[2.1] add explanation of why SCO IDs have a predetermined namespace

[StephenOTT]

In draft in section 2.9 of master document it outlines that SCO should use uuidv5 and dictates some additional namespace usage. When reading this, the first question is "whyyyy??" Some details should be added or linked to another section that specifically explains why SCO has different requirements for the ID/identifier.

[jordan2175]

RFC 4122 defines the use of namespaces for UUIDv5 generation. The reason why we defined a namespace is to address the requirements of allowing UUIDv5 in STIX in the first place. That is, to enable deduplication and semantic equivalency. If everyone used their own name space you would never be able to generate the same ID, which is contrary to the design goal of allowing UUIDv5 in STIX. This debate goes all the way back to one of the first F2F meetings we had at the DC3 facility and has been discussed and debated numerous times since then. The final consensus that everyone in the TC felt they could live with is where we ended up.

[StephenOTT]

The UUID namespace provided for the SCOs is just some random value?

[rpiazza]

Yes, Bret just generated it, if I remember. I think it needs to be registered "somewhere".

[StephenOTT]

I would suggest that we add text to the SCOs usage then about the purpose of the standardize UUID v5:

something like:

STIX SCOs use a common UUID v5 namespace to support deduplication in the community of SCO producers and allow semantic equivalency comparisons.

[jordan2175]

We talked about this on 2019-11-12 working call and will add some text.

[jordan2175]

Text has been added.