Title Approve Object Markings (STIX 2.0-Core, Section 6.5) as Consensus
Description
Consensus status indicates that the TC generally agrees with the approach and the text as written. Editorial changes to the text may be made after text has been moved to consensus status, but any substantive changes after the ballot has passed require another ballot to accept those substantive changes.
 
Link to Text: https://docs.google.com/document/d/1HJqhvzO35h62gQGPvghVRIAtQrZn3_J__0UcDAj-NXY/edit#heading=h.f3dx2rhc3vl
Full Text:
 
6.5 Object-Level Markings
Data markings provide the ability for producers to convey to consumers how they may use and share the marked data that they receive. Object-level data markings define how markings are applied to TLOs.
 
Object-level markings are contained in the object_marking_refs field, which is an optional list of ID references (of type identifier) that resolve to objects of type marking-definition. The markings referenced by the object_marking_refs field and defined in the marking-definition object apply to that TLO and all of its fields. If a consumer cannot resolve all of the ID references contained in the object_marking_refs property the consumer MUST reject that TLO.
 
6.5.1. Precedence
Multiple marking definitions of the same type can appear in the object_marking_refs list. If this occurs, markings appearing later in the list MUST have precedence over those appearing earlier. For example, a TLP marking appearing at position 3 in the list has precedence over a TLP marking appearing at position 2, but not a copyright marking appearing at position 1. Different types of marking definitions will have different behaviors when multiple instances are applied; that behavior is defined in the marking definition type itself.
 
The marking definition extensions, which define how data is marked using a particular approach (e.g., TLP), define the behavior when one marking overrides another.
 
6.5.2. Interoperability
Producers MAY create object-level data markings. Producers MUST ensure that all markings they do create comply with the functional and data marking requirements defined in this document.
 
Consumers MUST be aware of object-level data markings contained in the object_marking_refs field. Consumers that are unable to comply with the object-level data markings rules defined in this section MUST reject all TLOs that contain the object_marking_refs field.
 
6.5.3. Examples
This example marks the indicator with the marking definition referenced by the ID.
{
  "type": "indicator",
  "id": "indicator--089a6ecb-cc15-43cc-9494-767639779235",
  ...
  "object_marking_refs": ["marking-definition--089a6ecb-cc15-43cc-9494-767639779123"],
  ...
}
Ballot Options Ballot has closed
[ ] Yes
[ ] No
[ ] Abstain
Opening Date Mon, Jun 27 2016 8:00 am EDT
Closing Date Mon, Jul 4 2016 8:00 am EDT
Ballot has closed.

Referenced Items

Name Type Date Actions

02947: Approve Object Markings (STIX 2.0-Core, Section 6.5) as Consensus

Document (Archive)

2016-07-04