Skip to content

WIP: Data Marking Implementation Considerations

Jump to bottom Edit New page
Bryan Worrell edited this page Feb 20, 2015 · 4 revisions

Introduction

In STIX, data markings are used to mark specific pieces of information with some information. In many cases that information is handling instructions, classifications, or terms of use but in reality the data markings structure can be used to mark the data with anything. For example, data markings could be used to indicate that the STIX document is part of an exercise and is not actual production data.

This wiki is intended to describe some of the considerations developers must make when designing a system which applies and evaluates STIX data markings.

XPath: Defining Scope

In its current form, the scope of markings is defined by the Controlled_Structure field which conveys said scope via an XPath selector. XPaths can be used to address particular parts of an XML document through the definition and evaluation of a location path against a context node found within the XML document.

Example - Marking an Entire Document

The Controlled_Structure used in this STIX_Header example uses //node() | //@* which means that the Marking applies to the entire document because the //node() | //@* selects every XML node in the document.

1    <stix:STIX_Header>
2        <stix:Handling>
3            <marking:Marking>
4                <marking:Controlled_Structure>//node() | //@*</marking:Controlled_Structure>
5                <marking:Marking_Structure xsi:type='simpleMarking:SimpleMarkingStructureType'>
6                    <simpleMarking:Statement>Copyright 2014, Acme Inc.</simpleMarking:Statement>
7                </marking:Marking_Structure>
8            </marking:Marking>
9         </stix:Handling>
10    </stix:STIX_Header>

Node Types

The XPath data model specification defines seven types of nodes which can be addressed via an XPath location path.

Examples

The following selector evaluation results should be expected when run against the XML document.

1   <Foo xmlns="http://example.com/foo">
2        <!-- This Foo instance is for demonstration purposes only! -->
3        <Bar id='Test' some="thing">Hi</Bar>
4        <Bar id='AnotherTest' encoding="utf-8"><![CDATA[TESTTEST]]></Bar>
5   </Foo>
XPath Selector # Nodes Returned Nodes
//node() 10
  • Element (1): Foo
  • Text: Whitespace before comment
  • Comment (2): "This Foo instance..."
  • Text: Whitespace before Barelement
  • Element (3): Bar
  • Text (3): The "Hi" within Bar
  • Text: Whitespace before second Bar
  • Element (4): The second Bar
  • Text (4): The cdata text within Bar
  • Text: Whitespace (newline) before closing </Foo>
//@*
//text()
//comment()
//namespace::node()
Add a custom footer
Add a custom sidebar
Clone this wiki locally