athiasjerome
commented
8 years ago For reference: https://datatracker.ietf.org/doc/rfc7495/
Open sbarnum opened 8 years ago
athiasjerome
commented
8 years ago For reference: https://datatracker.ietf.org/doc/rfc7495/
packet-rat
commented
8 years ago @athiasjerome: It's not clear what the intended outcome/action was in sharing the reference link to "Enumeration Reference Format for the Incident Object Description Exchange Format (IODEF)" aka RFC 7495.
athiasjerome
commented
8 years ago My last email regarding this to the IETF SACM WG: In XORCISM I am managing the enumerations using what I call Vocabularies: Vocabulary has a relationship to Organisation(s) (Asset(s)) (Gives you the name space)
Vocabulary has versioning
Vocabulary supports various enumerations hierarchy
Vocabulary's enumeration could be deprecated (better than just deleting one item, and in case you don't want to increase the version)
Vocabularies have a mapping (when needed) allowing switching or direct retrieval of equivalents (v1/v2 or org1/org2, etc.)
So potentially I would suggest to look at XORCISM. (while the Vocabulary model is embedded, it makes me difficult to invest time to extract it)
athiasjerome
commented
8 years ago Note another approach as Triple tags: https://github.com/MISP/misp-taxonomies
athiasjerome
commented
8 years ago
Simplify model and implementation structures for using Controlled Vocabularies such that use of terms from the default vocabulary is as simple as possible while still supporting assertions of values from non-default controlled vocabularies and ad-hoc terms that are not from any controlled vocabulary.