Add a filter of added_before

[jordan2175]

We should add a filter to allow historically discovery of information from a TAXII collection.

[allant0]

Not sure I agree as this starts to conflate with query like features and maybe this capability would be better served if query becomes an option. Most systems will be sync-ing periodically so they can look up historyt themselves. Secondly, they could just ask for added_after with a really old date and that would return all history that taxii server contains anyway.

[jordan2175]

There are several use cases that require this type of functionality, to more easily move through the data. Just picking a really old date does not really help you. For example, if you are pulling a TAXII server for the first time, where do you start? What if there are 100 Million or Billion records in the dataset? If you can ask for the most recent content, and the taxii server tells you the bookends that represent that data, then you can easily walk backwards or forwards from that point. But you need the inverse of the added_after which we already have in the spec.

[jordan2175]

This was discussed on the working call on 2018-01-23 and everyone supported adding this. No one objected to this. The following people were on the working call: Bret Jordan, Trey Darley, John-Mark Gurney, Sarah Kelley, Chris Ricard, Dave Lemire, Jason Keirstead, Nicholas Hayden, Richard Struse, Sunil Ravipati.

[allant0]

Repeating disagreement that this should be added. If its added an optional feature that not all servers have to implement then that is fine provided that its clear in capability exchange between server and client that they should not ask to use this feature if a server does not support.