UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 8322

Resource-Oriented Lightweight Information Exchange (ROLIE)

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 February 2018
Status: active
Page Count: 43
scope:

Introduction

This document defines a resource-oriented approach to security automation information sharing that follows the Representational State Transfer (REST) architectural style [REST]. In this approach, computer security resources are maintained in web-accessible repositories structured as Atom Syndication Format [RFC4287] Feeds. Within a given Feed, which may be requested by the consumer, representations of specific types of security automation information are organized, categorized, and described. Furthermore, all collections available to a given user are discoverable, allowing the consumer to search all available content they are authorized to view, and to locate and request the desired information resources. Through the use of granular authentication and access controls, only authorized consumers may be permitted the ability to read or write to a given Feed

The goal of this approach is to increase the communication and sharing of security information between providers and consumers that can be used to automate security processes (e.g., incident reports, vulnerability assessments, configuration checklists, and other security automation information). Such sharing allows human operators and computer systems to leverage this standardized communication system to gather information that supports the automation of security processes.

To support new types of security automation information being used as time goes on, this specification defines a number of extension points that can be used either privately or globally. These global extensions are IANA-registered by Resource-Oriented Lightweight Information Exchange (ROLIE) extension specifications and provide enhanced interoperability for new use cases and domains. Sections 5 and 6 of this document define the requirements for XML representations of ROLIE; other equivalent representations (e.g. JSON) may be described by other documents. An overview of the extension system is provided in Section 7. Implementers seeking to provide support for specific security automation information types should refer to the specification for that domain as described by the IANA registry found in Section 8.4.

Document History

IETF RFC 8322
February 1, 2018
Resource-Oriented Lightweight Information Exchange (ROLIE)
Introduction This document defines a resource-oriented approach to security automation information sharing that follows the Representational State Transfer (REST) architectural style [REST]. In this...

References

Advertisement