Re: [mile] [sacm] New draft for review and comment: draft-field-mile-rolie-00.txt
"Chandrashekhar B" <bchandra@secpod.com> Fri, 14 December 2012 08:10 UTC
Return-Path: <bchandra@secpod.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55F3521F8929; Fri, 14 Dec 2012 00:10:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_43=0.6]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m5yQ6Pf0kfMH; Fri, 14 Dec 2012 00:10:03 -0800 (PST)
Received: from cpanel23.interactivedns.com (cpanel23.interactivedns.com [184.173.122.2]) by ietfa.amsl.com (Postfix) with ESMTP id C73C221F88E7; Fri, 14 Dec 2012 00:10:02 -0800 (PST)
Received: from [182.72.99.242] (port=2837 helo=hpPC) by cpanel23.interactivedns.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80) (envelope-from <bchandra@secpod.com>) id 1TjQLH-0000Wl-9e; Fri, 14 Dec 2012 13:39:59 +0530
From: Chandrashekhar B <bchandra@secpod.com>
To: "'Field, John'" <johnp.field@emc.com>, 'Luis Nunez' <lnunez@c3isecurity.com>
References: <B7873C71FEFD6E41B5468506E231FB6E3636BA79@MX14A.corp.emc.com> <E3E9358F-E033-4635-A4BB-E19975625800@c3isecurity.com> <B7873C71FEFD6E41B5468506E231FB6E3A293EC9@MX14A.corp.emc.com>
In-Reply-To: <B7873C71FEFD6E41B5468506E231FB6E3A293EC9@MX14A.corp.emc.com>
Date: Fri, 14 Dec 2012 13:39:49 +0530
Organization: SecPod Technologies
Message-ID: <010201cdd9d2$658b4d00$30a1e700$@secpod.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIDkLRwduFPN/39ahIvZ01+DQBPpAF1d2SmAqBmgbiXiqSOwA==
Content-Language: en-us
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel23.interactivedns.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - secpod.com
X-Get-Message-Sender-Via: cpanel23.interactivedns.com: authenticated_id: bchandra@secpod.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: mile@ietf.org, sacm@ietf.org
Subject: Re: [mile] [sacm] New draft for review and comment: draft-field-mile-rolie-00.txt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: bchandra@secpod.com
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Dec 2012 08:10:04 -0000
Reopening an old thread... >The issues that would need to be resolved include making the authentication to the scaprepo seamless >(possible, at least in principal, using existing Web Single Sign On protocols) and dealing with differences in >interaction style...for example, I notice that scaprepo seems to prefer the use of POST for all operations >(including a read operation). As a general rule, it is best to support GET for read operations, and reserve POST >for write operations. But, this is a relatively minor issue at this point. The more important point is that by >using a REST approach such an integration would become possible, and that would be of benefit to users >dealing with indicators, incident response, and assessment and compliance, etc....we could tie it all together >quite nicely. We have now addressed these concerns in SCAP Repo's web service interface. The authentication and authorization rely on an HTTP Authorization header containing an optional authorization assertion. I say optional because that is to be used by subscribers. Also, all the interfaces are now HTTP GET based. The interface document is available here: https://www.scaprepo.com/SCAPRepoWebService and the client SDK can be downloaded from https://www.scaprepo.com Appreciate your feedback! Chandra. -----Original Message----- From: Luis Nunez [mailto:lnunez@c3isecurity.com] Sent: Thursday, September 06, 2012 11:36 AM To: Field, John Cc: sacm@ietf.org; mile@ietf.org Subject: Re: [sacm] New draft for review and comment: draft-field-mile-rolie-00.txt John, this definitely is of interest and could be related to past discussions around content repositories. I know of two publicly accessible (REST) repositories that could potential host this type of content. http://scaprepo.com/SCAPRepoWebService http://scapsync.com/api/ NIST is also working on a repository with webservices. It would be interesting to prototype a sample document and flesh out issues. -ln On Sep 6, 2012, at 11:10 AM, Field, John wrote: > All, > > Cross posting this announcement from MILE to SACM, as I think this may be of interest within the SCAP community as well. > > The new draft referenced below describes a RESTful HTTP binding for sharing incident, indicator, and other cyber security-related information. In particular, the draft includes a suggested approach to retrieving a related benchmark resource. > > I hope you'll find this draft to be of interest. > > Please post any questions or comments to the MILE list. > > Regards, > John > > // John P. Field > // Security Architect > // EMC Office of the CTO > > > > > > -----Original Message----- > From: Field, John > Sent: Thursday, September 06, 2012 10:53 AM > To: <mile@ietf.org> > Subject: New draft for review and comment: draft-field-mile-rolie-00.txt > > All, > > Please note that I have just posted a new draft for review and comment. As stated in the abstract, the draft describes a RESTful HTTP binding for sharing incident, indicator, and other cyber security-related information. I hope you'll find this document to be of interest, and I look forward to discussing any questions and/or comments that the group may have. > > Regards, > John > > // John P. Field > // Security Architect > // EMC Office of the CTO > > > -----Original Message----- > From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > Sent: Wednesday, September 05, 2012 9:59 PM > To: Field, John > Subject: New Version Notification for draft-field-mile-rolie-00.txt > > > A new version of I-D, draft-field-mile-rolie-00.txt > has been successfully submitted by John P. Field and posted to the > IETF repository. > > Filename: draft-field-mile-rolie > Revision: 00 > Title: Resource-Oriented Lightweight Indicator Exchange > Creation date: 2012-09-05 > WG ID: Individual Submission > Number of pages: 41 > URL: http://www.ietf.org/internet-drafts/draft-field-mile-rolie-00.txt > Status: http://datatracker.ietf.org/doc/draft-field-mile-rolie > Htmlized: http://tools.ietf.org/html/draft-field-mile-rolie-00 > > > Abstract: > This document defines a resource-oriented approach to cyber security > information sharing. Using this approach, a CSIRT or other > stakeholder may share and exchange representations of cyber security > incidents, indicators, and other related information as Web- > addressable resources. The transport protocol binding is specified > as HTTP(S) with a MIME media type of Atom+XML. An appropriate set of > link relation types specific to cyber security information sharing is > defined. The resource representations leverage the existing IODEF > [RFC5070] and RID [RFC6545] specifications as appropriate. > Coexistence with deployments that conform to existing specifications > including RID [RFC6545] and Transport of Real-time Inter-network > Defense (RID) Messages over HTTP/TLS [RFC6546] is supported via > appropriate use of HTTP status codes. > > > > > The IETF Secretariat > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm _______________________________________________ sacm mailing list sacm@ietf.org https://www.ietf.org/mailman/listinfo/sacm
- [mile] New draft for review and comment: draft-fi… Field, John
- Re: [mile] [sacm] New draft for review and commen… Luis Nunez
- Re: [mile] [sacm] New draft for review and commen… Field, John
- Re: [mile] [sacm] New draft for review and commen… Luis Nunez
- Re: [mile] [sacm] New draft for review and commen… Chandrashekhar B
- Re: [mile] [sacm] New draft for review and commen… Chandrashekhar B
- Re: [mile] [sacm] New draft for review and commen… Chandrashekhar B
- Re: [mile] [sacm] New draft for review and commen… Moriarty, Kathleen