< Home | Return to Ballot listing

Ballot Details    TC Member Ballot View
Normative Text on Lengths Proposal

Should the STIX specification provide normative text (SHOULD or MUST statements) on the lengths supported by free form string fields, such as (but not limited to) description, title, and open vocab?

NOTE: The purpose of this ballot is to develop consensus for STIX on an issue that has been discussed on the list in the "Unicode, strings and STIX" thread. This is a non-binding ballot that can be reversed at any time in the future by simple majority vote of the TC.

Elaboration:
============

On May 31, John-Mark Gurney raised questions related to whether or not we were going to determine the specific length of fields in the STIX specification. His original post is here:

https://lists.oasis-open.org/archives/cti-stix/201605/msg00174.html

There was a vibrant debate for the next few days, and there seems to be general consensus that we should specify some normative text, even if it is SHOULD, for the length of fields. If the results of this ballot yield a YES vote, there will be additional questions to follow (such as whether lengths should be mandatory or advisory) but for now, please help us decide whether we should specify limits at all.

To consider the discussion in the entire thread, please use this link to the MarkMail archives of the cti-stix list:

http://markmail.org/search/?q=Unicode%2C+strings+and+STIX&q=list%3Aorg.oasis-open.lists.cti-stix

 [ ]  No, there should be no normative text describing length limits.
 [ ]  Yes, the spec should have normative text describing length limits for some fields.
Opening:   Monday, 13 June 2016 @ 12:00 pm EDT
Closing:   Monday, 20 June 2016 @ 12:00 pm EDT
Group:   OASIS Cyber Threat Intelligence (CTI) TC
Ballot has closed.

Referenced Items
Name Type Date Action
Document
2016-06-20

Voting Details

Voting Summary

Options with highest number of votes are bold

Option # Votes % of Total
No, there should be no normative text describing length limits. 19 61%
Yes, the spec should have normative text describing length limits for some fields. 12 39%
Eligible members who have voted: 31 of 59 53%
Eligible members who have abstained: 0 of 59 0%
Eligible members who have not voted: 28 of 59 47%

Voting Details

Voter Company VoteReference Document and/or Comment
Dean Thompson
Australia and New Zealand Banking Group (A...
No, there should be no normative text describin...
 
Alexander Foley
Bank of America
Yes, the spec should have normative text descri...
 
Bret Jordan
Blue Coat Systems, Inc.
Yes, the spec should have normative text descri...
 
Sarah Kelley
Center for Internet Security (CIS)
No, there should be no normative text describin...
 
Ron Davidson
Check Point Software Technologies
--
 
Jyoti Verma
Cisco Systems
--
 
Joey Peloquin
Citrix Systems
No, there should be no normative text describin...
 
Doug DePeppe
Cyber Threat Intelligence Network, Inc. (C...
--
 
Jane Ginn
Cyber Threat Intelligence Network, Inc. (C...
Yes, the spec should have normative text descri...
 
Richard Struse
DHS Office of Cybersecurity and Communicat...
--
 
Will Urbanski
Dell
Yes, the spec should have normative text descri...
 
David Eilken
Financial Services Information Sharing and...
--
 
Paul Patrick
FireEye, Inc.
No, there should be no normative text describin...
 
Ryusuke Masuoka
Fujitsu Limited
No, there should be no normative text describin...
 
Tomas Sander
Hewlett Packard Enterprise (HPE)
--
 
Masato Terada
Hitachi, Ltd.
--
 
Kazuo Noguchi
Hitachi, Ltd.
--
 
Jason Keirstead
IBM
No, there should be no normative text describin...
 
Ron Williams
IBM
Yes, the spec should have normative text descri...
Elysa Jones
Individual
--
 
Terry MacDonald
Individual
Yes, the spec should have normative text descri...
 
Patrick Maroney
Integrated Networking Technologies, Inc.
No, there should be no normative text describin...
Tim Casey
Intel Corporation
--
 
Beth Pumo
Kaiser Permanente
Yes, the spec should have normative text descri...
 
Allan Thomson
LookingGlass
Yes, the spec should have normative text descri...
Lee Vorthman
LookingGlass
Yes, the spec should have normative text descri...
Jonathan Baker
Mitre Corporation
No, there should be no normative text describin...
 
John Wunder
Mitre Corporation
No, there should be no normative text describin...
 
Sean Barnum
Mitre Corporation
No, there should be no normative text describin...
 
Richard Piazza
Mitre Corporation
No, there should be no normative text describin...
 
Ivan Kirillov
Mitre Corporation
No, there should be no normative text describin...
Takahiro Kakumaru
NEC Corporation
Yes, the spec should have normative text descri...
 
Andrew Storms
New Context Services, Inc.
--
 
John-Mark Gurney
New Context Services, Inc.
--
 
James Moler
New Context Services, Inc.
--
 
Daniel Riedel
New Context Services, Inc.
No, there should be no normative text describin...
 
Aharon Chernin
Soltra
--
 
Ali Khan
Soltra
--
 
Michael Pepin
Soltra
--
 
Jeff Beekman
Soltra
--
 
Chris Kiehl
Soltra
--
 
Michael Butt
Soltra
--
 
Daniel Dye
Soltra
--
 
Raymond Keckler
Soltra
--
 
Mark Clancy
Soltra
No, there should be no normative text describin...
 
Trey Darley
Soltra
No, there should be no normative text describin...
 
Mark Davidson
Soltra
No, there should be no normative text describin...
Greg Reaume
TELUS
--
 
Ben Schmoker
ThreatConnect, Inc.
--
 
Brad Butts
U.S. Bank
--
 
Gary Katz
US Department of Defense (DoD)
--
 
James Bohling
US Department of Defense (DoD)
Yes, the spec should have normative text descri...
 
Jeffrey Mates
US Department of Defense (DoD)
Yes, the spec should have normative text descri...
 
Mike McLellan
United Kingdom Cabinet Office
--
 
Chris Taylor
United Kingdom Cabinet Office
--
 
Laurie Thomson
United Kingdom Cabinet Office
No, there should be no normative text describin...
 
Iain Brown
United Kingdom Cabinet Office
No, there should be no normative text describin...
 
Kyle Maxwell
VeriSign
--
 
Robert Coderre
VeriSign
No, there should be no normative text describin...