Relationships: Consensus & Open Questions

Allow generic

We should allow generic types of relationships, i.e., those that are not constrained by the particular source/target of the relationship, and also relationship type. This would allow users to create any type of arbitrary relationship, and accordingly shoot themselves in the foot if they want to.

{
  "type":"relationship",
  "source_ref":"coa-1",
  "target_ref":"ttp-1",
  "kind":"detected by"
}

Open Questions

Should this generic relationship exist by itself, or be defined in conjunction with other sub-classed relationships?

Help users NOT shoot themselves in the foot

We should help users NOT shoot themselves in the foot with the generic relationship, by defining a set of established relationship types and their semantics. Both STIX and CybOX already do this to an extent with their various controlled vocabularies.

Open Questions

Where should this set of established relationships be defined?
1. At the data model level?
2. At the specification level?
3. Both?
Should these relationships be validated at the serialization level?
1. If so, which particular mechanism should be used to capture these "default" relationships?
  1. A controlled vocabulary? An enumeration?

Allow user-defined relationship types

We should allow users to define and use their own custom types of relationships. For instance, a new type of relationship may be discovered between STIX TTPs and Indicators that is not included in the default set of relationships.

Open Questions

Is there an expectation or need for validation based on these custom relationship types?
How should these custom relationships be defined?
- A free-form string?
- A value from a custom controlled vocabulary?

Allow bi-directional relationships

We should allow for bi-directional relationships to be expressed and used in STIX. This does not necessarily mean that we have a separate structure for them, but rather that STIX does not enforce unidirectionality when used to build graph edges.

Open Questions

Do we require the ability to explicitly specify whether a relationship is bidirectional?
- If so, how should this be done?
  - Should this be done in a single relationship structure (e.g., is_bidirectional = true)?
  - Should this be done with a separate BidirectionalRelationship structure?
  - Or, should this be done by having explicit semantic understanding of whether a particular type of relationships (e.g., "Contains") is bidirectional or unidirectional?
- If so, is this something that MUST be defined in STIX 2.0, or can it be added in a point release?

Relationships: Consensus & Open Questions

Allow generic

Open Questions

Help users NOT shoot themselves in the foot

Open Questions

Allow user-defined relationship types

Open Questions

Allow bi-directional relationships

Open Questions

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally