You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This one is more of an ethical or philosophical problem. Say my server supports STIX 2.0 and STIX 2.1 content. I get some data that is in STIX 2.1 format. Then someone comes along and asks for content in STIX 2.0 format. What do I do with the fields, properties, objects, relationship types, vocab terms, etc that are not valid in STIX 2.0?
What happens in a STIX Grouping that has content that is in both STIX 2.0 and STIX 2.1. Meaning, what happens if it has indicators and notes and opinions. Do you send the indicator and not the note and options? Do you prune the notes and opinions from the grouping? What do you do with confidence fields?
The text was updated successfully, but these errors were encountered:
If the client asks for STIX 2.0, the server needs to send valid 2.0 or nothing at all (either an empty response or a 415 status message). It is up to the negotiated agreement between the server and the source of the data whether the source's STIX 2.1 data can be "modified/down-converted" to STIX 2.0 or not.
We can suggest what the default behavior should be (absent any agreements to the contrary), but I feel like mandating any behavior in the spec is an overreach.
I agree with @gtback - conversion across STIX versions is an application behavior. The best we could do, in terms of assisting conversion across STIX versions, is to publish an official guide and a library implementing the official guide.
After talking with @johnwunder I realized that the STIX specification actually prohibits down converting content. @MarkDavidson@gtback so it is not really a product issue, as it can not be done, without changing the ID and taking ownership of the content (which depending on the legal contracts, the product may not be able to do) and then trying to link it back to the original somehow.
So if a client asks for ID indicator-1234 in STIX 2.0 and the server has it in STIX 2.1 format, it can not deliver it without creating a new ID. But then it would not be a valid response to the client's request.
The relevant text from the STIX specification is here:
Every representation (each time the object version is serialized and shared) of a version of an object (identified by the object's id and modified properties) MUST always have the same set of properties and the same values for each property. In order to change the value of any property, or to add or remove properties, the modified property MUST be updated with the time of the change to indicate a new version.
This one is more of an ethical or philosophical problem. Say my server supports STIX 2.0 and STIX 2.1 content. I get some data that is in STIX 2.1 format. Then someone comes along and asks for content in STIX 2.0 format. What do I do with the fields, properties, objects, relationship types, vocab terms, etc that are not valid in STIX 2.0?
What happens in a STIX Grouping that has content that is in both STIX 2.0 and STIX 2.1. Meaning, what happens if it has indicators and notes and opinions. Do you send the indicator and not the note and options? Do you prune the notes and opinions from the grouping? What do you do with confidence fields?
The text was updated successfully, but these errors were encountered: