--- 1/draft-ietf-mile-rolie-06.txt 2017-05-26 10:13:15.180700253 -0700 +++ 2/draft-ietf-mile-rolie-07.txt 2017-05-26 10:13:15.260702163 -0700 @@ -1,35 +1,35 @@ MILE Working Group J. Field Internet-Draft Pivotal Intended status: Standards Track S. Banghart -Expires: September 14, 2017 D. Waltermire +Expires: November 25, 2017 D. Waltermire NIST - March 13, 2017 + May 24, 2017 Resource-Oriented Lightweight Information Exchange - draft-ietf-mile-rolie-06 + draft-ietf-mile-rolie-07 Abstract This document defines a resource-oriented approach for security automation information publication, discovery, and sharing. Using this approach, producers may publish, share, and exchange - representations of security incidents, attack indicators, software - vulnerabilities, configuration checklists, and other security - automation information as Web-addressable resources. Furthermore, - consumers and other stakeholders may access and search this security - information as needed, establishing a rapid and on-demand information - exchange network for restricted internal use or public access - repositories. This specification extends the Atom Publishing - Protocol and Atom Syndication Format to transport and share security - automation resource representations. + representations of software descriptors, security incidents, attack + indicators, software vulnerabilities, configuration checklists, and + other security automation information as web-addressable resources. + Furthermore, consumers and other stakeholders may access and search + this security information as needed, establishing a rapid and on- + demand information exchange network for restricted internal use or + public access repositories. This specification extends the Atom + Publishing Protocol and Atom Syndication Format to transport and + share security automation resource representations. Contributing to this document The source for this draft is being maintained on GitHub. Suggested changes should be submitted as pull requests at . Instructions are on that page as well. Editorial changes can be managed in GitHub, but any substantial issues need to be discussed on the MILE mailing list. Status of This Memo @@ -39,21 +39,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 14, 2017. + This Internet-Draft will expire on November 25, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -64,129 +64,130 @@ described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. XML-related Conventions . . . . . . . . . . . . . . . . . . . 4 3.1. XML Namespaces . . . . . . . . . . . . . . . . . . . . . 4 3.2. RELAX NG Compact Schema . . . . . . . . . . . . . . . . . 5 4. Background and Motivation . . . . . . . . . . . . . . . . . . 5 - 4.1. Proactive Sharing . . . . . . . . . . . . . . . . . . . . 5 - 4.2. Knowledge Aggregation . . . . . . . . . . . . . . . . . . 6 - 4.3. Resource-oriented Architecture . . . . . . . . . . . . . 6 - 5. ROLIE Requirements for the Atom Publishing Protocol . . . . . 7 + 5. ROLIE Requirements for the Atom Publishing Protocol . . . . . 6 5.1. AtomPub Service Documents . . . . . . . . . . . . . . . . 7 - 5.1.1. Use of the "app:workspace" Element . . . . . . . . . 8 + 5.1.1. Use of the "app:workspace" Element . . . . . . . . . 7 5.1.2. Use of the "app:collection" Element . . . . . . . . . 8 5.1.3. Service Discovery . . . . . . . . . . . . . . . . . . 9 - 5.2. AtomPub Category Documents . . . . . . . . . . . . . . . 10 + 5.2. AtomPub Category Documents . . . . . . . . . . . . . . . 9 5.3. Transport Layer Security . . . . . . . . . . . . . . . . 10 5.4. User Authentication and Authorization . . . . . . . . . . 11 - 5.5. / (forward slash) Resource URL . . . . . . . . . . . . . 12 - 5.6. HTTP methods . . . . . . . . . . . . . . . . . . . . . . 12 + 5.5. / (forward slash) Resource URL . . . . . . . . . . . . . 11 + 5.6. HTTP methods . . . . . . . . . . . . . . . . . . . . . . 11 6. ROLIE Requirements for the Atom Syndication Format . . . . . 12 6.1. Use of the "atom:feed" element . . . . . . . . . . . . . 12 6.1.1. Use of the "atom:category" Element . . . . . . . . . 13 6.1.2. Use of the "atom:link" Element . . . . . . . . . . . 14 6.1.3. Use of the "atom:updated" Element . . . . . . . . . . 15 - 6.2. Use of the "atom:entry" Element . . . . . . . . . . . . 16 + 6.2. Use of the "atom:entry" Element . . . . . . . . . . . . 15 6.2.1. Use of the "atom:content" Element . . . . . . . . . . 16 - 6.2.2. Use of the "atom:link" Element . . . . . . . . . . . 17 + 6.2.2. Use of the "atom:link" Element . . . . . . . . . . . 16 6.2.3. Use of the "rolie:format" Element . . . . . . . . . . 17 6.2.4. Use of the rolie:property Element . . . . . . . . . . 18 6.2.5. Requirements for a Standalone Entry . . . . . . . . . 19 7. Available Extension Points Provided by ROLIE . . . . . . . . 19 7.1. The Category Extension Point . . . . . . . . . . . . . . 20 7.1.1. General Use of the "atom:category" Element . . . . . 20 7.1.2. Identification of Security Automation Information Types . . . . . . . . . . . . . . . . . . . . . . . . 21 7.2. The "rolie:format" Extension Point . . . . . . . . . . . 22 7.3. The Link Relation Extension Point . . . . . . . . . . . . 22 7.4. The "rolie:property" Extension Point . . . . . . . . . . 23 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 8.1. XML Namespaces and Schema URNs . . . . . . . . . . . . . 23 - 8.2. ROLIE URN Sub-namespace . . . . . . . . . . . . . . . . . 23 + 8.2. ROLIE URN Sub-namespace . . . . . . . . . . . . . . . . . 24 8.3. ROLIE URN Parameters . . . . . . . . . . . . . . . . . . 24 - 8.4. ROLIE Security Resource Information Type Sub-Registry . . 25 - 9. Security Considerations . . . . . . . . . . . . . . . . . . . 26 - 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 - 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 28 - 11.1. Normative References . . . . . . . . . . . . . . . . . . 28 - 11.2. Informative References . . . . . . . . . . . . . . . . . 30 - 11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 31 - Appendix A. Relax NG Compact Schema for ROLIE . . . . . . . . . 31 - Appendix B. Examples of Use . . . . . . . . . . . . . . . . . . 32 - B.1. Service Discovery . . . . . . . . . . . . . . . . . . . . 32 - B.2. Feed Retrieval . . . . . . . . . . . . . . . . . . . . . 35 - B.3. Entry Retrieval . . . . . . . . . . . . . . . . . . . . . 37 - Appendix C. Change History . . . . . . . . . . . . . . . . . . . 38 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40 + 8.4. ROLIE Security Resource Information Type Sub-Registry . . 26 + 8.5. Well-Known URI Registrations . . . . . . . . . . . . . . 27 + 9. Security Considerations . . . . . . . . . . . . . . . . . . . 27 + 10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29 + 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 + 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 + 12.1. Normative References . . . . . . . . . . . . . . . . . . 30 + 12.2. Informative References . . . . . . . . . . . . . . . . . 32 + 12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 33 + Appendix A. Relax NG Compact Schema for ROLIE . . . . . . . . . 33 + Appendix B. Examples of Use . . . . . . . . . . . . . . . . . . 34 + B.1. Service Discovery . . . . . . . . . . . . . . . . . . . . 34 + B.2. Feed Retrieval . . . . . . . . . . . . . . . . . . . . . 37 + B.3. Entry Retrieval . . . . . . . . . . . . . . . . . . . . . 39 + Appendix C. Change History . . . . . . . . . . . . . . . . . . . 40 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 1. Introduction This document defines a resource-oriented approach to security - automation information sharing that follows the REST (Architectural S - tyles and the Design of Network-based Software Architectures) - architectural style. In this approach, computer security resources - are maintained in web-accessible repositories structured as Atom - Syndication Format [RFC4287] Feeds. Representations of specific - types of security automation information are categorized and - organized into indexed Collections which may be requested by the - consumer. As the set of resource Collections are forward facing, the - consumer may search all available content for which they are - authorized to view, and request the information resources which are - desired. Through use of granular authentication and access controls, - only authorized consumers may be permitted the ability to read or - write to a given Feed. This approach is in contrast to, and meant to - improve on, the traditional point-to-point messaging system, in which - consumers must request individual pieces of information from a server - following a triggering event. The point-to-point approach creates a - closed system of information sharing that encourages duplication of - effort and hinders automated security systems. + automation information sharing that follows the Representational + State Transfer (REST) architectural style [REST]. In this approach, + computer security resources are maintained in web-accessible + repositories structured as Atom Syndication Format [RFC4287] Feeds. + Within a given Feed, which may be requested by the consumer, + representations of specific types of security automation information + are organized, categorized, and described. Furthermore, all + collections available to a given user are discoverable, allowing the + consumer to search all available content they are authorized to view, + and to locate and request the desired information resources. Through + use of granular authentication and access controls, only authorized + consumers may be permitted the ability to read or write to a given + Feed. - The goal of this document is to define a RESTful approach to security - information communication with two primary intents: 1) increasing - communication and sharing of incident reports, vulnerability - assessments, configuration checklists, and other security automation - information between providers and consumers; and 2) establishing a - standardized communication system to support automated computer - security systems. + The goal of this approach is to increase the communication and + sharing of security information between providers and consumers that + can be used to automate security processes (e.g., incident reports, + vulnerability assessments, configuration checklists, and other + security automation information). Such sharing allows human + operators and computer systems to leverage this standardized + communication system to gather information that supports the + automation of security processes. - In order to deal with the great variety in security automation - information types and associated resource representations, this - specification defines extension points that can be used to add - support for new information types and associated resource - representations by means of additional supplementary specification - documents. This primary document is resource representation - agnostic, and defines the core requirements of all implementations. - An overview of the extension system is provided in Section 7.Those - seeking to provide support for specific security automation - information types should refer to the specification for that domain - described by the IANA registry found in section 8.4. + In for new types of security automation information and associated + resource representations to be shared over time, this specification + defines extension points that can be used to add support for new + information types and associated resource representations by means of + additional supplementary specification documents. Sections 5 and 6 + of this document define the core requirements of all implementations + of this specification, and is resource representation agnostic. An + overview of the extension system is provided in Section 7. + Implementers seeking to provide support for specific security + automation information types should refer to the specification for + that domain described by the IANA registry found in section 8.4. 2. Terminology The key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. + The previous key words are used in this document to define the + conformance requirements for implementations of this specification. + This document does not give any recommendations for the use of ROLIE, + it only provides conformance requirements for implementations of this + specification. + Definitions for some of the common computer security-related terminology used in this document can be found in Section 2 of [RFC7970]. - The following terms are unqiue to this specification: + The following terms are unique to this specification: - Information Type A class of security automation information, having - an associated data model, that is the subject of a security - process that can be automated. See section 7.1.2 for more - information. + Information Type A class of security automation information having + one or more associated data models. Often such security + automation information is used in the automation of a security + process. See section 7.1.2 for more information. 3. XML-related Conventions 3.1. XML Namespaces This specification uses XML Namespaces [W3C.REC-xml-names-20091208] to uniquely identify XML element names. It uses the following namespace prefix mappings for the indicated namespace URI: "app" is used for the "http://www.w3.org/2007/app" namespace @@ -194,132 +195,98 @@ "atom" is used for the "http://www.w3.org/2005/Atom" namespace defined in [RFC4287]. "rolie" is used for the "urn:ietf:params:xml:ns:rolie:1.0" namespace defined in section 8.1 of this specification. 3.2. RELAX NG Compact Schema Some sections of this specification are illustrated with fragments of - a non-normative RELAX NG Compact schema [relax-NG]. However, the - text of this specification provides the definition of conformance. - Schema for the "http://www.w3.org/2007/app" and - "http://www.w3.org/2005/Atom" namespaces appear in RFC5023 appendix B - [RFC5023] and RFC4287 appendix B [RFC4287] respectively. + a non-normative RELAX NG Compact schema [relax-NG]. The text of this + specification provides the definition of conformance. Schema for the + "http://www.w3.org/2007/app" and "http://www.w3.org/2005/Atom" + namespaces appear in RFC5023 appendix B [RFC5023] and RFC4287 + appendix B [RFC4287] respectively. - A complete RELAX NG Compact Schema for the new elements introduced by - ROLIE is provided in Appendix A. + A complete informative RELAX NG Compact Schema for the new elements + introduced by ROLIE is provided in Appendix A. 4. Background and Motivation - Information sharing is one of the core components of automating - security processes. Vulnerabilities, configurations, software - identification, security incidents, and patching data are just a few - of the classes of information that are shared today to enable - effective security on a wide scale. However, as the scale of defense - broadens to sometimes global networks, and the inherent scaling - issues of human-in-the-loop sharing become apparent, the need for - automation and machine-to-machine communication becomes apparent. - -4.1. Proactive Sharing - - Existing approaches to computer security information sharing often - use message exchange patterns that are point-to-point. Sometimes, - information that may be useful to share with multiple peers is only - made available to peers after they have specifically requested it. - Unfortunately, a sharing peer may not know, a priori, what - information to request from another peer. Some existing systems - provide a mechanism for unsolicited information requests, however, - these reports are again sent point-to-point, and must be reviewed for - relevance and then prioritized for action by the recipient, - introducing additional latency. - - In order to adequately combat evolving threats, computer security - information resource providers should be able to share selected - information proactively. Proactive sharing greatly aids knowledge - dissemination, and improves response times and usability by allowing - the consumer to choose which information is relevant to its needs. - - For example, a security analyst can benefit by having the ability to - search a comprehensive collection of attack indicators that have been - published by a government agency, or by another member of a sharing - consortium. The representation of each indicator may include links - to the related resources, enabling an appropriately authenticated and - authorized analyst to freely navigate the information space of - indicators, incidents, vulnerabilities, and other computer security - domain concepts as needed. In this way, an analyst can more - effectively utilize the super set of information made publicly - available. - -4.2. Knowledge Aggregation + In order to automate security process, tools need access to + sufficient sources of structured, security information that can be + used to drive security processes. Thus, security information sharing + is one of the core components of automating security processes. + Vulnerabilities, configurations, software identification, security + incidents, and patch data are just a few of the classes of + information that are shared today to enable effective security on a + wide scale. However, as the scale of defense broadens as networks + become larger and more complex, and the volume of information to + process makes humans-in-the-loop difficult to scale, the need for + automation and machine-to-machine communication becomes increasingly + critical. - Additionally, there is value in maintaining a repository of knowledge - that can be queried by a new consumer, allowing this consumer to - identify and retrieve any information that is relevant to its needs. - In this way, the consumer can gain access to meaningful current and - historic information, catching up to the knowledge level of its - peers. + ROLIE seeks to address this need by providing three major information + sharing benefits: - Consider the case of an automated endpoint management system - attempting to proactively prevent software flaws and mis-configured - software from compromising the security of the affected systems. - During its full network sweep, the endpoint monitoring system would - check each endpoint for outdated, vulnerable, and mis-configured - software. This system would benefit from having access to not only - the software vendor's list of vulnerabilities and configuration - baselines, but also similar information discovered by other security - researchers. An advanced system could even give back to this sharing - consortium by sharing any relevant information discovered. + Extensible information type categories and format agnosticism: ROLIE + is not bound to any given data format or category of information. + Instead, information categories are extensible, and entries + declare the format of the referenced data. In cases where several + formats or serializations are available, ROLIE can use link + relations to communicate how a consumer can access these formats. + For example, clients may request that a given resource + representation be returned as XML, JSON, or in some other format + or serialization. This approach allows the provider to support + multiple, compatible formats allowing the consumer to select the + most suitable version. - These capabilities support a federated collection of information - repositories that can be queried and contributed to by an - organization, further supporting automated security solutions. + Open and distributed information sharing: Using the Atom Publishing + Protocol, ROLIE feeds can easily aggregate feeds and accept + information POSTed to them from other sources. Webs of + communicating ROLIE servers form ad-hoc sharing communities, + increasing data availability and the ability to correlate linked + data across sources for participating consumers. ROLIE servers + needn't be distributed however, as large ROLIE repositories can + function as a central or federated collections. -4.3. Resource-oriented Architecture + Stateless communication model: ROLIE, as a RESTful system, is + stateless. That is, the server doesn't keep track of client + sessions, but rather uses link relations for state transitions. + In practice, this means that any consumer can find and share + information at any organizational level and at any time without + needing to execute a long series of requests. - Applying the REST architectural style to the problem domain of - security information sharing involves exposing information of any - relevant type as simple Web-addressable resources. Each provider - maintains their own repository of data, with public and private - sections as needed. Any producer or consumer can then discover these - repositories, search for relevant Feeds, and pull information from - them. By using this approach, an organization can more quickly and - easily share relevant data representations with a much larger and - potentially more diverse constituency. A consumer may leverage - virtually any available HTTP user agent in order to make requests of - the service provider. This improved ease of use enables more rapid - adoption and broader participation, thereby improving security for - everyone. + Information discovery and navigation: ROLIE provides a number of + mechanisms to allow clients to programmtically discover and + navigate collections of information in order to dynamically + discover new or revised content. Extensible information types and + other categories provide one way of determining content that is + desirable. Link elements, each with a target URI and an + established relationship type, provide a means for ROLIE providers + to link other information that is relevant to the current entry or + feed. - A key aspect of any RESTful Web service is the ability to provide - multiple resource representations. For example, clients may request - that a given resource representation be returned as XML, JSON, or in - some other format. In order to enable backwards-compatibility and - interoperability with existing implementations, the RESTful approach - allows the provider to make differing formats available proactively, - allowing the consumer to simply select the version that best suits - them. + These benefits result in an information sharing protocol that is + lightweight, interactive, open, and most importantly, machine + readable. - Finally, an important principle of the REST architectural style is - the focus on hypermedia as the engine of application state (HATEOAS). - Rather than the server maintaining conversational state for each - client, the server will instead include a suitable set of hyperlinks - in the resource representation that is returned to the client. The - included hyperlinks provide the client with a specific set of - permitted state transitions. Using these links the client may - perform an operation, such as updating or deleting the resource - representation. The client may also be provided with hypertext links - that can be used to navigate to any related resource. For example, - the resource representation for an object may contain links to the - related resource(s). In this way, the server remains stateless with - respect to a series of client requests. + The requirements in this specification are broken into two major + sections, extensions to the Atom Publishing Protocol (AtomPub) + [RFC5023], and extensions to the Atom Syndication Format [RFC4287]. + All normative requirements in AtomPub and Atom Syndication are + inherited from their respective specifications, and apply here unless + the requirement is explicitly overridden in this document. In this + way, this document may upgrade the requirement (e.g., make a SHOULD a + MUST), but will never downgrade a given requirement (e.g., make a + MUST a SHOULD). 5. ROLIE Requirements for the Atom Publishing Protocol This section describes a number of restrictions of and extensions to the Atom Publishing Protocol (AtomPub) [RFC5023] that define the use of that protocol in the context of a ROLIE-based solution. The normative requirements in this section are generally oriented towards client and server implementations. An understanding of the Atom Publishing Protocol specification [RFC5023] is helpful to understand the requirements in this section. @@ -332,71 +299,71 @@ consists of one or more app:workspace elements that may each contain a number of app:collection elements. The general structure of a service document is as follows (from RFC5023 section 4.2 [RFC5023]): Service o- Workspace | | | o- Collection + | | | + | | o- IRI, categories, media types | | - | o- IRI, categories, media types + | o- ... | o- Workspace + | | + | o- Collection + | | | + | | o- IRI, categories, media types + | | + | o- ... | - o- Collection - | - o- IRI, categories, media types + o- ... 5.1.1. Use of the "app:workspace" Element In AtomPub, a Workspace, represented by the "app:workspace" element, describes a group of one or more Collections. Building on the AtomPub concept of a Workspace, in ROLIE a Workspace represents an aggregation of Collections pertaining to security automation information resources. This specification does not impose any restrictions on the number of Workspaces that may be in a Service Document or the specific Collections to be provided within a given Workspace. - The following restrictions are imposed on the use of the - app:workspace element in ROLIE: - - o A ROLIE repository can host Collections containing both public and - private information entries. It is RECOMMENDED that public and - private Collections be segregated into different Workspaces. By - doing this, Workspaces that contain private information can be - ignored by clients or can be omitted from the Service Document - provided to a client that lacks the appropriate privilege to - access the set of Collections associated with the Workspace. - - o Appropriate descriptions and naming conventions SHOULD be used to - indicate the intended audience of each workspace. This helps to - facilitate the selection of appropriate Workspaces by users. + A ROLIE implementation can host Collections containing both public + and private information entries. It is RECOMMENDED that + implementations segregate public and private Collections into + different app:workspace elements. By doing this, Workspaces that + contain private information can be ignored by clients or can be + omitted from the Service Document provided to a client that lacks the + appropriate privilege to access the set of Collections associated + with the Workspace. 5.1.2. Use of the "app:collection" Element In AtomPub, a Collection in a Service Document, represented by the "app:collection" element, provides metadata that can be used to point to a specific Atom Feed that contains information Entries that may be of interest to a client. The association between a Collection and a Feed is provided by the "href" attribute of the app:collection element. Building on the AtomPub concept of a Collection, in ROLIE a Collection represents a pointer to a group of security automation information resources pertaining to a given type of security automation information. Collections are represented as Atom Feeds as per RFC 5023. Atom Feed specific requirements are defined in section 6.1. The following restrictions are imposed on the use of the - app:collection element for ROLIE: + app:collection element for ROLIE implementations: o The atom:category elements contained in the app:categories element MUST be the same set of atom:categories used in the Atom Feed resource indicated by the app:collection "href" attribute value. This ensures that the category metadata associated with the Collection is discoverable in both the Feed and the corresponding Collection in the Service Document. o An app:collection pertaining to a security automation information resource Feed MUST contain an app:categories element that @@ -417,61 +384,64 @@ o The app:categories element in an app:collection MAY include additional atom:category elements using a scheme other than "urn:ietf:params:rolie:category:information-type". This allows other category metadata to be included. 5.1.3. Service Discovery This specification requires that an implementation MUST publish an Atom Service Document that describes the set of security information - sharing Collections that are provided by the repository. - - The Service Document SHOULD be discoverable via the organization's - Web home page or another well-known public resource. An example of - this can be found in appendix B.1. - - The Service Document MUST be retrievable using the standardized URI - template "https://{host:port}/rolie/servicedocument", where + Collections provided by the service. The Service Document MUST be + retrievable using the standardized URI template + "https://{host:port}/.well-known/rolie/servicedocument", where {host:port} is the authority portion of the URI. Dereferencing this URI MAY result in a redirect based on an appropriate HTTP 3xx status code to direct the client to the actual Service Document. This allows clients to have a well-known location to find a ROLIE service document, while giving implementations flexibility over how the service is deployed. - The service document MAY also be digitally signed and/or encrypted - according to XML Signature Syntax and Processing [xmldsig] and XML - Encryption Syntax and Processing [xmlenc] respectively. + This document registers the "rolie/servicedocument" well-known URI as + per [RFC5785] in Section 8.5. + + A mechanism to determine which host and port to use is not specified + in this document. Use of a mechanism such as DNS SRV Records + [RFC2782] can provide a secure and reliable discovery mechanism for + determining a specific host and port to use for retrieving a Service + Document for a given DNS domain. 5.2. AtomPub Category Documents As described in RFC5023 section 7 [RFC5023], a Category Document is an XML-based document format that allows a client to dynamically discover the Categories used within AtomPub Service Documents, and Atom Syndication Feed and Entry documents provided by a publisher. A Category Document consists of one app:categories element that contains a number of inline atom:category elements, or a URI - referencing a Category Document that describes the repository. + referencing a Category Document. - A ROLIE implementation MUST publish an Category Document that - describes the set of atom:category elements and associated terms used - within the implemented repository. + A ROLIE implementation MUST publish a Category Document that + describes the set of atom:category elements and associated terms + currently used by the service. The Category Document MUST be retrievable using the standardized URI - template "https://{host:port}/rolie/categorydocument", where - {host:port} is the authority portion of the URI. Dereferencing this - URI MAY result in a redirect based on an appropriate HTTP 3xx status - code to direct the client to the actual Category Document. This - allows clients to have a well-known location to find a ROLIE category - document, while giving implementations flexibility over how the - service is deployed. + template "https://{host:port}/.well-known/rolie/categorydocument", + where {host:port} is the authority portion of the URI. Dereferencing + this URI MAY result in a redirect based on an appropriate HTTP 3xx + status code to direct the client to the actual Category Document. + This allows clients to have a well-known location to find a ROLIE + category document, while giving implementations flexibility over how + the service is deployed. + + This document registers the "rolie/categorydocument" well-known URI + as per [RFC5785] in Section 8.5. 5.3. Transport Layer Security ROLIE is intended to be handled with TLS. The following requirements have been derived from [RFC7589]. The most recent published version of TLS MUST be supported, and any mandatory-to-implement (MTI) cipher suites in that version MUST be supported as well. @@ -484,38 +454,39 @@ client's expectations. Particularly, the client MUST check its understanding of the server hostname against the server's identity as presented in the server Certificate message, in order to prevent man- in-the-middle attacks. Matching is performed according to the rules laid out in the Security Considerations section of [RFC4642]. If the match fails, the client MUST either ask for explicit user confirmation or terminate the connection and indicate the server's identity is suspect. Additionally, clients MUST verify the binding between the identity of the servers to which they connect and the - public keys presented by those servers. Clients SHOULD implement the - algorithm in Section 6 of [RFC5280] for general certificate - validation, but MAY supplement that algorithm with other validation - methods that achieve equivalent levels of verification (such as - comparing the server certificate against a local store of already- - verified certificates and identity bindings). If the client has - external information as to the expected identity of the server, the - hostname check MAY be omitted. + public keys presented by those servers. Client implementations + SHOULD support an equivalent certificate validation approach to the + what is defined in Section 6 of [RFC5280], but MAY supplement that + algorithm with other validation methods that achieve equivalent + levels of verification (such as comparing the server certificate + against a local store of already-verified certificates and identity + bindings). If the client has external information as to the expected + identity of the server, the hostname check MAY be omitted. The server MUST be capable of verifying the identity of the client with certificate-based authentication according to local policy to ensure that the incoming client request is legitimate before any configuration or state data is sent to or received from the client. 5.4. User Authentication and Authorization - Implementations MUST support user authentication. User - authentication MAY be enabled for specific Feeds. + Implementations MUST support user authentication. However, a given + implementation MAY allow user authentication to be disabled on a feed + by feed basis. Servers participating in an information sharing consortium and supporting interactive user logins by members of the consortium SHOULD support client authentication via a federated identity scheme (e.g., SAML 2.0). This document does not mandate the use of any specific user authorization mechanisms. However, service implementers SHOULD provide appropriate authorization checking for all resource accesses, including individual Atom Entries, Atom Feeds, and Atom Service @@ -549,22 +520,22 @@ Clients MUST be capable of recognizing and processing any standard HTTP status code, as defined in [RFC5023] Section 5. 6. ROLIE Requirements for the Atom Syndication Format This section describes a number of restrictions of and extensions to the Atom Syndication Format [RFC4287] that define the use of that format in the context of a ROLIE-based solution. The normative requirements in this section are generally oriented towards any - content to be published to a ROLIE repository. An understanding of - the Atom Syndication Format specification [RFC4287] is helpful to + content to be published to a ROLIE server. An understanding of the + Atom Syndication Format specification [RFC4287] is helpful to understand the requirements in this section. 6.1. Use of the "atom:feed" element As described in RFC4287 section 4.1.1 [RFC4287], an Atom Feed is an XML-based document format that describes a list of related information items. The list of Atom Feeds provided by a ROLIE service instance are listed in the service's Service Document through one or more app:collection elements. Each Feed document, represented using the atom:feed element, contains a listing of zero or more @@ -572,23 +543,23 @@ "Entry". When applied to the problem domain of security automation information sharing, an Atom Feed may be used to represent any meaningful collection of security automation information resources. Each Entry in an atom:feed represents an individual resource (e.g., a specific checklist, a software vulnerability record). Additional Feeds can be used to represent other collections of security automation resources. The following Atom Feed definition represents a stricter definition - of the atom:feed element defined in RFC 4287 for use in a ROLIE Any - element not specified here inherits its definition and requirements - from [RFC4287]. + of the atom:feed element defined in RFC 4287 for use in a ROLIE + implementation. Any element not specified here inherits its + definition and requirements from [RFC4287]. atomFeed = element atom:feed { atomCommonAttributes, (atomAuthor* & atomCategory+ & atomContributor* & atomGenerator? & atomIcon? & atomId @@ -621,35 +592,35 @@ Entries in the Feed MUST represent security automation information records of the provided information type category or categories. o Any atom:feed element that does not contain a child atom:category element with the "scheme" attribute value of "urn:ietf:params:rolie:category:information-type" MUST NOT be considered a ROLIE Collection. This allows Feeds pertaining to security automation information to co-exist alongside Feeds of other non-ROLIE information within the same AtomPub instance. - o An atom:feed may include additional atom:category elements using a + o An atom:feed MAY include additional atom:category elements using a scheme other than "urn:ietf:params:rolie:category:information- type". This allows other category metadata to be included. 6.1.2. Use of the "atom:link" Element Link relations defined by the atom:link element are used to represent state transitions using a stateless approach. In Atom a type of link relationship can be defined using the "rel" attribute. A ROLIE atom:feed MUST contain one or more atom:link elements with rel="service" and href attribute whose value is a IRI that points to - an Atom Service Document associated with the atom:feed. When a - client is presented with a Feed as its initial view into a - repository, a link with the service relationship provides a means to + an Atom Service Document associated with the atom:feed. If a client + accesses a Feed without first accessing the service's service + document, a link with the "service" relationship provides a means to discover additional security automation information. The "service" link relationship is defined in the IANA Link Relations Registry [1]. An atom:feed can contain an arbitrary number of Entries. In some cases, a complete Feed may consist of a large number of Entries. Additionally, as new and updated Entries are ordered at the beginning of a Feed, a client may only be interested in retrieving the first N entries in a Feed to process only the Entries that have changed since the last retrieval of the Feed. As a practical matter, a large set of Entries will likely need to be divided into more manageable @@ -707,42 +678,43 @@ 6.1.3. Use of the "atom:updated" Element The atom:updated element MUST be populated with the current time at the instant the Feed representation was last updated by adding, updating, or deleting an Entry; or changing any metadata for the Feed. 6.2. Use of the "atom:entry" Element Each Entry in an Atom Feed, represented by the atom:entry element, - describes a single information record, format, and type combination. - The following atom:entry schema definition represents a stricter - representation of the atom:entry element defined in [RFC4287] for use - in a ROLIE-based Atom Feed. + describes a single referenced information record, along with + descriptive information about its format, media type, and other + publication metadata. The following atom:entry schema definition + represents a stricter representation of the atom:entry element + defined in [RFC4287] for use in a ROLIE-based Atom Feed. atomEntry = element atom:entry { atomCommonAttributes, (atomAuthor* & atomCategory* & atomContent & atomContributor* & atomId & atomLink* & atomPublished? & atomRights? & atomSource? & atomSummary? & atomTitle & atomUpdated & rolieFormat - & rolieProperty + & rolieProperty* & extensionElement*) } 6.2.1. Use of the "atom:content" Element There MUST be exactly one atomContent element in the Entry. The content element MUST adhere to this definition, which is a stricter representation of the atom:content element defined in [RFC4287]: atomContent = @@ -814,33 +786,39 @@ atom:content element. For example, the namespace used may be an XML namespace URI, or an identifier that represents a serialized JSON model. The URI used for the "ns" attribute value MUST be an absolute or opaque URI. The resource identified by the URI need not be resolvable. The rolie:format element MAY provide a "version" attribute that identifies the version of the format used for the related atom:content. - The rolie:format element MAY provide a "schema-location" element that - is a URI that identifies a schema resource that can be used to + The rolie:format element MAY provide a "schema-location" attribute + that is a URI that identifies a schema resource that can be used to validate the related atom:content. - The rolie:format element MAY provide a "schema-type" element, which + The rolie:format element MAY provide a "schema-type" attribute, which is a mime type identifying the format of the schema resource identified by the "schema-location" attribute. - For example, the nominal element would provide an indication that the content of this entry - is using the IODEF v2 format. + The following nominal example shows how these attributes describe the + format of the content: + + + + The previous element provides an indication that the content of the + given entry is using the IODEF v2 format. 6.2.4. Use of the rolie:property Element An atom:category element provides a way to associate a name/value pair of categorical information using the scheme and term attributes to represent the name, and the label attribute to represent the value. When used in this way an atom:category allows a specific label to be selected from a finite set of possible label values that can be used to further classify a given atom:entry or atom:feed. Within ROLIE, there may be a need to associate additional metadata @@ -880,21 +858,21 @@ Entry in order to provide additional information. Clients that do not recognize a property with an unregistered name attribute MAY ignore the rolie:property. 6.2.5. Requirements for a Standalone Entry If an Entry is ever shared as a standalone resource, separate from its containing Feed, then the following additional requirements apply: - o The Entry MUST have a atom:link element with rel="collection" and + o The Entry MUST have an atom:link element with rel="collection" and href="[IRI of the containing Collection]". This allows the Feed or Feeds for which the Entry is a member to be discovered, along with the related information the Feed may contain. In the case of the Entry have multiple containing Feeds, the Entry MUST have one atom:link for each related Feed. o The Entry MUST declare the information type of the content resource referenced by the Entry (see Section 7.1.2). 7. Available Extension Points Provided by ROLIE @@ -911,32 +889,39 @@ including specific categories, link relations, as well as, use of specific data formats supporting a given information type term. 7.1. The Category Extension Point The atom:category element, defined in RFC 4287 section 4.2.2 [RFC4287], provides a mechanism to provide additional categorization information for a content resource in ROLIE. The ability to define new categories is one of the core extension points provided by Atom. A Category Document, defined in RFC 5023 section 7 [RFC5023], - provides a mechanism for an Atom repository to make discoverable the - atom:category terms and allowed values used by a given repository. + provides a mechanism for an Atom implementation to make discoverable + the atom:category terms and associated allowed values. ROLIE further defines the use of the existing Atom extension category mechanism by allowing ROLIE specific category extensions to be registered with IANA, and additionally has assigned the "urn:ietf:params:rolie:category:information-type" category scheme that has special meaning for implementations of ROLIE. This allows category scheme namespaces to be managed in a more consistent way, allowing for greater interoperability between content producers and consumers. + The namespace "urn:ietf:params:rolie:category:local" has been + reserved in the IANA ROLIE Parameters table for private use as + defined in [RFC5226]. Any category whose "scheme" attribute uses + this as a prefix MUST be considered private use. Implementations + encountering such a category MUST parse the content without error, + but MAY otherwise ignore the element. + Use of the "atom:category" element is discussed in the following subsections. 7.1.1. General Use of the "atom:category" Element The atom:category element can be used for characterizing a ROLIE Resource. As discussed earlier in this document, an atom:category element has a "term" attribute that indicates the assigned category value, and a "scheme" attribute that provides an identifier for the category type. The "scheme" provides a means to describe how a set @@ -1041,30 +1026,43 @@ represented in ROLIE according to RFC 4287 section 4.2.7.2 [RFC4287]. Based on the preceding reference, if the link relation is too specific or limited in the intended use, an absolute IRI can be used in lieu of registering a new simple name with IANA. 7.4. The "rolie:property" Extension Point As discussed previously in Section 6.2.4, many formats contain unique identifying and characterizing properties that are vital for sharing information. In order to provide a global reference for these - properties, this document establishes an IANA registry in Section 7.4 + properties, this document establishes an IANA registry in Section 8.3 that allows ROLIE extensions to register named properties using the name field with a type parameter of "property" to indicate a property extension. Implementations SHOULD prefer the use of registered properties over implementation specific properties when possible. ROLIE extensions are expected to register new and use existing properties to provide valuable identifying and characterizing information for a given information type and/or format. + The namespace "urn:ietf:params:rolie:property:local" has been + reserved in the IANA ROLIE Parameters table for private use as + defined in [RFC5226]. Any property whose "name" attribute uses this + as a prefix MUST be considered private use. Implementations + encountering such a property MUST parse the content without error, + but MAY otherwise ignore the element. + + This document also registers the + "urn:ietf:params:rolie:property:content-author-name" property name. + This property provides an exposure point for the person or + organization that authored the content linked to in the "src" + attribute of the entry's atom:content element. + 8. IANA Considerations This document has a number of IANA considerations described in the following subsections. 8.1. XML Namespaces and Schema URNs This document uses URNs to describe XML namespaces and XML schemas conforming to a registry mechanism described in [RFC3688]. @@ -1123,50 +1120,69 @@ Name: A URN segment that adheres to the pattern {type}:{label}. The keywords are defined as follows: {type}: The parameter type. The allowed values are "category" or "property". "category" denotes a category extension as discussed in Section 7.1. "property" denotes a property extension as discussed in Section 7.4. {label}: A required US-ASCII string that conforms to the URN syntax requirements (see [RFC2141]). This string must be - unique within the namespace defined by the {type} keyword. + unique within the namespace defined by the {type} keyword. The + "local" label for both the "category" and "property" types has + been reserved for private use. Extension IRI: The identifier to use within ROLIE, which is the full URN using the form: urn:ietf:params:rolie:{name}, where {name} is the "name" field of this registration. Reference: A static link to the specification and section that the definition of the parameter can be found. Sub-registry: An optional field that links to an IANA sub-registry for this parameter. If the {type} is "category", the sub-registry must contain a "name" field whose registered values MUST be US- ASCII. The list of names are the allowed values of the "term" attribute in the atom:category element. (See Section 7.1.2). This repository has the following initial values: - +-----------+--------------------+------+---------------------------+ - | Name | Extension IRI | Refe | Sub-Registry | - | | | renc | | - | | | e | | - +-----------+--------------------+------+---------------------------+ - | category: | urn:ietf:params:ro | This | [TO BE REMOVED: This | - | informati | lie:category | docu | registration should take | - | on-type | :information-type | ment | place at the following | - | | | , Se | location: https://www.ian | - | | | ctio | a.org/assignments/rolie/c | - | | | n | ategory/information-type] | - | | | 9.4 | | - +-----------+--------------------+------+---------------------------+ + +------------+-------------------+-------+--------------------------+ + | Name | Extension IRI | Refer | Sub-Registry | + | | | ence | | + +------------+-------------------+-------+--------------------------+ + | category:i | urn:ietf:params:r | This | [TO BE REMOVED: This | + | nformation | olie:category | docum | registration should take | + | -type | :information-type | ent, | place at the following | + | | | Secti | location: https://www.ia | + | | | on | na.org/assignments/rolie | + | | | 8.4 | /category/information- | + | | | | type] | + | property:l | urn:ietf:params:r | This | None | + | ocal | olie:property:loc | docum | | + | | al | ent, | | + | | | Secti | | + | | | on | | + | | | 7.4 | | + | category:l | urn:ietf:params:r | This | None | + | ocal | olie:category:loc | docum | | + | | al | ent, | | + | | | Secti | | + | | | on | | + | | | 7.1 | | + | property | urn:ietf:params:r | This | None | + | :content- | olie:property | docum | | + | author- | :content-author- | ent, | | + | name | name | Secti | | + | | | on | | + | | | 7.4 | | + +------------+-------------------+-------+--------------------------+ 8.4. ROLIE Security Resource Information Type Sub-Registry A new sub-registry has been created to store ROLIE information type values. Name of Registry: "ROLIE Information Types" Location of Registry: https://www.iana.org/assignments/rolie/category/information-type @@ -1185,29 +1201,54 @@ registry uses the value 1, and this value is incremented for each subsequent entry added to the registry. reference: A list of one or more URIs [RFC3986] from which the registered specification can be obtained. The registered specification MUST be readily and publicly available from that URI. The URI SHOULD be a stable reference. Allocation Policy: Specification required as per [RFC5226] +8.5. Well-Known URI Registrations + + This document makes the follow two registrations to the Well-Known + URI Registry at https://www.iana.org/assignments/well-known-uris/ + well-known-uris.xhtml. + + Service Document registration: + + URI suffix: rolie/servicedocument + + Change controller: IETF + + Specification document: This document, Section 5.1.3 + + Related information: None + + Category Document registration: + + URI suffix: rolie/categorydocument + + Change controller: IETF + + Specification document: This document, Section 5.2 + + Related information: None + 9. Security Considerations This document defines a resource-oriented approach for lightweight information exchange using HTTP over TLS, the Atom Syndication Format, and the Atom Publishing Protocol. As such, implementers must understand the security considerations described in those specifications. All that follows is guidance, more specific - instruction is out of scope for this document and will be located in - a dedicated informational document. + instruction is out of scope for this document. All security measures SHOULD be enforced at the source, that is, a provider SHOULD NOT return any Feed content or member Entry content for which the client identity has not been specifically authenticated, authorized, and audited. The approach described herein is based upon all policy enforcements being implemented at the point when a resource representation is created. As such, producers sharing cyber security information using this specification must take care to authenticate their HTTP clients @@ -1222,24 +1263,24 @@ approach. In general, trust in the sharing consortium will depend upon the members maintaining adequate user authentication mechanisms. Collaborating consortiums may benefit from the adoption of a federated identity solution, such as those based upon SAML-core [SAML-core], SAML-bind [SAML-bind], and SAML-prof [SAML-prof] for Web-based authentication and cross-organizational single sign-on. Dependency on a trusted third party identity provider implies that appropriate care must be exercised to sufficiently secure the Identity provider. Any attacks on the federated identity system - would present a risk to the CSIRT, as a relying party. Potential - mitigations include deployment of a federation-aware identity - provider that is under the control of the information sharing - consortium, with suitably stringent technical and management + would present a risk to the consortium, as a relying party. + Potential mitigations include deployment of a federation-aware + identity provider that is under the control of the information + sharing consortium, with suitably stringent technical and management controls. Authorization of resource representations is the responsibility of the source system, i.e. based on the authenticated user identity associated with an HTTP(S) request. The required authorization policies that are to be enforced must therefore be managed by the security administrators of the source system. Various authorization architectures would be suitable for this purpose, such as RBAC [3] and/or ABAC, as embodied in XACML [XACML]. In particular, implementers adopting XACML may benefit from the capability to @@ -1261,49 +1302,78 @@ enforced at both the source and destination systems, implementers must take care to avoid unintended interactions of the separately enforced policies. Potential risks will include unintended denial of service and/or unintended information leakage. These problems may be mitigated by avoiding any dependence upon enforcements performed at the destination system. When distributed enforcement is unavoidable, the usage of a standard language (e.g. XACML) for the expression of authorization policies will enable the source and destination systems to better coordinate and align their respective policy expressions. + A service discovery mechanism is not explicitly specified in this + document, and there are several approaches available for + implementers. When selecting this mechanism, implementations need to + ensure that their choice provides a means for authenticating the + server. As described in the discovery section, DNS SRV Records are a + possible secure solution to discovery. + +10. Privacy Considerations + + The optional author field may provide an identification privacy issue + if populated without the author's consent. This information may + become public if posted to a public feed. Special care should be + taken when aggregating or sharing entries from other feeds, or when + programmatically generating ROLIE entries from some data source that + the author's personal info is not shared without their consent. + + When using the Atom Publishing Protocol to POST entries to a feed, + attackers may use correlating techniques to profile the user. The + request time can be compared to the generated "updated" field of the + entry in order to build out information about a given user. This + correlation attempt can be mitigated by not using HTTP requests to + POST entries when profiling is a risk, and rather use backend control + of the feeds. + Adoption of the information sharing approach described in this document will enable users to more easily perform correlations across separate, and potentially unrelated, cyber security information providers. A client may succeed in assembling a data set that would not have been permitted within the context of the authorization policies of either provider when considered individually. Thus, providers may face a risk of an attacker obtaining an access that constitutes an undetected separation of duties (SOD) violation. It is important to note that this risk is not unique to this specification, and a similar potential for abuse exists with any other cyber security information sharing protocol. However, the wide availability of tools for HTTP clients and Atom Feed handling implies that the resources and technical skills required for a successful exploit may be less than it was previously. This risk can be best mitigated through appropriate vetting of the client at account provisioning time. In addition, any increase in the risk of this type of abuse should be offset by the corresponding increase in effectiveness that this specification affords to the defenders. -10. Acknowledgements + Overall, ROLIE introduces few privacy concerns above and beyond those + present in any other HTTP protocol. Those that exist can be + mitigated by following security considerations and carefully using + the optional identifying elements. + +11. Acknowledgements The authors gratefully acknowledge the valuable contributions of Tom Maguire, Kathleen Moriarty, and Vijayanand Bharadwaj. These individuals provided detailed review comments on earlier drafts, and made many suggestions that have helped to improve this document. -11. References +12. References -11.1. Normative References +12.1. Normative References [RFC0020] Cerf, V., "ASCII format for network interchange", STD 80, RFC 20, DOI 10.17487/RFC0020, October 1969, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . @@ -1364,30 +1434,40 @@ Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, . [RFC4642] Murchison, K., Vinocur, J., and C. Newman, "Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)", RFC 4642, DOI 10.17487/RFC4642, October 2006, . + [RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known + Uniform Resource Identifiers (URIs)", RFC 5785, + DOI 10.17487/RFC5785, April 2010, + . + [relax-NG] Clark, J., Ed., "RELAX NG Compact Syntax", 11 2002, . -11.2. Informative References +12.2. Informative References [RFC2141] Moats, R., "URN Syntax", RFC 2141, DOI 10.17487/RFC2141, May 1997, . + [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for + specifying the location of services (DNS SRV)", RFC 2782, + DOI 10.17487/RFC2782, February 2000, + . + [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between Information Models and Data Models", RFC 3444, DOI 10.17487/RFC3444, January 2003, . [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . @@ -1406,39 +1486,30 @@ . [SAML-bind] Cantor, S., Hirsch, F., Kemp, J., Philpott, R., and E. Maler, "Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0", OASIS Standard saml-bindings- 2.0-os, March 2005, . - [xmldsig] Bartel, M., Boyer, J., Fox, B., LaMacchia, B., and E. - Simon, "XML Signature Syntax and Processing (Second - Edition)", June 2008, . - - [xmlenc] Imamura, T., Dillaway, B., and E. Simon, "XML Encryption - Syntax and Processing", December 2002, - . - [XACML] Rissanen, E., "eXtensible Access Control Markup Language (XACML) Version 3.0", August 2010, . [REST] Fielding, R., "Architectural Styles and the Design of Network-based Software Architectures", 2000, . -11.3. URIs +12.3. URIs [1] https://www.iana.org/assignments/link-relations/link- relations.xhtml [2] https://www.iana.org/assignments/link-relations/link- relations.xhtml [3] http://csrc.nist.gov/groups/SNS/rbac/ Appendix A. Relax NG Compact Schema for ROLIE @@ -1488,21 +1559,21 @@ uses an Atom Service Document to enable authorized clients to determine what specific information the provider makes available to the community. While the Service Document is accessible at a pre- determined location, the Service Document can also be made accessible from any well known location, such as via a link from the producer's home page. A client may format an HTTP GET request to retrieve the service document from the specified location: - GET /rolie/servicedocument + GET /.well-known/rolie/servicedocument Host: www.example.org Accept: application/atomsvc+xml Notice the use of the HTTP Accept: request header, indicating the MIME type for Atom service discovery. The response to this GET request will be an XML document that contains information on the specific Collections that are provided. Example HTTP GET response: @@ -1545,35 +1616,35 @@ Public Security Information Sharing Public Vulnerabilities + href="www.example.com/rolie/servicedocument"/> Private Consortium Sharing Incidents + href="www.example.com/rolie/servicedocument"/> In this example, the provider is making available a total of two @@ -1634,21 +1705,21 @@ dd786dba-88e6-440b-9158-b8fae67ef67c Sample Vulnerability 2015-08-04T18:13:51.0Z 2015-08-05T18:13:51.0Z A vulnerability issue identified by CVE-... This Feed document has two Atom Entries, one of which has been elided. The first Entry illustrates an atom:entry element that @@ -1702,22 +1773,34 @@ src="http://www.example.org/provider/vulns/123456/data"> The example response above shows an XML document referenced by the "src" attribute of the atom:content element. The client may retrieve the document using this URL. Appendix C. Change History + Changes in draft-ietf-mile-rolie-07 since draft-ietf-mile-rolie-06 + version, March 13, 2017 to TODO, 2017 + + Added /.well-known/ registration and requirement to service + discovery. + + Condensed and re-focused Sections 1 and 4 to be more concise. + + Added privacy considerations section. + + Made a number of editorial changes as per WGLC review. + Changes in draft-ietf-mile-rolie-06 since draft-ietf-mile-rolie-05 - version, November 2, 2016 to TODO, 2016 + version, November 2, 2016 to March 13, 2017 Changed to standards track Added the rolie:property element Fixed references (Normative vs Informative) Set Service and Category document URL template requirements Fixed XML snippets in examples