Presentation is loading. Please wait.

Presentation is loading. Please wait.

ROLIE: Resource-Oriented Lightweight Indicator Exchange

Published byDouglas Nash Modified over 6 years ago

Similar presentations

Presentation on theme: "ROLIE: Resource-Oriented Lightweight Indicator Exchange"— Presentation transcript:

1 ROLIE: Resource-Oriented Lightweight Indicator Exchange
John P. Field Security Architect Pivotal Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

2 IETF 94 – Yokohama / MILE Working Group
Agenda Motivation for ROLIE Use Case Examples Review of questions raised since draft -02 Additional Discussion Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

3 IETF 94 – Yokohama / MILE Working Group
What is ROLIE? A Resource-Oriented, Lightweight approach to enabling cyber security information sharing. REST is the architecture of the World Wide Web. Cf. Chapter 5, “Architectural Styles and the Design of Network-based Software Architectures” Roy Fielding, Univ. Cal. Irvine, 2000. Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

4 IETF 94 – Yokohama / MILE Working Group
Motivation for ROLIE The cyber security challenge is an asymmetric conflict; the attackers exhibit: Loosely coupled collaboration patterns High degree of technical agility Continuous evolution / adaptability of tactics & methods Message-based architectures function optimally when deployed and operated symmetrically. The REST architectural style is naturally asymmetric and has proven to be agile, economical, and scalable. Loose coupling through uniform interface and content-type negotiation enables continuous incremental improvement. Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

5 IETF 94 – Yokohama / MILE Working Group
ROLIE Use Case: Feed Example request for an Incident Feed: GET /csirt/private/incidents HTTP/1.1 Host: Accept: application/atom+xml Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

6 IETF 94 – Yokohama / MILE Working Group
ROLIE Use Case: Feed Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

7 IETF 94 – Yokohama / MILE Working Group
ROLIE Use Case: Entry Example request for an Entry: GET /csirt/private/incidents/ Host: Accept: application/atom+xml Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

8 IETF 94 – Yokohama / MILE Working Group
ROLIE Use Case: Entry Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

9 ROLIE Use Case: Repository
Example request to a Repository: GET /csirt/repository/ddos Host: Accept: application/atom+xml Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

10 ROLIE Use Case: Repository
03/13/2013 IETF 86 – Orlando / MILE Working Group Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

11 Issues raised since draft -02
IANA link registrations, versus fully qualified private link types are sufficient. Suggestion: Use IANA registrations, since the list of terms could be expanded further in the future. Response: Agree, this is the best way to ensure interoperability.  Individual sharing consortia can always choose to use fully qualified links in their community, in addition to the globally standardized ones. Should we require atom categories that correspond to IODEF expectation class and/or IODEF impact class? Suggestion: That would be helpful, if you could prepare that. Perhaps as an appendix. Response: OK, the reason I raised the question is that I was not sure as to how CSIRTs might be using expectation and impact.  The category could enable easier retrieval if that access pattern is common. Should we include specific requirements for Archive and Paging? Suggestion: Well, we MAY do so, I think. Server may provide paged feeds as defined by RFC 5005. Response: Makes perfect sense to reference 5005. Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

12 Issues raised since draft -02
Requirements input on use cases involving RID schema in the Atom member entry content model for link rel=report. Suggestion: Not essential. Having said that, if somebody could provide such inputs, that would be helpful. Response: Motivation was to ensure that we optimize the usage/data access patterns.  Goal is to enable requestors to minimize round trips.   Should we include a MILE media type parameter? Suggestion: “no”. If we wish to negotiate the content, we have many other ways to do so, so I do not see the needs to include a MIME media type for this purpose. Response: Agreed.   Media type should remain generic, application/atom+xml. More specialized media type might have some benefits, but would also limit interoperability with clients that do not recognize the specialized type.  The overall goal of the draft is to enable the broadest possible interactions.  Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

13 Issues raised since draft -02
An atom:category for IODEF expectation, and/or impact? Clarification: Is this required. Response: Not required. Motivation was again to ensure that we optimize for common usage/data access patterns.  Goal is to enable requestors to minimize round trips. Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

14 IETF 94 – Yokohama / MILE Working Group
Conclusion Additional Questions or Comments? Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

15 IETF 94 – Yokohama / MILE Working Group
Thank You Nov. 2, 2015 IETF 94 – Yokohama / MILE Working Group

Download ppt "ROLIE: Resource-Oriented Lightweight Indicator Exchange"

Similar presentations

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
SOAP Quang Vinh Pham Simon De Baets Université Libre de Bruxelles1.

SOAP Quang Vinh Pham Simon De Baets Université Libre de Bruxelles1.
Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.

Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
CS 415 N-Tier Application Development By Umair Ashraf July 6,2013 National University of Computer and Emerging Sciences Lecture # 9 Introduction to Web.

CS 415 N-Tier Application Development By Umair Ashraf July 6,2013 National University of Computer and Emerging Sciences Lecture # 9 Introduction to Web.
SharePoint Server 2013 Features and Scenarios for IT Professionals First Lastname, Title March, 2014 Software Assurance Planning Services.

SharePoint Server 2013 Features and Scenarios for IT Professionals First Lastname, Title March, 2014 Software Assurance Planning Services.
Introduction to Information Systems Class Agenda Instructor Introductions –Instructor –Class Objectives Competitive Advantages will be a key area Very.

Introduction to Information Systems Class Agenda Instructor Introductions –Instructor –Class Objectives Competitive Advantages will be a key area Very.
Web Architecture & Services (2) Representational State Transfer (REST)

Web Architecture & Services (2) Representational State Transfer (REST)
Open Data Protocol * Han Wang 11/30/2012 *

Open Data Protocol * Han Wang 11/30/2012 *
Information Access and Connectivity Richard N. Taylor University of California, Irvine

Information Access and Connectivity Richard N. Taylor University of California, Irvine
1 Seminar on Service Oriented Architecture Principles of REST.

1 Seminar on Service Oriented Architecture Principles of REST.
World Wide Web “WWW”, Web or W3. World Wide Web “WWW”, Web or W3

World Wide Web “WWW”, "Web" or "W3". World Wide Web “WWW”, "Web" or "W3"
Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.

Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.
REST By: Vishwanath Vineet.

REST By: Vishwanath Vineet.
Introduction to Service Orientation MIS 181.9: Service Oriented Architecture 2 nd Semester, 2011-2012.

Introduction to Service Orientation MIS 181.9: Service Oriented Architecture 2 nd Semester,
Service Oriented Architecture Enabling the Agile and Flexible Business of the 21 st Century.

Service Oriented Architecture Enabling the Agile and Flexible Business of the 21 st Century.
Linked Data Publishing on the Semantic Web Dr Nicholas Gibbins - 2013-2014.

Linked Data Publishing on the Semantic Web Dr Nicholas Gibbins
Added Value to XForms by Web Services Supporting XML Protocols Elina Vartiainen Timo-Pekka Viljamaa T-111.590 Research Seminar on Digital Media Autumn.

Added Value to XForms by Web Services Supporting XML Protocols Elina Vartiainen Timo-Pekka Viljamaa T Research Seminar on Digital Media Autumn.
This project is co-funded by the European Union T2.4: Social Media Data Capturing Module Brussels, 16 December 2014.

This project is co-funded by the European Union T2.4: Social Media Data Capturing Module Brussels, 16 December 2014.

Similar presentations

Ads by Google