draft-ietf-mile-rolie-15.txt   draft-ietf-mile-rolie-16.txt 
MILE Working Group J. Field MILE Working Group J. Field
Internet-Draft Pivotal Internet-Draft Pivotal
Intended status: Standards Track S. Banghart Intended status: Standards Track S. Banghart
Expires: June 13, 2018 D. Waltermire Expires: June 17, 2018 D. Waltermire
NIST NIST
December 10, 2017 December 14, 2017
Resource-Oriented Lightweight Information Exchange Resource-Oriented Lightweight Information Exchange
draft-ietf-mile-rolie-15 draft-ietf-mile-rolie-16
Abstract Abstract
This document defines a resource-oriented approach for security This document defines a resource-oriented approach for security
automation information publication, discovery, and sharing. Using automation information publication, discovery, and sharing. Using
this approach, producers may publish, share, and exchange this approach, producers may publish, share, and exchange
representations of software descriptors, security incidents, attack representations of software descriptors, security incidents, attack
indicators, software vulnerabilities, configuration checklists, and indicators, software vulnerabilities, configuration checklists, and
other security automation information as web-addressable resources. other security automation information as web-addressable resources.
Furthermore, consumers and other stakeholders may access and search Furthermore, consumers and other stakeholders may access and search
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 13, 2018. This Internet-Draft will expire on June 17, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 51 skipping to change at page 2, line 51
6.1.1. Use of the "atom:category" Element . . . . . . . . . 13 6.1.1. Use of the "atom:category" Element . . . . . . . . . 13
6.1.2. Use of the "atom:link" Element . . . . . . . . . . . 13 6.1.2. Use of the "atom:link" Element . . . . . . . . . . . 13
6.1.3. Use of the "atom:updated" Element . . . . . . . . . . 14 6.1.3. Use of the "atom:updated" Element . . . . . . . . . . 14
6.2. Use of the "atom:entry" Element . . . . . . . . . . . . 15 6.2. Use of the "atom:entry" Element . . . . . . . . . . . . 15
6.2.1. Use of the "atom:content" Element . . . . . . . . . . 15 6.2.1. Use of the "atom:content" Element . . . . . . . . . . 15
6.2.2. Use of the "atom:link" Element . . . . . . . . . . . 16 6.2.2. Use of the "atom:link" Element . . . . . . . . . . . 16
6.2.3. Use of the "rolie:format" Element . . . . . . . . . . 16 6.2.3. Use of the "rolie:format" Element . . . . . . . . . . 16
6.2.4. Use of the rolie:property Element . . . . . . . . . . 18 6.2.4. Use of the rolie:property Element . . . . . . . . . . 18
6.2.5. Requirements for a Standalone Entry . . . . . . . . . 19 6.2.5. Requirements for a Standalone Entry . . . . . . . . . 19
7. Available Extension Points Provided by ROLIE . . . . . . . . 19 7. Available Extension Points Provided by ROLIE . . . . . . . . 19
7.1. The Category Extension Point . . . . . . . . . . . . . . 19 7.1. The Category Extension Point . . . . . . . . . . . . . . 20
7.1.1. General Use of the "atom:category" Element . . . . . 20 7.1.1. General Use of the "atom:category" Element . . . . . 20
7.1.2. Identification of Security Automation Information 7.1.2. Identification of Security Automation Information
Types . . . . . . . . . . . . . . . . . . . . . . . . 20 Types . . . . . . . . . . . . . . . . . . . . . . . . 21
7.2. The "rolie:format" Extension Point . . . . . . . . . . . 22 7.2. The "rolie:format" Extension Point . . . . . . . . . . . 22
7.3. The Link Relation Extension Point . . . . . . . . . . . . 22 7.3. The Link Relation Extension Point . . . . . . . . . . . . 22
7.4. The "rolie:property" Extension Point . . . . . . . . . . 22 7.4. The "rolie:property" Extension Point . . . . . . . . . . 23
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
8.1. XML Namespaces and Schema URNs . . . . . . . . . . . . . 23 8.1. XML Namespaces and Schema URNs . . . . . . . . . . . . . 24
8.2. ROLIE URN Sub-namespace . . . . . . . . . . . . . . . . . 24 8.2. ROLIE URN Sub-namespace . . . . . . . . . . . . . . . . . 24
8.3. ROLIE URN Parameters . . . . . . . . . . . . . . . . . . 24 8.3. ROLIE URN Parameters . . . . . . . . . . . . . . . . . . 25
8.4. ROLIE Security Resource Information Type Sub-Registry . . 26 8.4. ROLIE Security Resource Information Type Sub-Registry . . 26
9. Security Considerations . . . . . . . . . . . . . . . . . . . 27 9. Security Considerations . . . . . . . . . . . . . . . . . . . 27
10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29 10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30
12.1. Normative References . . . . . . . . . . . . . . . . . . 30 12.1. Normative References . . . . . . . . . . . . . . . . . . 30
12.2. Informative References . . . . . . . . . . . . . . . . . 32 12.2. Informative References . . . . . . . . . . . . . . . . . 32
12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 34 12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Appendix A. Relax NG Compact Schema for ROLIE . . . . . . . . . 34 Appendix A. Relax NG Compact Schema for ROLIE . . . . . . . . . 34
Appendix B. Examples of Use . . . . . . . . . . . . . . . . . . 35 Appendix B. Examples of Use . . . . . . . . . . . . . . . . . . 35
skipping to change at page 15, line 34 skipping to change at page 15, line 34
& atomContent & atomContent
& atomContributor* & atomContributor*
& atomId & atomId
& atomLink* & atomLink*
& atomPublished? & atomPublished?
& atomRights? & atomRights?
& atomSource? & atomSource?
& atomSummary? & atomSummary?
& atomTitle & atomTitle
& atomUpdated & atomUpdated
& rolieFormat & rolieFormat?
& rolieProperty* & rolieProperty*
& extensionElement*) & extensionElement*)
} }
The notable changes from [RFC4287] are the addition of rolieFormat The notable changes from [RFC4287] are the addition of rolieFormat
and rolieProperty, and atomContent no longer being optional. and rolieProperty elements. Also the atomContent element is
restricted to the atomOutOfLineContent formulation and is now
REQUIRED.
The following subsections contain requirements for Entries in a ROLIE The following subsections contain requirements for Entries in a ROLIE
Feed. Feed.
6.2.1. Use of the "atom:content" Element 6.2.1. Use of the "atom:content" Element
An atom:content element associates its containing Entry with a An atom:content element associates its containing Entry with a
content resource identified by the src attribute. content resource identified by the src attribute.
There MUST be exactly one atom:content element in the Entry. The There MUST be exactly one atom:content element in the Entry. The
skipping to change at page 17, line 5 skipping to change at page 17, line 8
As mentioned earlier, a key goal of this specification is to allow a As mentioned earlier, a key goal of this specification is to allow a
consumer to review a set of published security automation information consumer to review a set of published security automation information
resources, and then identify and retrieve any resources of interest. resources, and then identify and retrieve any resources of interest.
The format of the data is a key criteria to consider when deciding The format of the data is a key criteria to consider when deciding
what information to retrieve. For a given type of security what information to retrieve. For a given type of security
automation information, it is expected that a number of different automation information, it is expected that a number of different
formats may be used to represent this information. To support this formats may be used to represent this information. To support this
use case, both the serialization format and the specific data model use case, both the serialization format and the specific data model
expressed in that format must be known by the consumer. expressed in that format must be known by the consumer.
The rolie:format element is used to describe the data model used to In the Atom Syndication format, a media type can be defined using the
express the information referenced in the atom:content element of an "type" attribute on the "atom:content" element of an atom:entry. The
atom:entry. It also allows a schema to be identified that can be media type can be fully descriptive of the format of the linked
used when parsing the content to verify or better understand the document, such as "application/atom+xml". In some cases, however, a
structure of the content. format specific media type may not be defined. An example might be
when "application/xml" is used because there is no defined specific
media type for the content. In such a case the exact data model of
the content cannot be known without first retrieving the content.
There MUST be exactly one rolie:format element in an atom:entry. The In cases where a specific media type does not exist, the rolie:format
element MUST adhere to this definition: element is used to describe the data model used to express the
information referenced in the atom:content element. The rolie:format
element also allows a schema to be identified that can be used when
parsing the content to verify or better understand the structure of
the content.
When it appears, the "rolie:format" element MUST adhere to this
definition:
rolieFormat = rolieFormat =
element rolie:format { element rolie:format {
appCommonAttributes, appCommonAttributes,
attribute ns { atomURI }, attribute ns { atomURI },
attribute version { text } ?, attribute version { text } ?,
attribute schema-location { atomURI } ?, attribute schema-location { atomURI } ?,
attribute schema-type { atomMediaType } ?, attribute schema-type { atomMediaType } ?,
empty empty
} }
 End of changes. 12 change blocks. 
19 lines changed or deleted 31 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/