Skip to content

TAXII 2.0 Open Questions

MarkDavidson edited this page Sep 1, 2015 · 4 revisions

There aren't any open questions yet. Please feel free to add your own!

Permissions (Multiple questions)

  1. Should TAXII specify something in regard to permissions?
  2. If so, what should the permission model look like?
  3. What would the granularity be? Server level, group level or channel level?

Architecture

  1. Will all TAXII clients also have to be TAXII servers?
  2. Will all TAXII servers be considered the same (i.e. endpoints are full TAXII servers) or is there a difference between TAXII endpoints and TAXII hubs?

Federation / Peering / etc

  1. How do TAXII Servers connect to each other and share data?
  2. What is the model? What are the rules?

Should we allow a group concept?

- Terry MacDonald

In many trust-groups today, threat intel is shared through mailing-list infrastructure. Within each trust group, there are often multiple subgroups dedicated to a particular type of threat intel, each with its own dedicated mailing list. People who are allowed into the trust group gain access to some or all of the groups mailinglists, and therefore the threat intel contained within them.

It strikes me that the channel concept at present is tied to a single TAXII server instance, and that there is no concept of a group. That is to say that a TAXII server just contains a list of channels that others can join, but with no hierarchy within that list. It's missing the concept of a 'group'.

I would like to see something like this:

CHANNELS --(part of)--> GROUPS --(distributed to)--> TAXII SERVERS

By having that level of indirection we then can build the ability for an organisation's TAXII Server to request access to a particular group, which if granted would then allow them to select which channels within that group they would like to subscribe to. It potentially makes administration easier for producers, as they are just authenticating the organizations TAXII Server. And if we mandate the idea that TAXII Servers are tied back to domain names then we can even use that as part of an authentication negotiation process built into TAXII (but thats another story)

Note: Groups have become a part of the working concept for TAXII 2.0

You can’t perform that action at this time.