Message info
 
To:Martin, Robert A. From:Waltermire, David A. Subject:Re: [mile] Adoption of draft-trammell-mile-iodef-xmlreg-01 as a MILE WG item Date:Thu, 29 Mar 2012 02:48:17 -0400
 

I am also in favor of this draft.

I like the idea of addressing simple id formats in addition to XML formats. I see three data points that are relevant to references using simple ids.

1) The type of the id - A name that indicates the format of the identifier as a pointer into the registry for simple id formats. This could be a simple label (e.g. CVE, CVE-1) similar to the schema name in the RID IANA registery for XML schemas.

http://www.iana.org/assignments/rid/rid.xml#xml-schemas

In addition to the "id name", the registry could contain a reference to a RFC that describes the format(s) of each simple identifier type.

2) The id instance in the population - For example: CVE-2012-1907.

3) References to resources that present information about the issue related to the identifier. In the case of a CVE this could be a reference to a vulnerability database or other sources of information (e.g. content repositories, etc.)

An IODEF reference using this format could look like:

<reference>
<referenceName>cve-1#CVE-2012-1907</referenceName>
<url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1907</url>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1907</url>
<description>A pointer to CVE-2012-1907.</description>
</reference>

Thoughts?
Dave
________________________________________
From: mile-bounces@ietf.org [mile-bounces@ietf.org] On Behalf Of Martin, Robert A. [ramartin@mitre.org]
Sent: Wednesday, March 28, 2012 2:41 PM
To: kathleen.moriarty@emc.com
Cc: mile@ietf.org
Subject: Re: [mile] Adoption of draft-trammell-mile-iodef-xmlreg-01 as a MILE WG item

I agree that this topic should be adopted as a work item.

One thought I would offer is to consider whether we should be
restricting it to just registries of XML Namespaces and Schemas or
should we consider adding other formats/structures of relavent security
information within this work like simple id-based registries?

Regards,

Bob

On 3/28/12 8:25 AM, kathleen.moriarty@emc.com wrote:
> Hello,
>
> At the MILE WG meeting yesterday, there was consensus in the room to adopt draft-trammell-mile-iodef-xmlreg-01 as a working group item. I would like to confirm this consensus call on the list; if anyone has additional objections or comments about the adoption of this draft, please let them be known on the list by next Tuesday.
>
> http://tools.ietf.org/html/draft-trammell-mile-iodef-xmlreg-01
>
> Thank you!
> Kathleen
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile
>
_______________________________________________
mile mailing list
mile@ietf.org
https://www.ietf.org/mailman/listinfo/mile
_______________________________________________
mile mailing list
mile@ietf.org
https://www.ietf.org/mailman/listinfo/mile