< Home | Return to Ballot listing

Ballot Details    TC Member Ballot View
Identifier Proposal

Should we use UUIDv4 as our default format for identifiers?

NOTE: The purpose of this ballot is to unify the TC and settle an issue that has been debated since the face-to-face (F2F) in January. This is a non-binding ballot that can be reversed at any time in the future by simple majority vote of the TC.

Elaboration:
============
At the January Face-to-Face (F2F) there was general consensus that all objects should have IDs and that the default form should be UUIDs. However, recently discussion has turned to using other formats or mechanisms to generate IDs. Please refer to the "Deterministic IDs - pas de deux" thread on the cti-stix mailing list for more detail on the debate.

To attempt to gain TC-wide consensus in the short term, Bret Jordan motioned for and John Wunder seconded the motion for this ballot to settle the issue of whether or not UUIDs should be used as identifiers instead of some alternative format or mechanism.

The STIX subcommittee has created some draft language, which can be found here in Section 4.5:

https://docs.google.com/document/d/1HJqhvzO35h62gQGPvghVRIAtQrZn3_J__0UcDAj-NXY/edit#heading=h.ko24ggw4eq0q

For those who do not have access to the Google Doc, you can request it from Bret Jordan. However, here is the detail from the section:

"An identifier uniquely identifies a STIX top-level object. Identifiers MUST follow the form [object-type]--[UUIDv4], where [object-type] is the exact value from the type field of the object being identified or referenced and [UUIDv4] is an RFC 4122 compliant Version 4 UUID. The uuid field MUST be generated according to the algorithm(s) defined in RFC 4122, Section 4.4 (Version 4 UUID)."

For example, an ID in STIX 2.0 JSON would look like this:

{
"type": "indicator",
"id" "indicator--e2e1a340-4415-4ba8-9671-f7343fbf0836",
...
}

 [ ]  Yes
 [ ]  No
 [ ]  Abstain
Opening:   Tuesday, 10 May 2016 @ 02:00 pm EDT
Closing:   Tuesday, 17 May 2016 @ 02:00 pm EDT
Group:   OASIS Cyber Threat Intelligence (CTI) TC
Ballot has closed.

Referenced Items
Name Type Date Action
Document
2016-05-17

Voting Details

Voting Summary

Options with highest number of votes are bold

Option # Votes % of Total
Yes 33 87%
No 5 13%
Abstain 1
Eligible members who have voted: 38 of 54 70%
Eligible members who have abstained: 1 of 54 2%
Eligible members who have not voted: 15 of 54 28%

Voting Details

Voter Company VoteReference Document and/or Comment
Dean Thompson
Australia and New Zealand Banking Group (A...
Yes
 
Alexander Foley
Bank of America
No
 
Bret Jordan
Blue Coat Systems, Inc.
Yes
 
Sarah Kelley
Center for Internet Security (CIS)
Yes
 
Ron Davidson
Check Point Software Technologies
--
 
Jyoti Verma
Cisco Systems
--
 
Joey Peloquin
Citrix Systems
Yes
 
Doug DePeppe
Cyber Threat Intelligence Network, Inc. (C...
--
 
Jane Ginn
Cyber Threat Intelligence Network, Inc. (C...
Yes
 
Marlon Taylor
DHS Office of Cybersecurity and Communicat...
Abstain
Richard Struse
DHS Office of Cybersecurity and Communicat...
Yes
 
David Eilken
Financial Services Information Sharing and...
Yes
 
Paul Patrick
FireEye, Inc.
No
Ryusuke Masuoka
Fujitsu Limited
Yes
 
Masato Terada
Hitachi, Ltd.
--
 
Ron Williams
IBM
--
 
Jason Keirstead
IBM
--
 
Elysa Jones
Individual
Yes
 
Terry MacDonald
Individual
Yes
 
Patrick Maroney
Integrated Networking Technologies, Inc.
No
Beth Pumo
Kaiser Permanente
--
 
Allan Thomson
LookingGlass
Yes
 
Sean Barnum
Mitre Corporation
No
Jonathan Baker
Mitre Corporation
Yes
 
John Wunder
Mitre Corporation
Yes
 
Ivan Kirillov
Mitre Corporation
Yes
 
Richard Piazza
Mitre Corporation
Yes
 
Takahiro Kakumaru
NEC Corporation
--
 
Andrew Storms
New Context Services, Inc.
--
 
Daniel Riedel
New Context Services, Inc.
Yes
 
John-Mark Gurney
New Context Services, Inc.
Yes
 
James Moler
New Context Services, Inc.
Yes
 
Igor Baikalov
Securonix
--
 
Jeff Beekman
Soltra
--
 
Daniel Dye
Soltra
--
 
Mark Clancy
Soltra
Yes
 
Aharon Chernin
Soltra
Yes
 
Ali Khan
Soltra
Yes
 
Chris Kiehl
Soltra
Yes
 
Trey Darley
Soltra
Yes
 
Michael Butt
Soltra
Yes
 
Natalie Suarez
Soltra
Yes
 
Raymond Keckler
Soltra
Yes
 
Mark Davidson
Soltra
Yes
 
Michael Pepin
Soltra
Yes
Ben Schmoker
ThreatConnect, Inc.
--
 
Brad Butts
U.S. Bank
--
 
Jeffrey Mates
US Department of Defense (DoD)
No
Gary Katz
US Department of Defense (DoD)
Yes
 
Laurie Thomson
United Kingdom Cabinet Office
--
 
Chris Taylor
United Kingdom Cabinet Office
Yes
 
Iain Brown
United Kingdom Cabinet Office
Yes
 
Robert Coderre
VeriSign
Yes
 
Kyle Maxwell
VeriSign
Yes