[media-types] Notice for a potential media type registration: application/stix+json
Robin Cover <robin@oasis-open.org> Tue, 24 April 2018 00:28 UTC
Return-Path: <robin.cover@oasis-open.org>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 998CD12DB71 for <media-types@ietfa.amsl.com>; Mon, 23 Apr 2018 17:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oasis-open-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2UCAUTf5V2_G for <media-types@ietfa.amsl.com>; Mon, 23 Apr 2018 17:28:43 -0700 (PDT)
Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4655312DB6F for <media-types@ietf.org>; Mon, 23 Apr 2018 17:28:43 -0700 (PDT)
Received: by mail-oi0-x22c.google.com with SMTP id a6-v6so7011059oia.2 for <media-types@ietf.org>; Mon, 23 Apr 2018 17:28:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oasis-open-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=QvkFA2QhA0FzLIrLkToD3LZZd+0evYiG5XWVaKAP1Xo=; b=J5xBkTWZF9o5TsQtQEQMWKtNRUHfwvc1w9DqnbmRNOjqa7lxeZIYizf1zdDSmrNpoi yIj13dKueaSA3S6PxiFlK7fNvI10GjoDVkkwiTzFGzY6cpw7ZzTrZqDxLbyqdhd0uxpw IWh5JY7u9iEU6ZUOrb7+C8Hz4qNRZownG0jE6uTiJuUYPW+GpJJbV8AxM5F0J/iRZtD2 jfd8zveKIYU7F1KxN/IdGG96TaDjafto8m8nLfFlFwW/GzZj0a2GffiiKxBnmpWG+EAl Vt3UdbntnScB5aT6Lr3/9rAZ0zwdijppxpVo2kQLL6v0z6SIFroaGOAP7iEwwLEeoCvw Grww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=QvkFA2QhA0FzLIrLkToD3LZZd+0evYiG5XWVaKAP1Xo=; b=hKKr7087ELt9blNouq7waiI/LLhaYdBQkKWilSXlqONydY2DEfntLvSFM+uk0/DSJA BpnlH95+brG5CGzb/65ZJnjOloM5KcLzATG1xMnt40z36jGjS1pOl+CLAI4J9rLAERU9 woy9aLxLxcNV1E1gaFAeLE9Jwn+2Yl6gN35bXD/1NHokTWCQUbPzYAiVayS74hwNBE9D BezhO5dZ87/dVI8tO2J+TQ2mKJ6hJD4gvh7aOKQgISxVmpkMZe7CK/+cLKgZzhs2TNaz /yPBXvdIIi3IC0e3gYFFwQVWcSV97CSxf7kcOqpaIxi5xQPjgWnCRLdp1G5gb+OmnTB+ clDA==
X-Gm-Message-State: ALQs6tDxhfTmWDI2SM1eeujAeM3LP30EYwFhVdt62tvLe2I3H2aU0R+e 0Qk56oMSCciCJ13WCxxbyv9RJ/4ZEzvMDaMpc5OoED3EF5Y=
X-Google-Smtp-Source: AIpwx4+uvm+X7zrVFKYIDwEKJd2vARnptmub6CjGk9tBKmFGombeN9/V+Ntck+K+niFXn7cu5Wu+4+t6evR4yuBmSfU=
X-Received: by 2002:aca:698c:: with SMTP id e134-v6mr15123127oic.18.1524529722345; Mon, 23 Apr 2018 17:28:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:1343:0:0:0:0:0 with HTTP; Mon, 23 Apr 2018 17:28:41 -0700 (PDT)
From: Robin Cover <robin@oasis-open.org>
Date: Mon, 23 Apr 2018 19:28:41 -0500
Message-ID: <CADPQ6ggutMqUp_Y3X90nTDjQ5Pk8tA9tFDRSO6qmds8x0WNBGw@mail.gmail.com>
To: IANA Media Types Discussion List <media-types@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/aI--TDbP6iIARMTkoR41VOAg6Rs>
Subject: [media-types] Notice for a potential media type registration: application/stix+json
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 00:28:46 -0000
[Notice #2 of 2] Members of an OASIS Technical Committee wish to register two media types associated with the STIX and TAXII specifications. This email message to the IANA mailing list provides the notice for the second of these two identifiers, for potential media type registration in the standards tree. I am the designated administrative contact for OASIS where IANA registration requests are concerned, so following the Preliminary Community Review period, I will formally submit the registration requests to IANA. For these two candidate registrations, the technical lead is Bret Jordan (bret_jordan@symantec.com). He has provided the technical content and is tasked by the OASIS CTI TC to provide feedback or discussion on this list, if the need arises. - Robin Cover OASIS Director of Information Services IETF RFC6838 Section 5.6. Registration Template https://tools.ietf.org/html/rfc6838#section-5.6 Type name: application Subtype name: stix+json Required parameters: None Optional parameters: version. This parameter is used to designate the specification version of STIX that is being used during HTTP content negotiation. Example: "application/stix+json; version=2.1" Encoding considerations: binary. Encoding considerations are identical to those specified for the "application/json" media type. See [RFC8259]. Security considerations: Security considerations relating to the generation and consumption of STIX messages are similar to application/json and are discussed in Section 12 of [RFC8259]. Interoperability considerations: The STIX specification specifies the format of conforming messages and the interpretation thereof. In addition, the OASIS Cyber Threat Intelligence (CTI) Technical Committee has defined interoperability tests to ensure conforming products and solutions can exchange STIX documents. Published specification: STIX Version 2.0 Part 1: STIX Core Concepts, OASIS Committee Specification 01 http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html Cited in the "OASIS Standards" document: https://www.oasis-open.org/standards#oasiscommiteespecs, from https://www.oasis-open.org/standards#stix2.0 Applications that use this media type: Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI) such as Threat Actors, Campaigns, Intrusion Sets, Attack Patterns, Indicators of Compromise, etc. STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively. STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more. Fragment identifier considerations: None Additional information: Deprecated alias names for this type: None Magic number(s): In general, the same as for application/json [RFC8259]. File extension(s): None Macintosh File Type Code(s): In general, the same as for application/json [RFC8259]. Object Identifier(s): None Person & email address to contact for further information: Robin Cover (robin@oasis-open.org) Intended usage: COMMON Restrictions on usage: None Author: OASIS Cyber Threat Intelligence (CTI) Technical Committee URI reference: http://www.oasis-open.org/committees/cti/ Change controller: OASIS Provisional registration?: No Other information: 1) the "Published specification:" cited above was approved as Version 2.0 but is now under active revision 2) the revised STIX specification Version 2.1 will contain the complete text of the (finalized) IANA Media Type Registration in an Appendix 3) the technical content in the Version 2.1 revision for STIX does not materially change anything vis-a-vis STIX Version 2.0 as respects serialization, transport, or client-server interactions that depend upon media type and content negotiation 4) technical lead for this Preliminary Community Review Notice: Bret Jordan (bret_jordan@symantec.com) -- Robin Cover OASIS, Director of Information Services Staff bio: http://www.oasis-open.org/people/staff/robin-cover