A way to define extensions at a common place

[commander]

I have few questions about STIX Extension definitions.

1. While sharing STIX Content, can the extension definition objects be part of the STIX Bundle? If the Bundle is part of a collection which has other similar Bundles, can the Extension definition objects be part of every bundle object?
2. Can we specify a URL where a STIX Extension Definition object is available? Right now it looks like Extension definition objects should be part of the response or document which contains the STIX Objects containing extended properties(For example response to a GET Objects from a TAXII collection)

[rpiazza]

The idea behind an extension definition is that it be "available". One way to do this is to include it in the bundle. There is no restriction about including it in a bundle, even every bundle that includes the use of the extension, but that would be redundant. Another way is to make your trust group aware of the extension definition, which they would receive once and then keep it "locally". For extension definitions that would be used more broadly, it would make sense to make them available over the internet. One possible place is the OASIS common STIX object repository (https://github.com/oasis-open/cti-stix-common-objects). There is a document that discusses the extension policy, which was approved by the CTI TC recently, and is in its initial stage of implementation. It is available here (https://www.oasis-open.org/apps/org/workgroup/cti/download.php/69806/TC%20Extension%20Definition%20Policy.pdf), assuming you have access.

[ejratl]

The public URL for the Extension Definition Policy document is https://www.oasis-open.org/committees/document.php?document_id=69806&wg_abbrev=cti

@commander I am closing this issue based on the idea that Rich answered your questions. You can reopen if that is not accurate.