idnits 2.17.1 draft-ietf-mile-rolie-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 14, 2017) is 2322 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 1578 -- Looks like a reference, but probably isn't: '2' on line 1581 -- Looks like a reference, but probably isn't: '3' on line 1584 -- Looks like a reference, but probably isn't: '4' on line 1587 ** Obsolete normative reference: RFC 7525 (Obsoleted by RFC 9325) == Outdated reference: A later version (-28) exists of draft-ietf-tls-tls13-21 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MILE Working Group J. Field 3 Internet-Draft Pivotal 4 Intended status: Standards Track S. Banghart 5 Expires: June 17, 2018 D. Waltermire 6 NIST 7 December 14, 2017 9 Resource-Oriented Lightweight Information Exchange 10 draft-ietf-mile-rolie-16 12 Abstract 14 This document defines a resource-oriented approach for security 15 automation information publication, discovery, and sharing. Using 16 this approach, producers may publish, share, and exchange 17 representations of software descriptors, security incidents, attack 18 indicators, software vulnerabilities, configuration checklists, and 19 other security automation information as web-addressable resources. 20 Furthermore, consumers and other stakeholders may access and search 21 this security information as needed, establishing a rapid and on- 22 demand information exchange network for restricted internal use or 23 public access repositories. This specification extends the Atom 24 Publishing Protocol and Atom Syndication Format to transport and 25 share security automation resource representations. 27 Contributing to this document 29 The source for this draft is being maintained on GitHub. Suggested 30 changes should be submitted as pull requests at 31 . Instructions are on that page 32 as well. Editorial changes can be managed in GitHub, but any 33 substantial issues need to be discussed on the MILE mailing list. 35 Status of This Memo 37 This Internet-Draft is submitted in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF). Note that other groups may also distribute 42 working documents as Internet-Drafts. The list of current Internet- 43 Drafts is at https://datatracker.ietf.org/drafts/current/. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 49 This Internet-Draft will expire on June 17, 2018. 51 Copyright Notice 53 Copyright (c) 2017 IETF Trust and the persons identified as the 54 document authors. All rights reserved. 56 This document is subject to BCP 78 and the IETF Trust's Legal 57 Provisions Relating to IETF Documents 58 (https://trustee.ietf.org/license-info) in effect on the date of 59 publication of this document. Please review these documents 60 carefully, as they describe your rights and restrictions with respect 61 to this document. Code Components extracted from this document must 62 include Simplified BSD License text as described in Section 4.e of 63 the Trust Legal Provisions and are provided without warranty as 64 described in the Simplified BSD License. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 69 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 3. XML-related Conventions . . . . . . . . . . . . . . . . . . . 4 71 3.1. XML Namespaces . . . . . . . . . . . . . . . . . . . . . 4 72 3.2. RELAX NG Compact Schema . . . . . . . . . . . . . . . . . 5 73 4. Background and Motivation . . . . . . . . . . . . . . . . . . 5 74 5. ROLIE Requirements for the Atom Publishing Protocol . . . . . 6 75 5.1. AtomPub Service Documents . . . . . . . . . . . . . . . . 7 76 5.1.1. Use of the "app:workspace" Element . . . . . . . . . 7 77 5.1.2. Use of the "app:collection" Element . . . . . . . . . 8 78 5.1.3. Service Document Discovery . . . . . . . . . . . . . 9 79 5.2. Category Documents . . . . . . . . . . . . . . . . . . . 9 80 5.3. Transport Layer Security . . . . . . . . . . . . . . . . 9 81 5.4. User Authentication and Authorization . . . . . . . . . . 10 82 5.5. / (forward slash) Resource URL . . . . . . . . . . . . . 10 83 5.6. HTTP methods . . . . . . . . . . . . . . . . . . . . . . 11 84 6. ROLIE Requirements for the Atom Syndication Format . . . . . 11 85 6.1. Use of the "atom:feed" element . . . . . . . . . . . . . 11 86 6.1.1. Use of the "atom:category" Element . . . . . . . . . 13 87 6.1.2. Use of the "atom:link" Element . . . . . . . . . . . 13 88 6.1.3. Use of the "atom:updated" Element . . . . . . . . . . 14 89 6.2. Use of the "atom:entry" Element . . . . . . . . . . . . 15 90 6.2.1. Use of the "atom:content" Element . . . . . . . . . . 15 91 6.2.2. Use of the "atom:link" Element . . . . . . . . . . . 16 92 6.2.3. Use of the "rolie:format" Element . . . . . . . . . . 16 93 6.2.4. Use of the rolie:property Element . . . . . . . . . . 18 94 6.2.5. Requirements for a Standalone Entry . . . . . . . . . 19 95 7. Available Extension Points Provided by ROLIE . . . . . . . . 19 96 7.1. The Category Extension Point . . . . . . . . . . . . . . 20 97 7.1.1. General Use of the "atom:category" Element . . . . . 20 98 7.1.2. Identification of Security Automation Information 99 Types . . . . . . . . . . . . . . . . . . . . . . . . 21 100 7.2. The "rolie:format" Extension Point . . . . . . . . . . . 22 101 7.3. The Link Relation Extension Point . . . . . . . . . . . . 22 102 7.4. The "rolie:property" Extension Point . . . . . . . . . . 23 103 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 104 8.1. XML Namespaces and Schema URNs . . . . . . . . . . . . . 24 105 8.2. ROLIE URN Sub-namespace . . . . . . . . . . . . . . . . . 24 106 8.3. ROLIE URN Parameters . . . . . . . . . . . . . . . . . . 25 107 8.4. ROLIE Security Resource Information Type Sub-Registry . . 26 108 9. Security Considerations . . . . . . . . . . . . . . . . . . . 27 109 10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29 110 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 111 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 112 12.1. Normative References . . . . . . . . . . . . . . . . . . 30 113 12.2. Informative References . . . . . . . . . . . . . . . . . 32 114 12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 34 115 Appendix A. Relax NG Compact Schema for ROLIE . . . . . . . . . 34 116 Appendix B. Examples of Use . . . . . . . . . . . . . . . . . . 35 117 B.1. Service Discovery . . . . . . . . . . . . . . . . . . . . 35 118 B.2. Feed Retrieval . . . . . . . . . . . . . . . . . . . . . 38 119 B.3. Entry Retrieval . . . . . . . . . . . . . . . . . . . . . 40 120 Appendix C. Change History . . . . . . . . . . . . . . . . . . . 41 121 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44 123 1. Introduction 125 This document defines a resource-oriented approach to security 126 automation information sharing that follows the Representational 127 State Transfer (REST) architectural style [REST]. In this approach, 128 computer security resources are maintained in web-accessible 129 repositories structured as Atom Syndication Format [RFC4287] Feeds. 130 Within a given Feed, which may be requested by the consumer, 131 representations of specific types of security automation information 132 are organized, categorized, and described. Furthermore, all 133 collections available to a given user are discoverable, allowing the 134 consumer to search all available content they are authorized to view, 135 and to locate and request the desired information resources. Through 136 use of granular authentication and access controls, only authorized 137 consumers may be permitted the ability to read or write to a given 138 Feed. 140 The goal of this approach is to increase the communication and 141 sharing of security information between providers and consumers that 142 can be used to automate security processes (e.g., incident reports, 143 vulnerability assessments, configuration checklists, and other 144 security automation information). Such sharing allows human 145 operators and computer systems to leverage this standardized 146 communication system to gather information that supports the 147 automation of security processes. 149 To support new types of security automation information being used as 150 time goes on, this specification defines a number of extension points 151 that can be used either privately or globally. These global 152 extensions are IANA registered by ROLIE extension specifications, and 153 provide enhanced interoperability for new use cases and domains. 154 Sections 5 and 6 of this document define the core requirements of all 155 implementations of this specification, and is resource representation 156 agnostic. An overview of the extension system is provided in 157 Section 7. Implementers seeking to provide support for specific 158 security automation information types should refer to the 159 specification for that domain described by the IANA registry found in 160 Section 8.4. 162 2. Terminology 164 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 165 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 166 "OPTIONAL" in this document are to be interpreted as described in BCP 167 14 [RFC2119] [RFC8174] when, and only when, they appear in all 168 capitals, as shown here. 170 The previous key words are used in this document to define the 171 requirements for implementations of this specification. As a result, 172 the key words in this document are not used for recommendations or 173 requirements for the use of ROLIE. 175 Definitions for some of the common computer security-related 176 terminology used in this document can be found in Section 2 of 177 [RFC7970]. 179 The following terms are unique to this specification: 181 Information Type A class of security automation information having 182 one or more associated data models. Often such security 183 automation information is used in the automation of a security 184 process. See Section 7.1.2 for more information. 186 3. XML-related Conventions 188 3.1. XML Namespaces 190 This specification uses XML Namespaces [W3C.REC-xml-names-20091208] 191 to uniquely identify XML element names. It uses the following 192 namespace prefix mappings for the indicated namespace URI: 194 "app" is used for the "http://www.w3.org/2007/app" namespace 195 defined in [RFC5023]. 197 "atom" is used for the "http://www.w3.org/2005/Atom" namespace 198 defined in [RFC4287]. 200 "rolie" is used for the "urn:ietf:params:xml:ns:rolie:1.0" 201 namespace defined in Section 8.1 of this specification. 203 3.2. RELAX NG Compact Schema 205 Some sections of this specification are illustrated with fragments of 206 a non-normative RELAX NG Compact schema [relax-NG]. The text of this 207 specification provides the definition of conformance. Schema for the 208 "http://www.w3.org/2007/app" and "http://www.w3.org/2005/Atom" 209 namespaces appear in RFC5023 appendix B [RFC5023] and RFC4287 210 appendix B [RFC4287] respectively. 212 A complete informative RELAX NG Compact Schema for the new elements 213 introduced by ROLIE is provided in Appendix A. 215 4. Background and Motivation 217 In order to automate security process, tools need access to 218 sufficient sources of structured security information that can be 219 used to drive security processes. Thus, security information sharing 220 is one of the core components of automating security processes. 221 Vulnerabilities, configurations, software identification, security 222 incidents, and patch data are just a few of the classes of 223 information that are shared today to enable effective security on a 224 wide scale. However, as the scale of defense broadens as networks 225 become larger and more complex, and the volume of information to 226 process makes humans-in-the-loop difficult to scale, the need for 227 automation and machine-to-machine communication becomes increasingly 228 critical. 230 ROLIE seeks to address this need by providing four major information 231 sharing benefits: 233 Extensible information type categories and format agnosticism: ROLIE 234 is not bound to any given data format or category of information. 235 Instead, information categories are extensible, and entries 236 declare the format of the referenced data. In cases where several 237 formats or serializations are available, ROLIE can use link 238 relations to communicate how a consumer can access these formats. 239 For example, clients may request that a given resource 240 representation be returned as XML, JSON, or in some other format 241 or serialization. This approach allows the provider to support 242 multiple isomorphic formats allowing the consumer to select the 243 most suitable version. 245 Open and distributed information sharing: Using the Atom Publishing 246 Protocol, ROLIE feeds can easily aggregate feeds and accept 247 information POSTed to them from other sources. Webs of 248 communicating ROLIE servers form ad-hoc sharing communities, 249 increasing data availability and the ability to correlate linked 250 data across sources for participating consumers. ROLIE servers 251 needn't be distributed however, as large ROLIE repositories can 252 function as a central or federated collections. 254 Stateless communication model: ROLIE, as a RESTful system, is 255 stateless. That is, the server doesn't keep track of client 256 sessions, but rather uses link relations for state transitions. 257 In practice, this means that any consumer can find and share 258 information at any organizational level and at any time without 259 needing to execute a long series of requests. 261 Information discovery and navigation: ROLIE provides a number of 262 mechanisms to allow clients to programmatically discover and 263 navigate collections of information in order to dynamically 264 discover new or revised content. Extensible information types and 265 other categories provide one way of determining content that is 266 desirable. Link elements, each with a target URI and an 267 established relationship type, provide a means for ROLIE providers 268 to link other information that is relevant to the current entry or 269 feed. 271 These benefits result in an information sharing protocol that is 272 lightweight, interactive, open, and most importantly, machine 273 readable. 275 The requirements in this specification are broken into two major 276 sections, extensions to the Atom Publishing Protocol (AtomPub) 277 [RFC5023], and extensions to the Atom Syndication Format [RFC4287]. 278 All normative requirements in AtomPub and Atom Syndication are 279 inherited from their respective specifications, and apply here unless 280 the requirement is explicitly overridden in this document. In this 281 way, this document may upgrade the requirement (e.g., make a SHOULD a 282 MUST), but will never downgrade a given requirement (e.g., make a 283 MUST a SHOULD). 285 5. ROLIE Requirements for the Atom Publishing Protocol 287 This section describes a number of restrictions of and extensions to 288 the Atom Publishing Protocol (AtomPub) [RFC5023] that define the use 289 of that protocol in the context of a ROLIE-based solution. The 290 normative requirements in this section are generally oriented towards 291 client and server implementations. An understanding of the Atom 292 Publishing Protocol specification [RFC5023] is helpful to understand 293 the requirements in this section. 295 5.1. AtomPub Service Documents 297 As described in RFC5023 section 8 [RFC5023], a Service Document is an 298 XML-based document format that allows a client to dynamically 299 discover the Collections provided by a publisher. A Service Document 300 consists of one or more app:workspace elements that may each contain 301 a number of app:collection elements. 303 The general structure of a service document is as follows (from 304 RFC5023 section 4.2 [RFC5023]): 306 Service 307 o- Workspace 308 | | 309 | o- Collection 310 | | | 311 | | o- URI, categories, media types 312 | | 313 | o- ... 314 | 315 o- Workspace 316 | | 317 | o- Collection 318 | | | 319 | | o- URI, categories, media types 320 | | 321 | o- ... 322 | 323 o- ... 325 Note that the IRIs in the original diagram have been replaced with 326 URIs. 328 5.1.1. Use of the "app:workspace" Element 330 In AtomPub, a Workspace, represented by the "app:workspace" element, 331 describes a group of one or more Collections. Building on the 332 AtomPub concept of a Workspace, in ROLIE a Workspace represents an 333 aggregation of Collections pertaining to security automation 334 information resources. This specification does not restrict the 335 number of Workspaces that may be in a Service Document or the 336 specific Collections to be provided within a given Workspace. 338 A ROLIE implementation can host Collections containing both public 339 and private information entries. It is suggested that 340 implementations segregate Collections into different app:workspace 341 elements by their client access requirements. With proper naming of 342 workspaces, this reduces the amount of trial and error a human user 343 would need to utilize to discover accessible Collections. 345 5.1.2. Use of the "app:collection" Element 347 In AtomPub, a Collection in a Service Document, represented by the 348 "app:collection" element, provides metadata that can be used to point 349 to a specific Atom Feed that contains information Entries that may be 350 of interest to a client. The association between a Collection and a 351 Feed is provided by the "href" attribute of the app:collection 352 element. Building on the AtomPub concept of a Collection, in ROLIE a 353 Collection represents a pointer to a group of security automation 354 information resources pertaining to a given type of security 355 automation information. Collections are represented as Atom Feeds as 356 per RFC 5023. Atom Feed specific requirements are defined in 357 Section 6.1. 359 ROLIE defines specialized data requirements for Collections, Feeds, 360 and Entries containing security automation related data. The 361 difference between a ROLIE and a non-ROLIE Collection defined in a 362 Service Document can be determined as follows: 364 ROLIE Collection: An app:collection is considered a ROLIE Collection 365 when it contains an app:categories element that contains only one 366 atom:category element with the "scheme" attribute value of 367 "urn:ietf:params:rolie:category:information-type". Further, this 368 category has an appropriate "term" attribute value as defined in 369 Section 7.1.1. This ensures that a given Collection corresponds 370 to a specific type of security automation information. 372 Non-ROLIE Collection: An app:collection is considered a non-ROLIE 373 Collection when it does not contain an atom:category element with 374 a "scheme" attribute value of 375 "urn:ietf:params:rolie:category:information-type". 377 By distinguishing between ROLIE and non-ROLIE Collections in this 378 way, implementations supporting ROLIE can host Collections pertaining 379 to security automation information alongside Collections of other 380 non-ROLIE information within the same AtomPub instance. 382 The following are additional requirements on the use of the 383 app:collection element for a ROLIE Collection: 385 o The child atom:category elements contained in the app:categories 386 element MUST be the same set of atom:category elements used in the 387 Atom Feed resource referenced by the app:collection "href" 388 attribute value. This ensures that the category metadata 389 associated with the Collection and the associated Feed is 390 discoverable in both of these resources. 392 o The app:categories element in an app:collection MAY include 393 additional atom:category elements using a scheme other than 394 "urn:ietf:params:rolie:category:information-type". This allows 395 other category metadata to be included. 397 5.1.3. Service Document Discovery 399 The Service Document serves as the "head" of a given ROLIE 400 repository: from the Service Document all other repository content 401 can be discovered. A client will need to determine the URL of this 402 Service Document to discover the Collections provided by the 403 repository. The client might determine the URL from a web page, 404 based on out-of-band communication, or through a "service" link 405 relation in a Feed or Entry document that the client has already 406 retrieved. The latter is a typical scenario if the client learns of 407 a specific feed or entry through an out-of-band mechanism, and wishes 408 to discover additional information provided by the repository. 410 This document does not provide a fully automated discovery mechanism. 411 A mechanism may be defined in the future that allows automated 412 clients to discover the URL to use to retrieve a ROLIE Service 413 Document representing the head of the ROLIE repository. 415 5.2. Category Documents 417 As described in RFC5023 section 7 [RFC5023], a Category Document is 418 an XML-based document format that allows a client to dynamically 419 discover the Categories used within AtomPub Service Documents, Atom 420 Syndication Feeds, and Entry documents provided by a publisher. A 421 Category Document consists of one app:categories element that 422 contains a number of inline atom:category elements, or a URI 423 referencing a Category Document. 425 5.3. Transport Layer Security 427 ROLIE is intended to be handled with TLS. TLS version 1.2 MUST be 428 supported. TLS 1.2 SHOULD be implemented according to all 429 recommendations and best practices present in [RFC7525]. 431 It is RECOMMENDED that the most recent published version of TLS is 432 supported. If this version is TLS 1.3 [I-D.ietf-tls-tls13] it is 433 suggested that 0-RTT (Zero Round Trip Time Resumption) is not used in 434 order to prevent replay attacks. Replay attacks on PUT, POST, or 435 DELETE requests can disrupt repository operation by modifying data 436 unexpectedly. 438 For example, an automated ROLIE repository that updates very 439 frequently may receive a PUT request against a given resource a few 440 times an hour (or more). An attacker may store an early PUT request, 441 and at the end of the resumption window replay the PUT request, 442 reverting the resource to an old version. Not only could an attacker 443 be doing this replay continuously to cause havoc on the server, but 444 the client is completely unaware of the attack taking place. 446 Given the potentially sensitive nature of data handled by ROLIE, all 447 appropriate precautions should be taken at the transport layer to 448 protect forward secrecy and user privacy. 450 The server MUST implement certificate-based client authentication. 451 This MAY be enabled on a workspace by workspace basis. 453 5.4. User Authentication and Authorization 455 Implementations MUST support user authentication. However, a given 456 implementation MAY allow user authentication to be disabled on a Feed 457 by Feed, or Workspace by Workspace basis. 459 It is recommended that servers participating in an information 460 sharing consortium and supporting interactive user logins by members 461 of the consortium support client authentication via a federated 462 identity scheme. 464 This document does not mandate the use of any specific user 465 authorization mechanisms. However, service implementers SHOULD 466 support appropriate authorization checking for all resource accesses, 467 including individual Atom Entries, Atom Feeds, and Atom Service 468 Documents. 470 5.5. / (forward slash) Resource URL 472 The "/" resource MAY be supported for compatibility with existing 473 deployments that are using Transport of Real-time Inter-network 474 Defense (RID) Messages over HTTP/TLS [RFC6546]. The following 475 requirements apply only to implementations supporting RFC 6546. 477 The following additional requirements only apply if a implementation 478 is supporting the "/" resource as described above: 480 o Consistent with RFC6546 errata, a client requesting a GET on the 481 "/" resource SHOULD receive an HTTP status code 405 Method Not 482 Allowed. 484 o An implementation MAY provide full support for [RFC6546] such that 485 a POST to the "/" resource containing a recognized RID message is 486 handled correctly as a RID request. Alternatively, a client 487 requesting a POST to "/" MAY receive an HTTP status code 307 488 Temporary Redirect. In this case, the location header in the HTTP 489 response will provide the URL of the appropriate RID endpoint, and 490 the client may repeat the POST method at the indicated location. 492 If RFC 6546 is unsupported, then a request for the "/" resource may 493 be handled as deemed appropriate by the server. 495 5.6. HTTP methods 497 Servers MAY accept request methods beyond those specified in this 498 document. 500 Clients MUST be capable of recognizing and processing any standard 501 HTTP status code, as defined in [RFC5023] Section 5. 503 6. ROLIE Requirements for the Atom Syndication Format 505 This section describes a number of restrictions of and extensions to 506 the Atom Syndication Format [RFC4287] that define valid use of the 507 format in the context of a ROLIE implementation. An understanding of 508 the Atom Syndication Format specification [RFC4287] is helpful to 509 understand the requirements in this section. 511 6.1. Use of the "atom:feed" element 513 As described in RFC4287 section 4.1.1 [RFC4287], an Atom Feed is an 514 XML-based document format that describes a list of related 515 information items. The list of Atom Feeds provided by a ROLIE 516 service are listed in the service's Service Document through one or 517 more app:collection elements. Each Feed document, represented using 518 the atom:feed element, contains a listing of zero or more Entries. 520 When applied to the problem domain of security automation information 521 sharing, an Atom Feed may be used to represent any meaningful 522 collection of security automation information resources. Each Entry 523 in an atom:feed represents an individual resource (e.g., a specific 524 checklist, a software vulnerability record). Additional Feeds can be 525 used to represent other collections of security automation resources. 527 As discussed in Section 5.1.2, ROLIE defines specialized data 528 requirements for Feeds containing security automation related data. 529 The difference between a ROLIE and a non-ROLIE Feed can be determined 530 as follows: 532 ROLIE Feed: For an atom:feed to be considered a ROLIE Feed, the 533 atom:feed MUST contain only one child atom:category element with 534 the "scheme" attribute value of 535 "urn:ietf:params:rolie:category:information-type". This category 536 MUST have an appropriate "term" attribute value as defined in 537 Section 7.1.1. This ensures that a given Feed corresponds to a 538 specific type of security automation information. 540 Non-ROLIE Feed: For an atom:feed to be considered a non-ROLIE Feed, 541 the atom:feed MUST NOT contain an atom:category element with a 542 "scheme" attribute value of 543 "urn:ietf:params:rolie:category:information-type". 545 By distinguishing between ROLIE and non-ROLIE Feeds in this way, 546 implementations supporting ROLIE can host Feeds pertaining to 547 security automation information alongside Feeds of other non-ROLIE 548 information within the same AtomPub instance. This is parallel to 549 the handling of collections ealier in this specification in 550 Section 5.1.2. 552 The following Atom Feed definition represents a stricter definition 553 of the atom:feed element defined in RFC 4287 when used as a ROLIE 554 Feed. Any element not specified here inherits its definition and 555 requirements from [RFC4287]. 557 atomFeed = 558 element atom:feed { 559 atomCommonAttributes, 560 (atomAuthor* 561 & atomCategory+ 562 & atomContributor* 563 & atomGenerator? 564 & atomIcon? 565 & atomId 566 & atomLink+ 567 & atomLogo? 568 & atomRights? 569 & atomSubtitle? 570 & atomTitle 571 & atomUpdated 572 & extensionElement*), 573 atomEntry* 574 } 576 The following subsections contain requirements for a ROLIE Feed. 578 6.1.1. Use of the "atom:category" Element 580 An atom:feed can contain one or more atom:category elements. In Atom 581 the naming scheme and the semantic meaning of the terms used to 582 identify an Atom category are application-defined. 584 The following are additional requirements on the use of the 585 atom:category element when used in a ROLIE Feed: 587 o All member Entries in the Feed MUST represent security automation 588 information records of the provided information type category. 590 o An atom:feed MAY include additional atom:category elements using a 591 scheme other than "urn:ietf:params:rolie:category:information- 592 type". This allows other category metadata to be included. 594 6.1.2. Use of the "atom:link" Element 596 Link relations defined by the atom:link element are used to represent 597 state transitions using a stateless approach. In Atom a type of link 598 relationship can be defined using the "rel" attribute. 600 A ROLIE atom:feed MUST contain one or more atom:link elements with 601 rel="service" and href attribute whose value is a URI that points to 602 an Atom Service Document associated with the atom:feed. If a client 603 accesses a Feed without first accessing the service's service 604 document, a link with the "service" relationship provides a means to 605 discover additional security automation information. The "service" 606 link relationship is defined in the IANA Link Relations Registry [1]. 608 An atom:feed can contain an arbitrary number of Entries. In some 609 cases, a complete Feed may consist of a large number of Entries. 610 Additionally, as new and updated Entries are ordered at the beginning 611 of a Feed, a client may only be interested in retrieving the first N 612 entries in a Feed to process only the Entries that have changed since 613 the last retrieval of the Feed. As a practical matter, a large set 614 of Entries will likely need to be divided into more manageable 615 portions, or pages. Based on RFC5005 section 3 [RFC5005], link 616 elements SHOULD be included in all Feeds to support paging using the 617 following link relation types: 619 o "first" - Indicates that the href attribute value of the link 620 identifies a resource URI for the furthest preceding page of the 621 Feed. 623 o "last" - Indicates that the href attribute value of the link 624 identifies a resource URI for the furthest following page of the 625 Feed. 627 o "previous" - Indicates that the href attribute value of the link 628 identifies a resource URI for the immediately preceding page of 629 the Feed. 631 o "next" - Indicates that the href attribute value of the link 632 identifies a resource URI for the immediately following page of 633 the Feed. 635 For example: 637 638 639 b7f65304-b63b-4246-88e2-c104049c5fd7 640 Paged Feed 641 642 643 644 645 646 2012-05-04T18:13:51.0Z 648 649 651 Example Paged Feed 653 A reference to a historical Feed may need to be stable, and/or a Feed 654 may need to be divided into a series of defined epochs. 655 Implementations SHOULD support the mechanisms described in RFC5005 656 section 4 [RFC5005] to provide link-based state transitions for 657 maintaining archiving of Feeds. 659 An atom:feed MAY include additional link relationships not specified 660 in this document. If a client encounters an unknown link 661 relationship type, the client MUST ignore the unrecognized link and 662 continue processing as if the unrecognized link element did not 663 appear. The definition of new Link relations that provide additional 664 state transition extensions is discussed in Section 7.3. 666 6.1.3. Use of the "atom:updated" Element 668 The atom:updated element identifies the date and time that a Feed was 669 last updated. 671 The atom:updated element MUST be populated with the current time at 672 the instant the Feed was last updated by adding, updating, or 673 deleting an Entry; or changing any metadata for the Feed. 675 6.2. Use of the "atom:entry" Element 677 Each Entry in an Atom Feed, represented by the atom:entry element, 678 describes a single referenced information record, along with 679 descriptive information about its format, media type, and other 680 publication metadata. The following atom:entry schema definition 681 represents a stricter representation of the atom:entry element 682 defined in [RFC4287] for use in a ROLIE-based Atom Feed as defined in 683 Section 6.1.1. 685 atomEntry = 686 element atom:entry { 687 atomCommonAttributes, 688 (atomAuthor* 689 & atomCategory* 690 & atomContent 691 & atomContributor* 692 & atomId 693 & atomLink* 694 & atomPublished? 695 & atomRights? 696 & atomSource? 697 & atomSummary? 698 & atomTitle 699 & atomUpdated 700 & rolieFormat? 701 & rolieProperty* 702 & extensionElement*) 703 } 705 The notable changes from [RFC4287] are the addition of rolieFormat 706 and rolieProperty elements. Also the atomContent element is 707 restricted to the atomOutOfLineContent formulation and is now 708 REQUIRED. 710 The following subsections contain requirements for Entries in a ROLIE 711 Feed. 713 6.2.1. Use of the "atom:content" Element 715 An atom:content element associates its containing Entry with a 716 content resource identified by the src attribute. 718 There MUST be exactly one atom:content element in the Entry. The 719 content element MUST adhere to this definition, which is a stricter 720 representation of the atom:content element defined in [RFC4287]: 722 atomContent = 723 element atom:content { 724 atomCommonAttributes, 725 attribute type { atomMediaType }, 726 attribute src { atomUri }, 727 empty 728 } 730 This restricts atomContent in ROLIE to the atomOutofLine formulation 731 presented in[RFC4287]. 733 The type attribute MUST identify the serialization type of the 734 content, for example, application/xml or application/json. A 735 prefixed media type MAY be used to reflect a specific model used with 736 a given serialization approach (e.g., application/rdf+xml). The src 737 attribute MUST be an URI that can be dereferenced to retrieve the 738 related content data. 740 6.2.2. Use of the "atom:link" Element 742 Link relations can be included in an atom:entry to represent state 743 transitions for the Entry. 745 If there is a need to provide the same information in different data 746 models and/or serialization formats, separate Entry instances can be 747 included in the same or a different Feed. Such an alternate content 748 representation can be indicated using an atom:link having a rel 749 attribute with the value "alternate". 751 An atom:feed MAY include additional link relationships not specified 752 in this document. If a client encounters an unknown link 753 relationship type, the client MUST ignore the unrecognized link and 754 continue processing as if the unrecognized link element did not 755 appear. The definition of new Link relations that provide additional 756 state transition extensions is discussed in Section 7.3. 758 6.2.3. Use of the "rolie:format" Element 760 As mentioned earlier, a key goal of this specification is to allow a 761 consumer to review a set of published security automation information 762 resources, and then identify and retrieve any resources of interest. 763 The format of the data is a key criteria to consider when deciding 764 what information to retrieve. For a given type of security 765 automation information, it is expected that a number of different 766 formats may be used to represent this information. To support this 767 use case, both the serialization format and the specific data model 768 expressed in that format must be known by the consumer. 770 In the Atom Syndication format, a media type can be defined using the 771 "type" attribute on the "atom:content" element of an atom:entry. The 772 media type can be fully descriptive of the format of the linked 773 document, such as "application/atom+xml". In some cases, however, a 774 format specific media type may not be defined. An example might be 775 when "application/xml" is used because there is no defined specific 776 media type for the content. In such a case the exact data model of 777 the content cannot be known without first retrieving the content. 779 In cases where a specific media type does not exist, the rolie:format 780 element is used to describe the data model used to express the 781 information referenced in the atom:content element. The rolie:format 782 element also allows a schema to be identified that can be used when 783 parsing the content to verify or better understand the structure of 784 the content. 786 When it appears, the "rolie:format" element MUST adhere to this 787 definition: 789 rolieFormat = 790 element rolie:format { 791 appCommonAttributes, 792 attribute ns { atomURI }, 793 attribute version { text } ?, 794 attribute schema-location { atomURI } ?, 795 attribute schema-type { atomMediaType } ?, 796 empty 797 } 799 The rolie:format element MUST provide a "ns" attribute that 800 identifies the data model of the resource referenced by the 801 atom:content element. For example, the namespace used may be an XML 802 namespace URI, or an identifier that represents a serialized JSON 803 model. The URI used for the "ns" attribute MUST be absolute. The 804 resource identified by the URI need not be resolvable. 806 The rolie:format element MAY provide a "version" attribute that 807 identifies the version of the format used for the related 808 atom:content. 810 The rolie:format element MAY provide a "schema-location" attribute 811 that is a URI that identifies a schema resource that can be used to 812 validate the related atom:content. 814 The rolie:format element MAY provide a "schema-type" attribute, which 815 is a media type (as described in [RFC2045] identifying the format of 816 the schema resource identified by the "schema-location" attribute. 818 The following nominal example shows how these attributes describe the 819 format of the content: 821 827 The previous element provides an indication that the content of the 828 given entry is using the IODEF v2 format. 830 6.2.4. Use of the rolie:property Element 832 An atom:category element provides a way to associate a name/value 833 pair of categorical information using the scheme and term attributes 834 to represent the name, and the label attribute to represent the 835 value. When used in this way an atom:category allows a specific 836 label to be selected from a finite set of possible label values that 837 can be used to further classify a given atom:entry or atom:feed. 838 Within ROLIE, there may be a need to associate additional metadata 839 with an atom:entry. In such a case, use of an atom:category is not 840 practical to represent name/value data for which the allowed values 841 are unbounded. Instead, ROLIE has introduced a new rolie:property 842 element that can represent non-categorical metadata as name/value 843 pairs. Examples include content-specific identifiers, naming data, 844 and other properties that allow for unbounded values. 846 There MAY be zero or more rolie:property elements in an atom:entry. 848 The element MUST adhere to this definition: 850 rolieProperty = 851 element rolie:property { 852 app:appCommonAttributes, 853 attribute name { atom:atomURI }, 854 attribute value { text } 855 empty 856 } 858 The name attribute provides a URI that identifies the namespace and 859 name of the property as a URI. 861 The value attribute is text that provides a value for the property 862 identified by the name attribute. 864 For example, the nominal element 866 would expose an IODEF ID value contained in a given entry's content. 867 The name used in the example also demonstrates the use of a 868 registered ROLIE property extension, which is described in 869 Section 7.4. 871 Implementations MAY use locally defined and namespaced elements in an 872 Entry in order to provide additional information. Clients that do 873 not recognize a property with an unregistered name attribute MUST 874 ignore the rolie:property, that is, the client MUST NOT fail parsing 875 content that contains an unrecognized property. 877 6.2.5. Requirements for a Standalone Entry 879 If an Entry is ever shared as a standalone resource, separate from 880 its containing Feed, then the following additional requirements 881 apply: 883 o The Entry MUST have an atom:link element with rel="collection" and 884 href="[URI of the containing Collection]". This allows the Feed 885 or Feeds for which the Entry is a member to be discovered, along 886 with the related information the Feed may contain. In the case of 887 the Entry have multiple containing Feeds, the Entry MUST have one 888 atom:link for each related Feed. 890 o The Entry MUST declare the information type of the content 891 resource referenced by the Entry (see Section 7.1.2). 893 7. Available Extension Points Provided by ROLIE 895 This specification does not require particular information types or 896 data formats; rather, ROLIE is intended to be extended by additional 897 specifications that define the use of new categories and link 898 relations. The primary point of extension is through the definition 899 of new information type category terms. Additional specifications 900 can register new information type category terms with IANA that serve 901 as the main characterizing feature of a ROLIE Collection/Feed or 902 Resource/Entry. These additional specifications defining new 903 information type terms, can describe additional requirements for 904 including specific categories, link relations, as well as, use of 905 specific data formats supporting a given information type term. 907 7.1. The Category Extension Point 909 The atom:category element, defined in RFC 4287 section 4.2.2 910 [RFC4287], provides a mechanism to provide additional categorization 911 information for a content resource in ROLIE. The ability to define 912 new categories is one of the core extension points provided by Atom. 913 A Category Document, defined in RFC 5023 section 7 [RFC5023], 914 provides a mechanism for an Atom implementation to make discoverable 915 the atom:category terms and associated allowed values. 917 ROLIE further defines the use of the existing Atom extension category 918 mechanism by allowing ROLIE specific category extensions to be 919 registered with IANA, and additionally has assigned the 920 "urn:ietf:params:rolie:category:information-type" category scheme 921 that has special meaning for implementations of ROLIE. This allows 922 category scheme namespaces to be managed in a more consistent way, 923 allowing for greater interoperability between content producers and 924 consumers. 926 Any category whose "scheme" attribute uses an unregistered scheme 927 MUST be considered private use. Implementations encountering such a 928 category MUST parse the content without error, but MAY otherwise 929 ignore the element. 931 Use of the "atom:category" element is discussed in the following 932 subsections. 934 7.1.1. General Use of the "atom:category" Element 936 The atom:category element can be used for characterizing a ROLIE 937 Resource. As discussed earlier in this document, an atom:category 938 element has a "term" attribute that indicates the assigned category 939 value, and a "scheme" attribute that provides an identifier for the 940 category type. The "scheme" provides a means to describe how a set 941 of category terms should be used and provides a namespace that can be 942 used to differentiate terms provided by multiple organizations with 943 different semantic meaning. 945 To further differentiate category types used in ROLIE, an IANA sub- 946 registry has been established for ROLIE protocol parameters to 947 support the registration of new category "scheme" attribute values by 948 ROLIE extension specifications. Use of this extension point is 949 discussed in Section 8.3 using the name field with a type parameter 950 of "category" to indicate a category extension. 952 7.1.2. Identification of Security Automation Information Types 954 A ROLIE specific extension point is provided through the 955 atom:category "scheme" value 956 "urn:ietf:params:rolie:category:information-type". This value is a 957 Uniform Resource Name (URN) [RFC8141] that is registered with IANA as 958 described in Section 8.3. When used as the "scheme" attribute in 959 this way, the "term" attribute is expected to be a registered value 960 as defined in Section 8.4. Through this mechanism a given security 961 automation information type can be used to: 963 1. identify that an "app:collection" element in a Service Document 964 points to an Atom Feed that contains Entries pertaining to a 965 specific type of security automation information (see 966 Section 5.1.2), or 968 2. identify that an "atom:feed" element in an Atom Feed contains 969 Entries pertaining to a specific type of security automation 970 information (see Section 6.1.1). 972 3. identify the information type of a standalone Resource (see 973 Section 6.2.5). 975 For example, the notional security automation information type 976 "incident" would be identified as follows: 978 982 A security automation information type represents a class of 983 information that represents the same or similar information model 984 [RFC3444]. Note that this document does not register any information 985 types, but offers the following as examples of potential information 986 types: 988 indicator: Computing device- or network-related "observable features 989 and phenomenon that aid in the forensic or proactive detection of 990 malicious activity; and associated meta-data" (from [RFC7970]). 992 incident: Information pertaining to and "derived analysis from 993 security incidents" (from [RFC7970]). 995 vulnerability reports: Information identifying and describing a 996 vulnerability in hardware or software. 998 configuration checklists: Content that can be used to assess the 999 configuration settings related to installed software. 1001 software tags: Metadata used to identify and characterize 1002 installable software. 1004 This is a short list to inspire new engineering of information type 1005 extensions that support the automation of security processes. 1007 This document does not specify any information types. Instead, 1008 information types in ROLIE are expected to be registered in extension 1009 documents that describe one or more new information types. This 1010 allows the information types used by ROLIE implementations to grow 1011 over time to support new security automation use cases. These 1012 extension documents may also enhance ROLIE Service, Category, Feed, 1013 and Entry documents by defining link relations, other categories, and 1014 Format data model extensions to address the representational needs of 1015 these specific information types. New information types are added to 1016 ROLIE through registrations to the IANA ROLIE Security Resource 1017 Information Type registry defined in Section 8.4. 1019 7.2. The "rolie:format" Extension Point 1021 Security automation data pertaining to a given information type may 1022 be expressed using a number of supported formats. As described in 1023 Section 6.2.3, the rolie:format element is used to describe the 1024 specific data model used to represent the resource referenced by a 1025 given "atom:entry". The structure provided by the rolie:format 1026 element, provides a mechanism for extension within the atom:entry 1027 model. ROLIE extensions MAY further restrict which data models are 1028 allowed to be used for a given information type. 1030 By declaring the data model used for a given Resource, a consumer can 1031 choose to download or ignore the Resource, or look for alternate 1032 formats. This saves the consumer from downloading and parsing 1033 resources that the consumer is not interested in or resources 1034 expressed in formats that are not supported by the consumer. 1036 7.3. The Link Relation Extension Point 1038 This document uses several link relations defined in the IANA Link 1039 Relation Types registry [2]. Additional link relations can be 1040 registered in this registry to allow new relationships to be 1041 represented in ROLIE according to RFC 4287 section 4.2.7.2 [RFC4287]. 1042 Based on the preceding reference, if the link relation is too 1043 specific or limited in the intended use, an absolute URI can be used 1044 in lieu of registering a new simple name with IANA. 1046 7.4. The "rolie:property" Extension Point 1048 As discussed previously in Section 6.2.4, many formats contain unique 1049 identifying and characterizing properties that are vital for sharing 1050 information. In order to provide a global reference for these 1051 properties, this document establishes an IANA registry in Section 8.3 1052 that allows ROLIE extensions to register named properties using the 1053 name field with a type parameter of "property" to indicate a property 1054 extension. Implementations SHOULD prefer the use of registered 1055 properties over implementation specific properties when possible. 1057 ROLIE extensions are expected to register new and use existing 1058 properties to provide valuable identifying and characterizing 1059 information for a given information type and/or format. 1061 The namespace "urn:ietf:params:rolie:property:local" has been 1062 reserved in the IANA ROLIE Parameters table for private use as 1063 defined in [RFC8126]. Any property whose "name" attribute uses this 1064 as a prefix MUST be considered private use. Implementations 1065 encountering such a property MUST parse the content without error, 1066 but MAY otherwise ignore the element. 1068 This document also registers a number of general use properties that 1069 can be used to expose content information in any ROLIE use case. The 1070 following are descriptions of how to use these registered properties: 1072 urn:ietf:params:rolie:property:content-author-name The "value" 1073 attribute of this property is a text representation indicating the 1074 individual or organization that authored the content referenced by 1075 the "src" attribute of the entry's atom:content element. This 1076 author may differ from the atom:author when the author of the 1077 content and the entry are different people or entities. 1079 urn:ietf:params:rolie:property:content-id The "value" attribute of 1080 this property is a text representation of an identifier pertaining 1081 to or extracted from the content referenced by the "src" attribute 1082 of the entry's atom:content element. For example, if the 1083 atom:entry's atom:content element links to an IODEF document, the 1084 "content-id" value would be an identifier of that IODEF document. 1086 urn:ietf:params:rolie:property:content-published-date The "value" 1087 attribute of this property is a text representation indicating the 1088 original publication date of the content referenced by the "src" 1089 attribute of the entry's atom:content element. This date may 1090 differ from the published date of the ROLIE Entry because 1091 publication of the content and the ROLIE Entry represent different 1092 events. The date MUST be formatted as specified in [RFC3339]. 1094 urn:ietf:params:rolie:property:content-updated-date The "value" 1095 attribute of this property is a text representation indicating the 1096 date that the content, referenced by the "src" attribute of the 1097 entry's atom:content element, was last updated. This date may 1098 differ from the updated date of the ROLIE Entry because updates 1099 made to the content and to the ROLIE Entry are different events. 1100 The date MUST be formatted as specified in [RFC3339]. 1102 8. IANA Considerations 1104 This document has a number of IANA considerations described in the 1105 following subsections. 1107 8.1. XML Namespaces and Schema URNs 1109 This document uses URNs to describe XML namespaces and XML schemas 1110 conforming to a registry mechanism described in [RFC3688]. 1112 ROLIE XML Namespace The ROLIE namespace (rolie-1.0) has been 1113 registered in the "ns" registry. 1115 URI: urn:ietf:params:xml:ns:rolie-1.0 1117 Registrant Contact: IESG 1119 XML: None. Namespace URIs do not represent an XML specification. 1121 ROLIE XML Schema The ROLIE schema (rolie-1.0) has been registered in 1122 the "schema" registry. 1124 URI: urn:ietf:params:xml:schema:rolie-1.0 1126 Registrant Contact: IESG 1128 XML: See Appendix A of this document. 1130 8.2. ROLIE URN Sub-namespace 1132 IANA has added an entry to the "IETF URN Sub-namespace for Registered 1133 Protocol Parameter Identifiers" registry located at 1134 as per 1135 RFC3553 [RFC3553]. 1137 The entry is as follows: 1139 Registry name: rolie 1141 Specification: This document 1142 Repository: ROLIE URN Parameters. See Section 8.3 [TO BE REMOVED: 1143 This registration should take place at the following location: 1144 https://www.iana.org/assignments/rolie] 1146 Index value: See Section 8.3 1148 8.3. ROLIE URN Parameters 1150 A new top-level registry has been created, entitled "Resource 1151 Oriented Lightweight Information Exchange (ROLIE) URN Parameters". 1152 [TO BE REMOVED: This registration should take place at the following 1153 location: https://www.iana.org/assignments/rolie] 1155 Registration in the ROLIE URN Parameters registry is via the 1156 Specification Required policy [RFC8126]. Registration requests must 1157 be sent to both the MILE WG mailing list (mile@ietf.org) and IANA. 1158 IANA will forward registration requests to the Designated Expert. 1160 Each entry in this sub-registry must record the following fields: 1162 Name: A URN segment that adheres to the pattern {type}:{label}. 1163 The keywords are defined as follows: 1165 {type}: The parameter type. The allowed values are "category" 1166 or "property". "category" denotes a category extension as 1167 discussed in Section 7.1. "property" denotes a property 1168 extension as discussed in Section 7.4. 1170 {label}: A required US-ASCII string that conforms to the URN 1171 syntax requirements (see [RFC8141]). This string must be 1172 unique within the namespace defined by the {type} keyword. The 1173 "local" label for both the "category" and "property" types has 1174 been reserved for private use. 1176 Extension URI: The identifier to use within ROLIE, which is the 1177 full URN using the form: urn:ietf:params:rolie:{name}, where 1178 {name} is the "name" field of this registration. 1180 Reference: A static link to the specification and section that the 1181 definition of the parameter can be found. 1183 Sub-registry: An optional field that links to an IANA sub-registry 1184 for this parameter. If the {type} is "category", the sub-registry 1185 must contain a "name" field whose registered values MUST be US- 1186 ASCII. The list of names are the allowed values of the "term" 1187 attribute in the atom:category element. (See Section 7.1.2). 1189 This repository has the following initial values: 1191 +------------+--------------------+-------+-------------------------+ 1192 | Name | Extension URI | Refer | Sub-Registry | 1193 | | | ence | | 1194 +------------+--------------------+-------+-------------------------+ 1195 | category:i | urn:ietf:params:ro | This | [TO BE REMOVED: This | 1196 | nformation | lie:category | docum | registration should | 1197 | -type | :information-type | ent, | take place at the | 1198 | | | Secti | following location: htt | 1199 | | | on | ps://www.iana.org/assig | 1200 | | | 8.4 | nments/rolie/category | 1201 | | | | /information-type] | 1202 | property | urn:ietf:params:ro | This | None | 1203 | :content- | lie:property | docum | | 1204 | author- | :content-author- | ent, | | 1205 | name | name | Secti | | 1206 | | | on | | 1207 | | | 7.4 | | 1208 | property | urn:ietf:params:ro | This | None | 1209 | :content- | lie:property | docum | | 1210 | id | :content-id | ent, | | 1211 | | | Secti | | 1212 | | | on | | 1213 | | | 7.4 | | 1214 | property | urn:ietf:params:ro | This | None | 1215 | :content- | lie:property | docum | | 1216 | published- | :content- | ent, | | 1217 | date | published-date | Secti | | 1218 | | | on | | 1219 | | | 7.4 | | 1220 | property | urn:ietf:params:ro | This | None | 1221 | :content- | lie:property | docum | | 1222 | updated- | :content-updated- | ent, | | 1223 | date | date | Secti | | 1224 | | | on | | 1225 | | | 7.4 | | 1226 +------------+--------------------+-------+-------------------------+ 1228 8.4. ROLIE Security Resource Information Type Sub-Registry 1230 A new sub-registry has been created to store ROLIE information type 1231 values. 1233 Name of Registry: "ROLIE Information Types" 1235 Location of Registry: 1236 https://www.iana.org/assignments/rolie/category/information-type 1238 Fields to record in the registry: 1240 name: The full name of the security resource information type 1241 as a string from the printable ASCII character set [RFC0020] 1242 with individual embedded spaces allowed. This value must be 1243 unique in the context of this table. The ABNF [RFC5234] syntax 1244 for this field is: 1246 1*VCHAR *(SP 1*VCHAR) 1248 index: This is an IANA-assigned positive integer that 1249 identifies the registration. The first entry added to this 1250 registry uses the value 1, and this value is incremented for 1251 each subsequent entry added to the registry. 1253 reference: A list of one or more URIs [RFC3986] from which the 1254 registered specification can be obtained. The registered 1255 specification MUST be readily and publicly available from that 1256 URI. The URI SHOULD be a stable reference. 1258 Allocation Policy: Specification required as per [RFC8126] 1260 9. Security Considerations 1262 This document defines a resource-oriented approach for lightweight 1263 information exchange using HTTP over TLS, the Atom Syndication 1264 Format, and the Atom Publishing Protocol. As such, implementers must 1265 understand the security considerations described in those 1266 specifications. All that follows is guidance, more specific 1267 instruction is out of scope for this document. 1269 To protect the confidentiality of a given resource provided by a 1270 ROLIE implementation, requests for retrieval of the resource need to 1271 be authenticated to prevent unauthorized users from accessing the 1272 resource (see Section 5.4). It can also be useful to log and audit 1273 access to sensitive resources to verify that proper access controls 1274 remain in place over time. 1276 Access control to information published using ROLIE should use 1277 mechanisms that are appropriate to the sensitivity of the 1278 information. Primitive authentication mechanisms like HTTP Basic 1279 Authentication [RFC7617] are rarely appropriate for sensitive 1280 information. A number of authentication schemes are defined in the 1281 HTTP Authentication Schemes Registry [3]. Of these, HOBA [RFC7486] 1282 and SCRAM-SHA-256 [RFC7804] provide improved security properties over 1283 HTTP Basic [RFC7617]and Digest [RFC7616] Authentication Schemes. 1284 However, sharing communities that are engaged in sensitive 1285 collaborative analysis and/or operational response for indicators and 1286 incidents targeting high value information systems should adopt a 1287 suitably stronger user authentication solution, such as a risk-based 1288 or multi-factor approach. 1290 Collaborating consortiums may benefit from the adoption of a 1291 federated identity solution, such as those based upon OAuth [RFC6749] 1292 with JWT [RFC7797], or SAML-core [SAML-core], SAML-bind [SAML-bind], 1293 and SAML-prof [SAML-prof] for Web-based authentication and cross- 1294 organizational single sign-on. Dependency on a trusted third party 1295 identity provider implies that appropriate care must be exercised to 1296 sufficiently secure the Identity provider. Any attacks on the 1297 federated identity system would present a risk to the consortium, as 1298 a relying party. Potential mitigations include deployment of a 1299 federation-aware identity provider that is under the control of the 1300 information sharing consortium, with suitably stringent technical and 1301 management controls. 1303 Authorization of resource representations is the responsibility of 1304 the source system, i.e. based on the authenticated user identity 1305 associated with an HTTP(S) request. The required authorization 1306 policies that are to be enforced must therefore be managed by the 1307 security administrators of the source system. Various authorization 1308 architectures would be suitable for this purpose, such as RBAC [4] 1309 and/or ABAC, as embodied in XACML [XACML]. In particular, 1310 implementers adopting XACML may benefit from the capability to 1311 represent their authorization policies in a standardized, 1312 interoperable format. Note that implementers are free to choose any 1313 suitable authorization mechanism that is capable of fulfilling the 1314 policy enforcement requirements relevant to their consortium and/or 1315 organization. 1317 Additional security requirements such as enforcing message-level 1318 security at the destination system could supplement the security 1319 enforcements performed at the source system, however these 1320 destination-provided policy enforcements are out of scope for this 1321 specification. Implementers requiring this capability should 1322 consider leveraging, e.g. the element in the RID schema. 1323 Refer to RFC6545 section 9 for more information. Additionally, the 1324 underlying serialization approach used in the representation (e.g., 1325 XML, JSON) can offer encryption and message authentication 1326 capabilities. For example, XMLDSig [RFC3275] for XML, and JSON Web 1327 Encryption [RFC7516] and JSON Web Signature[RFC7515] for JSON can 1328 provide such mechanisms. 1330 When security policies relevant to the source system are to be 1331 enforced at both the source and destination systems, implementers 1332 must take care to avoid unintended interactions of the separately 1333 enforced policies. Potential risks will include unintended denial of 1334 service and/or unintended information leakage. These problems may be 1335 mitigated by avoiding any dependence upon enforcements performed at 1336 the destination system. When distributed enforcement is unavoidable, 1337 the usage of a standard language (e.g. XACML) for the expression of 1338 authorization policies will enable the source and destination systems 1339 to better coordinate and align their respective policy expressions. 1341 A service discovery mechanism is not explicitly specified in this 1342 document, and there are several approaches available for 1343 implementers. When selecting this mechanism, implementations need to 1344 ensure that their choice provides a means for authenticating the 1345 server. As described in the discovery section, DNS SRV Records are a 1346 possible solution to discovery. 1348 10. Privacy Considerations 1350 The optional author field may provide an identification privacy issue 1351 if populated without the author's consent. This information may 1352 become public if posted to a public feed. Special care should be 1353 taken when aggregating or sharing entries from other feeds, or when 1354 programmatically generating ROLIE entries from some data source that 1355 the author's personal info is not shared without their consent. 1357 When using the Atom Publishing Protocol to POST entries to a feed, 1358 attackers may use correlating techniques to profile the user. The 1359 request time can be compared to the generated "updated" field of the 1360 entry in order to build out information about a given user. This 1361 correlation attempt can be mitigated by not using HTTP requests to 1362 POST entries when profiling is a risk, and rather use backend control 1363 of the Feeds. 1365 Adoption of the information sharing approach described in this 1366 document will enable users to more easily perform correlations across 1367 separate, and potentially unrelated, cyber security information 1368 providers. A client may succeed in assembling a data set that would 1369 not have been permitted within the context of the authorization 1370 policies of either provider when considered individually. Thus, 1371 providers may face a risk of an attacker obtaining an access that 1372 constitutes an undetected separation of duties (SOD) violation. It 1373 is important to note that this risk is not unique to this 1374 specification, and a similar potential for abuse exists with any 1375 other cyber security information sharing protocol. However, the wide 1376 availability of tools for HTTP clients and Atom Feed handling implies 1377 that the resources and technical skills required for a successful 1378 exploit may be less than it was previously. This risk can be best 1379 mitigated through appropriate vetting of the client at account 1380 provisioning time. In addition, any increase in the risk of this 1381 type of abuse should be offset by the corresponding increase in 1382 effectiveness that this specification affords to the defenders. 1384 Overall, privacy concerns in ROLIE can be mitigated by following 1385 security considerations and careful use of the optional personally 1386 identifying elements (e.g., author) provided by Atom Syndication and 1387 ROLIE. 1389 11. Acknowledgements 1391 The authors gratefully acknowledge the valuable contributions of Tom 1392 Maguire, Kathleen Moriarty, and Vijayanand Bharadwaj. These 1393 individuals provided detailed review comments on earlier drafts, and 1394 made many suggestions that have helped to improve this document. 1396 The authors would also like to thank the MILE Working Group, the SACM 1397 Working Group, and countless other people from both within the IETF 1398 community and outside of it for their excellent review and effort 1399 towards constructing this draft. 1401 12. References 1403 12.1. Normative References 1405 [relax-NG] 1406 Clark, J., Ed., "RELAX NG Compact Syntax", 11 2002, 1407 . 1410 [RFC0020] Cerf, V., "ASCII format for network interchange", STD 80, 1411 RFC 20, DOI 10.17487/RFC0020, October 1969, 1412 . 1414 [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1415 Extensions (MIME) Part One: Format of Internet Message 1416 Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, 1417 . 1419 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1420 Requirement Levels", BCP 14, RFC 2119, 1421 DOI 10.17487/RFC2119, March 1997, 1422 . 1424 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 1425 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 1426 . 1428 [RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An 1429 IETF URN Sub-namespace for Registered Protocol 1430 Parameters", BCP 73, RFC 3553, DOI 10.17487/RFC3553, June 1431 2003, . 1433 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1434 DOI 10.17487/RFC3688, January 2004, 1435 . 1437 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1438 Resource Identifier (URI): Generic Syntax", STD 66, 1439 RFC 3986, DOI 10.17487/RFC3986, January 2005, 1440 . 1442 [RFC4287] Nottingham, M., Ed. and R. Sayre, Ed., "The Atom 1443 Syndication Format", RFC 4287, DOI 10.17487/RFC4287, 1444 December 2005, . 1446 [RFC5005] Nottingham, M., "Feed Paging and Archiving", RFC 5005, 1447 DOI 10.17487/RFC5005, September 2007, 1448 . 1450 [RFC5023] Gregorio, J., Ed. and B. de hOra, Ed., "The Atom 1451 Publishing Protocol", RFC 5023, DOI 10.17487/RFC5023, 1452 October 2007, . 1454 [RFC6546] Trammell, B., "Transport of Real-time Inter-network 1455 Defense (RID) Messages over HTTP/TLS", RFC 6546, 1456 DOI 10.17487/RFC6546, April 2012, 1457 . 1459 [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, 1460 "Recommendations for Secure Use of Transport Layer 1461 Security (TLS) and Datagram Transport Layer Security 1462 (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 1463 2015, . 1465 [RFC7970] Danyliw, R., "The Incident Object Description Exchange 1466 Format Version 2", RFC 7970, DOI 10.17487/RFC7970, 1467 November 2016, . 1469 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1470 Writing an IANA Considerations Section in RFCs", BCP 26, 1471 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1472 . 1474 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1475 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1476 May 2017, . 1478 [W3C.REC-xml-names-20091208] 1479 Bray, T., Hollander, D., Layman, A., Tobin, R., and H. 1480 Thompson, "Namespaces in XML 1.0 (Third Edition)", World 1481 Wide Web Consortium Recommendation REC-xml-names-20091208, 1482 December 2009, 1483 . 1485 12.2. Informative References 1487 [I-D.ietf-tls-tls13] 1488 Rescorla, E., "The Transport Layer Security (TLS) Protocol 1489 Version 1.3", draft-ietf-tls-tls13-21 (work in progress), 1490 July 2017. 1492 [REST] Fielding, R., "Architectural Styles and the Design of 1493 Network-based Software Architectures", 2000, 1494 . 1497 [RFC3275] Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible 1498 Markup Language) XML-Signature Syntax and Processing", 1499 RFC 3275, DOI 10.17487/RFC3275, March 2002, 1500 . 1502 [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between 1503 Information Models and Data Models", RFC 3444, 1504 DOI 10.17487/RFC3444, January 2003, 1505 . 1507 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 1508 Specifications: ABNF", STD 68, RFC 5234, 1509 DOI 10.17487/RFC5234, January 2008, 1510 . 1512 [RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", 1513 RFC 6749, DOI 10.17487/RFC6749, October 2012, 1514 . 1516 [RFC7486] Farrell, S., Hoffman, P., and M. Thomas, "HTTP Origin- 1517 Bound Authentication (HOBA)", RFC 7486, 1518 DOI 10.17487/RFC7486, March 2015, 1519 . 1521 [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 1522 Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 1523 2015, . 1525 [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 1526 RFC 7516, DOI 10.17487/RFC7516, May 2015, 1527 . 1529 [RFC7616] Shekh-Yusef, R., Ed., Ahrens, D., and S. Bremer, "HTTP 1530 Digest Access Authentication", RFC 7616, 1531 DOI 10.17487/RFC7616, September 2015, 1532 . 1534 [RFC7617] Reschke, J., "The 'Basic' HTTP Authentication Scheme", 1535 RFC 7617, DOI 10.17487/RFC7617, September 2015, 1536 . 1538 [RFC7797] Jones, M., "JSON Web Signature (JWS) Unencoded Payload 1539 Option", RFC 7797, DOI 10.17487/RFC7797, February 2016, 1540 . 1542 [RFC7804] Melnikov, A., "Salted Challenge Response HTTP 1543 Authentication Mechanism", RFC 7804, DOI 10.17487/RFC7804, 1544 March 2016, . 1546 [RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names 1547 (URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017, 1548 . 1550 [SAML-bind] 1551 Cantor, S., Hirsch, F., Kemp, J., Philpott, R., and E. 1552 Maler, "Bindings for the OASIS Security Assertion Markup 1553 Language (SAML) V2.0", OASIS Standard saml-bindings- 1554 2.0-os, March 2005, . 1557 [SAML-core] 1558 Cantor, S., Kemp, J., Philpott, R., and E. Maler, 1559 "Assertions and Protocol for the OASIS Security Assertion 1560 Markup Language (SAML) V2.0", OASIS Standard saml-core- 1561 2.0-os, March 2005, . 1564 [SAML-prof] 1565 Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, 1566 P., Philpott, R., and E. Maler, "Profiles for the OASIS 1567 Security Assertion Markup Language (SAML) V2.0", OASIS 1568 Standard OASIS.saml-profiles-2.0-os, March 2005, 1569 . 1572 [XACML] Rissanen, E., "eXtensible Access Control Markup Language 1573 (XACML) Version 3.0", August 2010, . 1576 12.3. URIs 1578 [1] https://www.iana.org/assignments/link-relations/link- 1579 relations.xhtml 1581 [2] https://www.iana.org/assignments/link-relations/link- 1582 relations.xhtml 1584 [3] https://www.iana.org/assignments/http-authschemes/http- 1585 authschemes.xhtml 1587 [4] http://csrc.nist.gov/groups/SNS/rbac/ 1589 Appendix A. Relax NG Compact Schema for ROLIE 1591 This appendix is informative. 1593 The Relax NG schema below defines the rolie:format element. 1595 # -*- rnc -*- 1596 # RELAX NG Compact Syntax Grammar for the rolie ns 1598 namespace rolie = "urn:ietf:params:xml:ns:rolie-1.0" 1600 # import the ATOM Syndication RELAX NG Compact Syntax Grammar 1601 include "atomsynd.rnc" 1603 # rolie:format 1604 rolieFormat = 1605 element rolie:format { 1606 atomCommonAttributes, 1607 attribute ns { atomUri }, 1608 attribute version { text } ?, 1609 attribute schema-location { atomUri } ?, 1610 attribute schema-type { atomMediaType } ?, 1611 empty 1612 } 1614 # rolie:property 1616 rolieProperty = 1617 element rolie:property { 1618 atomCommonAttributes, 1619 attribute name { atomUri }, 1620 attribute value { text }, 1621 empty 1622 } 1624 } 1626 Appendix B. Examples of Use 1628 B.1. Service Discovery 1630 This section provides a non-normative example of a client doing 1631 service discovery. 1633 An Atom Service Document enables a client to dynamically discover 1634 what Feeds a particular publisher makes available. Thus, a provider 1635 uses an Atom Service Document to enable authorized clients to 1636 determine what specific information the provider makes available to 1637 the community. The Service Document should be made accessible from a 1638 easily found location, such as a link from the producer's home page. 1640 A client may format an HTTP GET request to retrieve the service 1641 document from the specified location: 1643 GET /rolie/servicedocument 1644 Host: www.example.org 1645 Accept: application/atomsvc+xml 1647 Notice the use of the HTTP Accept: request header, indicating the 1648 MIME type for Atom service discovery. The response to this GET 1649 request will be an XML document that contains information on the 1650 specific Collections that are provided. 1652 Example HTTP GET response: 1654 HTTP/1.1 200 OK 1655 Date: Fri, 24 Aug 2016 17:09:11 GMT 1656 Content-Length: 570 1657 Content-Type: application/atomsvc+xml;charset="utf-8" 1659 1660 1662 1663 Vulnerabilities 1664 1665 Vulnerabilities Feed 1666 1667 1670 1671 1672 1673 1675 This simple Service Document example shows that the server provides 1676 one workspace, named "Vunerabilities". Within that workspace, the 1677 server makes one Collection available. 1679 A server may also offer a number of different Collections, each 1680 containing different types of security automation information. In 1681 the following example, a number of different Collections are 1682 provided, each with its own category and authorization scope. This 1683 categorization will help the clients to decide which Collections will 1684 meet their needs. 1686 HTTP/1.1 200 OK 1687 Date: Fri, 24 Aug 2016 17:10:11 GMT 1688 Content-Length: 1912 1689 Content-Type: application/atomsvc+xml;charset="utf-8" 1691 1692 1694 1695 Public Security Information Sharing 1696 1698 Public Vulnerabilities 1699 1701 1702 1705 1706 1707 1708 1709 Private Consortium Sharing 1710 1712 Incidents 1713 1715 1716 1719 1720 1721 1722 1724 In this example, the provider is making available a total of two 1725 Collections, organized into two different workspaces. The first 1726 workspace contains a Collection consisting of publicly available 1727 software vulnerabilities. The second workspace provides an incident 1728 Collection for use by a private sharing consortium. An appropriately 1729 authenticated and authorized client may then proceed to make HTTP 1730 requests for these Collections. The publicly provided vulnerability 1731 information may be accessible with or without authentication. 1732 However, users accessing the Collection restricted to authorized 1733 members of a private sharing consortium are expected to authenticate 1734 before access is allowed. 1736 B.2. Feed Retrieval 1738 This section provides a non-normative example of a client retrieving 1739 an vulnerability Feed. 1741 Having discovered the available security information sharing 1742 Collections, a client who is a member of the general public may be 1743 interested in receiving the Collection of public vulnerabilities. 1744 The client may retrieve the Feed for this Collection by performing an 1745 HTTP GET operation on the URL indicated by the Collection's "href" 1746 attribute. 1748 Example HTTP GET request for a Feed: 1750 GET /provider/public/vulns 1751 Host: www.example.org 1752 Accept: application/atom+xml 1754 The corresponding HTTP response would be an XML document containing 1755 the vulnerability Feed: 1757 Example HTTP GET response for a Feed: 1759 HTTP/1.1 200 OK 1760 Date: Fri, 24 Aug 2016 17:20:11 GMT 1761 Content-Length: 2882 1762 Content-Type: application/atom+xml;charset="utf-8" 1764 1765 1768 2a7e265a-39bc-43f2-b711-b8fd9264b5c9 1769 1770 Atom formatted representation of 1771 a feed of XML vulnerability documents 1772 1773 1776 2016-05-04T18:13:51.0Z 1777 1779 1781 1782 1783 dd786dba-88e6-440b-9158-b8fae67ef67c 1784 Sample Vulnerability 1785 2015-08-04T18:13:51.0Z 1786 2015-08-05T18:13:51.0Z 1787 A vulnerability issue identified by CVE-... 1788 1790 1792 1793 1794 1796 1798 This Feed document has two Atom Entries, one of which has been 1799 elided. The first Entry illustrates an atom:entry element that 1800 provides a summary of essential details about one particular 1801 vulnerability. Based upon this summary information and the provided 1802 category information, a client may choose to do an HTTP GET request, 1803 on the content "src" attribute, to retrieve the full details of the 1804 vulnerability. 1806 B.3. Entry Retrieval 1808 This section provides a non-normative example of a client retrieving 1809 an vulnerability as an Atom Entry. 1811 Having retrieved the Feed of interest, the client may then decide, 1812 based on the description and/or category information, that one of the 1813 entries in the Feed is of further interest. The client may retrieve 1814 this vulnerability Entry by performing an HTTP GET operation on the 1815 URL indicated by the "src" attribute of the atom:content element. 1817 Example HTTP GET request for an Entry: 1819 GET /provider/public/vulns/123456 1820 Host: www.example.org 1821 Accept: application/atom+xml;type=entry 1823 The corresponding HTTP response would be an XML document containing 1824 the Atom Entry for the vulnerability record: 1826 Example HTTP GET response for an Entry: 1828 HTTP/1.1 200 OK 1829 Date: Fri, 24 Aug 2016 17:30:11 GMT 1830 Content-Length: 713 1831 Content-Type: application/atom+xml;type=entry;charset="utf-8" 1833 1834 1837 f63aafa9-4082-48a3-9ce6-97a2d69d4a9b 1838 Sample Vulnerability 1839 2015-08-04T18:13:51.0Z 1840 2015-08-05T18:13:51.0Z 1841 1844 A vulnerability issue identified by CVE-... 1845 1846 1848 1849 1851 The example response above shows an XML document referenced by the 1852 "src" attribute of the atom:content element. The client may retrieve 1853 the document using this URL. 1855 Appendix C. Change History 1857 Changes in draft-ietf-mile-rolie-14 since draft-ietf-mile-rolie-13 1858 revision: 1860 Removed /.well-known registration and updated Discovery text. 1862 Fixed small namespacing error in RNC schema. 1864 Changes in draft-ietf-mile-rolie-13 since draft-ietf-mile-rolie-12 1865 revision: 1867 Adjusted .well-known registration. 1869 Updated IANA Consideration text. 1871 Changes in draft-ietf-mile-rolie-11 since draft-ietf-mile-rolie-09 1872 revision: 1874 Incorporated ART last call review and AD review changes. 1876 Changes in draft-ietf-mile-rolie-09 since draft-ietf-mile-rolie-08 1877 revision: 1879 TLS requirements changed to clarify TLS versioning and 1880 recommendations 1882 Informative references and textual discussion added to Security 1883 Considerations around HTTP Authentication and content Signing/ 1884 Encryption. 1886 IANA Expert review clarified. 1888 Editorial changes from AD review/WGLC. 1890 Changes in draft-ietf-mile-rolie-08 since draft-ietf-mile-rolie-07 1891 revision: 1893 Reworked "usage of app:collection" and "usage of atom:feed" 1894 sections to clarify ROLIE vs non-ROLIE collections/feeds 1896 Removed requirement from Security Considerations that was a 1897 duplicate of text earlier in the document 1899 TLS requirement clarifications around mutal authentication 1901 Clarified requirements around support for the "/" resource 1902 Added IANA property registrations for content-id, content- 1903 published-date, and content-updated-date that can be used across 1904 all ROLIE extensions to increase consistency/interop 1906 Assorted editorial changes 1908 Changes in draft-ietf-mile-rolie-07 since draft-ietf-mile-rolie-06 1909 revision: 1911 Condensed and re-focused Sections 1 and 4 to be more concise. 1913 Added /.well-known/ registration and requirement for service 1914 discovery. 1916 Added local category, property namespace, and additional property 1917 registrations 1919 Added privacy considerations section. 1921 Made a number of editorial changes as per WGLC review. 1923 Changes in draft-ietf-mile-rolie-06 since draft-ietf-mile-rolie-05 1924 revision: 1926 Changed to standards track 1928 Added the rolie:property element 1930 Fixed references (Normative vs Informative) 1932 Set Service and Category document URL template requirements 1934 Fixed XML snippets in examples 1936 Changes in draft-ietf-mile-rolie-05 since draft-ietf-mile-rolie-04 1937 revision: 1939 Added ROLIE specific terminology to section 2 1941 Added AtomPub Category Document in section 5.2 1943 Edited document, improving consistency in terminology usage and 1944 capitalization of key terms, as well as enhancing clarity. 1946 Removed unused format parameter type in section 8.3 1948 Schema removed, the normative schema consists of the snippets in 1949 the requirements sections. 1951 Changes in draft-ietf-mile-rolie-04 since draft-ietf-mile-rolie-03 1952 revision: 1954 o Further specification and clarification of requirements 1956 o IANA Considerations and extension system fleshed out and 1957 described. 1959 o Examples and References updated. 1961 o Schema created. 1963 o Fixed both internal section and external document referencing. 1965 o Removed XACML Guidance Appendix. This will be added to a future 1966 draft on ROLIE Authentication and Access Control. 1968 Changes made in draft-ietf-mile-rolie-03 since draft-ietf-mile- 1969 rolie-02 revision: 1971 o Atom Syndication and Atom Pub requirements split and greatly 1972 expanded for increased justification and technical specification. 1974 o Reintroduction and reformatting of some use case examples in order 1975 to provide some guidance on use. 1977 o Established rough version of IANA table extension system along 1978 with explanations of said system. 1980 o Re-organized document to put non-vital information in appendices. 1982 Changes made in draft-ietf-mile-rolie-02 since draft-field-mile- 1983 rolie-01 revision: 1985 o All CSIRT and IODEF/RID material moved to companion CSIRT document 1987 o Recast document into a more general use perspective. The 1988 implication of CSIRTs as the defacto end-user has been removed 1989 where ever possible. All of the original CSIRT based use cases 1990 remain completely supported by this document, it has been opened 1991 up to support many other use cases. 1993 o Changed the content model to broaden support of representation 1995 o Edited and rewrote much of sections 1,2 and 3 in order to 1996 accomplish a broader scope and greater readability 1998 o Removed any requirements from the Background section and, if not 1999 already stated, placed them in the requirements section 2001 o Re-formatted the requirements section to make it clearer that it 2002 contains the lions-share of the requirements of the specification 2004 Changes made in draft-ietf-mile-rolie-01 since draft-field-mile- 2005 rolie-02 revision: 2007 o Added section specifying the use of RFC5005 for Archive and Paging 2008 of Feeds. 2010 o Added section describing use of atom categories that correspond to 2011 IODEF expectation class and impact classes. See: normative- 2012 expectation-impact 2014 o Dropped references to adoption of a MILE-specific HTTP media type 2015 parameter. 2017 o Updated IANA Considerations section to clarify that no IANA 2018 actions are required. 2020 Authors' Addresses 2022 John P. Field 2023 Pivotal Software, Inc. 2024 625 Avenue of the Americas 2025 New York, New York 2026 USA 2028 Phone: (646)792-5770 2029 Email: jfield@pivotal.io 2031 Stephen A. Banghart 2032 National Institute of Standards and Technology 2033 100 Bureau Drive 2034 Gaithersburg, Maryland 2035 USA 2037 Phone: (301)975-4288 2038 Email: stephen.banghart@nist.gov 2039 David Waltermire 2040 National Institute of Standards and Technology 2041 100 Bureau Drive 2042 Gaithersburg, Maryland 20877 2043 USA 2045 Email: david.waltermire@nist.gov