Welcome

We’re Mark and Bret;This is the TAXII SC

TAXII 1.1.1 Update

• Bret and Mark have mostly complete drafts• Other co-chairs have seen drafts• Once DHS Legal approves, will be available to

whole CTI TC for review and comment• Will eventually be submitted for ratification as

an OASIS Standard• Nothing has changed other than Namespaces

and URNs (and document formatting)

Meetings

• This is the kick off meeting• Regular meetings will be held on the second

Tuesday of each month– We can schedule addt’l meetings as necessary

• We haven’t set a time for the first “regular” meeting, but it will be on August 11th

TAXII Subcommittee Goals

• Open, Collaborative, Fast– This includes collaboration across SCs

• Solve what we know• Investigate what we don’t know• Plan For Change– Quick release cycles to support new use cases

• Open door policy (email, IM, Skype): – mdavidson@mitre.org– bret.jordan@bluecoat.com

TAXII 1.x Complaints

• Too much optionality• Lack of single architecture• No defined authentication• No network-level discovery• Unnecessary network traffic• Messages are too big• Let’s take the opportunity to holistically review

TAXII– We think this probably means a major revision

TAXII Goals

• Simplicity– Easy to implement and understand

• One way of doing things– Reduce optional services

• Minimize resource usage– Reduce message size– Only transmit what is necessary

• Scalable performance– Plan for organizations with 50,000+ TAXII clients– Plan for 100 Million messages a day– Address “busy wait” issue with TAXII 1.1

Proposed TAXII Scope

• Sharing within a trust-group– (ex. ISACs / ISAOs)

• Sharing between trust-groups– (ex., FS-ISAC to ICS-ISAC)

• Public sharing• Investigate: Internal sharing– (Device-to-Device)

Open Discussion