OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Adding some text to the deterministic ID description in section 2.9 of the STIX specification

Would it be that all fields are optional, but at least 1 field must have a value?   There are a few SCOs in 2.0 like this.

On Fri, Aug 16, 2019 at 4:32 PM -0400, "Allan Thomson" <athomson@lookingglasscyber.com> wrote:

Rich â I think we need an example because on the surface your suggestion makes sense but I want to understand the following.


What object has is worth conveying if *all* the properties are optional *and* *all* of them are empty. What exactly is that object conveying then? It sounds like an empty object with no actual content.


I question the definition of the object in the 1st place so I assume thereâs a specific example that helps show that your change is helping.


But my concern about adding the language you are suggesting is actually more on what object has this problem.


Allan Thomson

CTO (+1-408-331-6646)

LookingGlass Cyber Solutions


From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Piazza, Rich" <rpiazza@mitre.org>
Date: Friday, August 16, 2019 at 11:45 AM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Adding some text to the deterministic ID description in section 2.9 of the STIX specification


As MITRE was incorporating deterministic ids into cti-python-stix2 API, the implementer came across the issue that I mentioned on one of the working calls.  That is â what if the contributing properties are all optional, and none of them are present in the object?  What should the ID be? 


The most obvious answer (to me) is that a UUIDv4 should be used in these cases.  However, no text exists in the specification to clarify this.  Iâm suggesting the following be added to section 2.9 as the fourth bullet point of the paragraph which begins âSTIX Cyber-observable Objects SHOULD use UUIDv5ââ


  • If the contributing properties are all optional, and none are present on the SCO, then a UUIDv4 SHOULD be used.


Bret and I discussed this, and even though it is a new normative statement, we feel that it is not really a substantive change.


This will be discussed on the next working call.




Rich Piazza

The MITRE Corporation





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]