Technical Summary
This document proposes a JavaScript Object Notation (JSON)
data model for the security incident reports and indicators as
defined by the IODEF (RFC 7970) data model. While the IODEF
information model has been instantiated in XML in RFC 7970,
an alternative more compact data model using CDDL and JSON
is defined in this document.
Working Group Summary
The MILE working group has been working on the JSON
definition for roughly 18 months and has had good discussion
and review. There has been good support and agreement that
IODEF needed an update from XML to JSON format
representation and this draft has received several reviews.
Document Quality
The document is well written and been reviewed by both
the working group participants as well as practitioners of
IODEF, JSON and CDDL.
Personnel
Nancy Cam-Winget is the document shepherd and
Alexey Melnikov is the responsible AD.
RFC Editor Note
RFC Editor Note
In Section 6:
Incident = {
? iodef-Indicator f=> [+ Indicator],
"f=>" is a typo, please change back to "=>"