Managed Incident Lightweight Exchange
Note: This ballot was opened for revision 03-00 and is now closed.
Ballot question: "Is this charter ready for external review?"
Thanks for addressing my comments.
I agree with Spencer -- the terminology should be corrected before external review.
I agree with Spencer's comment. I was going to comment that perhaps this needed some cross-area participation from ART, but then noticed the responsible AD :-)
[nothing to add to what is already in other ballot positions]
Agree with others: "transport protocol" seems rather confusing.
I don't think I have a BLOCKing concern with what's being proposed, but I do have a significant concern about how it's being characterized. In this text, "The MILE WG is focused on two areas: standardizing a data format for representing incident and indicator data, and standardizing transport protocol(s) for sharing the structured data" and in this text, "Though the working group also adopted Real-time Inter-network Defense (RID, RFC 6545) as further enabling information exchange of security policy, its transport mechanism, based on the Simple Object Access Protocol (SOAP), led to the second focus for MILE: adopting more modern transport through the adoption of a RESTful interface through ROLIE (Resource-oriented lightweight information exchange, RFC 8322) and the adoption of a publish-subscribe model through XMPP-Grid (draft-ietf-mile-xmpp-grid). The MILE WG will continue to: "- Update and enhance these transport protocols to optimize their performance and representations. More explicitly, documenting how ROLIE can transport JSON representations. "- Define and document how these transport protocols can also be used to support other security information exchange formats. For example, documenting how ROLIE can transport STIX (Secure Threat Intelligence eXchange) data." I'm not sure that what I think is being described, is exactly "standardizing transport protocol(s)". I THINK it's more like "standardizing mapping onto an application substrate", if I'm using the vocabulary of https://tools.ietf.org/html/draft-ietf-httpbis-bcp56bis-07 correctly, and I'm wondering whether all of these formats would end up riding over HTTP, which would shorten any conversation about my ballot a lot. Am I confused here? If this work is correctly described as "standardizing a transport protocol", I should probably be balloting BLOCK.