JSON binding of IODEF
draft-ietf-mile-jsoniodef-04

Document Type Active Internet-Draft (mile WG)
Last updated 2018-07-17
Replaces draft-takahashi-mile-jsoniodef
Stream IETF
Intended RFC status (None)
Formats plain text pdf xml html bibtex
Stream WG state WG Document (wg milestone: Dec 2018 - Submit a draft on JS... )
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
MILE                                                        T. Takahashi
Internet-Draft                                                      NICT
Intended status: Standards Track                              R. Danyliw
Expires: January 18, 2019                                           CERT
                                                               M. Suzuki
                                                                    NICT
                                                           July 17, 2018

                         JSON binding of IODEF
                      draft-ietf-mile-jsoniodef-04

Abstract

   RFC7970 specified an information model and a corresponding XML data
   model for exchanging incident and indicator information.  This draft
   provides an alternative data model implementation in JSON.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 18, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Takahashi, et al.       Expires January 18, 2019                [Page 1]
Internet-Draft                 JSON-IODEF                      July 2018

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  IODEF Data Types  . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Abstract Data Type to JSON Data Type Mapping  . . . . . .   3
     2.2.  Complex JSON Types  . . . . . . . . . . . . . . . . . . .   4
       2.2.1.  Multilingual Strings  . . . . . . . . . . . . . . . .   4
       2.2.2.  Software and SoftwareReference  . . . . . . . . . . .   5
       2.2.3.  StructuredInfo  . . . . . . . . . . . . . . . . . . .   5
       2.2.4.  EXTENSION . . . . . . . . . . . . . . . . . . . . . .   6
   3.  IODEF JSON Data Model . . . . . . . . . . . . . . . . . . . .   6
     3.1.  Classes and Elements  . . . . . . . . . . . . . . . . . .   6
     3.2.  Mapping between JSON and XML IODEF  . . . . . . . . . . .  16
   4.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .  17
     4.1.  Minimal Example . . . . . . . . . . . . . . . . . . . . .  17
     4.2.  Indicators from a Campaign  . . . . . . . . . . . . . . .  18
   5.  The IODEF Data Model (CDDL) . . . . . . . . . . . . . . . . .  20
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  35
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  35
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  35
   9.  Normative References  . . . . . . . . . . . . . . . . . . . .  35
   Appendix A.  The IODEF Data Model (JSON Schema) . . . . . . . . .  35
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  55

1.  Introduction

   [RFC7970] defines a data representation for security incident reports
   and indicators commonly exchanged by operational security teams.  It
   facilitates the automated exchange of this information to enable
   mitigation and watch-and-warning.  Section 3 of [RFC7970] defined an
   information model using Unified Modeling Language (UML) and a
   corresponding Extensible Markup Language (XML) schema data model in
   Section 8.  This UML-based information model and XML-based data model
   are referred to as IODEF UML and IODEF XML, respectively in this
   document.

   This document defines an alternate implementation of the IODEF UML
   information model by specifying a JavaScript Object Notation (JSON)
   data model using JSON Schema [jsonschema].  This JSON data model is
   referred to as IODEF JSON in this document.

   IODEF JSON provides all of the expressivity of IODEF XML.  It gives
   implementers and operators an alternative format to exchange the same
Show full document text