-
Notifications
You must be signed in to change notification settings - Fork 16
Proposal: Deprecate MAEC Container
Status: Open
Comment Period Closes:
Affects Backwards Compatibility: Yes
Relevant Issues: https://github.com/MAECProject/schemas/issues/103
The MAEC Container was created to support the notional use case of needing to embed multiple MAEC Packages in a single document. However, there are simpler options for supporting multiple MAEC Packages.
This proposal is related to the following proposed change to the schema: https://github.com/MAECProject/schemas/wiki/Proposal:-Deprecate-MAEC-Bundle-(as-output-format)
Because there is no strong use case for the MAEC Container output format, we propose simplifying MAEC by deprecating the MAEC Container (we've also proposed that the MAEC Bundle be deprecated). As a result, the MAEC Package would be the only MAEC output format available.
The deprecation would involve removing the MAEC Container schema and output format.
In addition, a new top level "MAEC_Packages" field (of new type MAECPackageListType) could possibly be added to the MAEC Package schema in order to capture multiple MAEC Packages in a single Package document.
<maecPackage:MAEC_Packages>
<maecPackage:MAEC_Package id="maec-test-pkg-1" schema_version="5.0">
<maecPackage:Objects>
...
</maecPackage:Objects>
<maecPackage:Malware_Subjects>
...
</maecPackage:Malware_Subjects>
</maecPackage:MAEC_Package>
<maecPackage:MAEC_Package id="maec-test-pkg-2" schema_version="5.0">
<maecPackage:Malware_Subjects>
<maecPackage:Malware_Subject>
...
</maecPackage:Malware_Subject>
</maecPackage:Malware_Subjects>
</maecPackage:MAEC_Package>
</maecPackage:MAEC_Packages>This change will not be backward compatible and is one of several revisions planned in new major version.
- Does the proposed deprecation of the MAEC Container make sense?
- Is it necessary to support the capture of multiple MAEC Packages?
- If so, is the proposed capture in a single Package document reasonable?
- Are there alternative solutions?