Here is the list of items that were discussed on our last working call
----- SNIP TODO LIST -----
Reference to STIX and other content
Authentication/Authorization
Confidentiality and TLS
HTTP Basic security considerations
Unicode
Errors - descriptive text leaking info
Errors - return code for things you don't have access to (leak info about existence of something, implementation of something, vs. just not having access)
Reference HTTP/HTTPS security considerations (maybe need to mention URL traversals in general TAXII security considerations but not for this IANA media type section)
Here is the list of items that were discussed on our last working call