for a consumer to use that functionality to traverse the graph and easy for a producer to implement such functionality. Not every producer will have
a backend database (or the requirements) to allow for complex querying. I truthfully do not see the issue with allowing restful methods to easily traverse the graph and then later add in full query support where you could accomplish the same thing in addition
to much more powerful queries. People may disagree, and we can and should debate this as TAXII query is designed, but I personally do not believe that the full TAXII query support needs to follow the same pattern as is defined for retrieving an SDO or SRO.
Just my opinion, but hope it helps explain where my thoughts are. -Gary From: Bret Jordan <Bret_Jordan@symantec.com> This provides a solution that we can have now. At the current rate any more advanced solution is at least 6-12 more months away. Yes, we may need to do things differently in the future, but that is okay. We can
always deprecate features as needed. But I figured a more RESTful design would get us up and going sooner rather than later. By my count the following individuals support the proposal I have submitted: Myself Drew Nicholas Sean Gary The individuals that do not support it: Jason I am curious to hear what others have to say. Can everyone please chime in on this debate. Bret From: Jason Keirstead <Jason.Keirstead@ca.ibm.com> Gary - how would you propose in the future we can extend or expand this approach, without redoing it from scratch? Gary Jay Katz --- Re: [cti-taxii] Re: [EXT] Re: [cti-taxii] TAXII Query / Search ---
Jason, I believe you are correct, there are a number of complex use cases that this would not meet. For those that remember back to some of the early face-to-face meetings, I pushed for trying to find a solution that met all of these solutions
in the first release. I now believe that this needs to be taken in parts. There may be certain TAXII implementations that only need to and are able to support basic search and pivoting, while others will be built to perform complex querying such as what
you are suggesting. Having an ability to easily query relationships and pivot off of them which does not support the more complex use cases, does not mean that the capability needs to be rewritten or that those complex use cases are invalid. We just
need ways to do the simple things simply, while eventually put in place the ability to do the complex capabilities.
Currently we have no ability to query relationships or pivot. This is a blocker for anyone trying to provide the baseline capabilities to support the STIX model using TAXII. I would suggest we get the baseline capabilities in place
to allow releasing a minimal viable product in the near-term while continuing to work towards more advanced query capabilities in a future release. -Gary From:
<cti-taxii@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com> The problem with this approach of "getting something done in a a few days", is it is highly likely it will have to be re-done in the future because it isn't considering the
other use cases.
This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is
strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]