Skip to content

Proposal: Deprecate MAEC Container

Jump to bottom
Desiree Beck edited this page Apr 20, 2015 · 19 revisions

Status: Open
Comment Period Closes:
Affects Backwards Compatibility: Yes
Relevant Issues: https://github.com/MAECProject/schemas/issues/103

Background Information

The MAEC Container was created to support the notional use case of needing to embed multiple MAEC Packages in a single document. However, there are simpler options for supporting multiple MAEC Packages.

Related Proposals

This proposal is related to the following proposed change to the schema: https://github.com/MAECProject/schemas/wiki/Proposal:-Deprecate-MAEC-Bundle-(as-output-format)

Proposal

We propose to deprecate the MAEC Container for the sake of simplicity. The MAEC Container use case is not strong enough to warrant having the separate Container output format. A simpler alternative is to capture multiple MAEC Packages in a single Package document.

Example

<maecPackage:MAEC_Packages>
  <maecPackage:MAEC_Package id="maec-test-pkg-1" schema_version="5.0">
    <maecPackage:Objects>
    ...
    </maecPackage:Objects>
    <maecPackage:Malware_Subjects>
      ...
    </maecPackage:Malware_Subjects>
  </maecPackage:MAEC_Package>
  <maecPackage:MAEC_Package id="maec-test-pkg-2" schema_version="5.0">
    <maecPackage:Malware_Subjects>
      <maecPackage:Malware_Subject>
      ...
      </maecPackage:Malware_Subject>
    </maecPackage:Malware_Subjects>
  </maecPackage:MAEC_Package>
</maecPackage:MAEC_Packages>

Impact

This change will not be backward compatible and is one of several revisions planned in new major version.

Requested Feedback

  1. Does the proposed deprecation of the MAEC Container make sense?
  2. Is the proposed capture of multiple MAEC Packages in a single Package document reasonable?
  3. Are there alternative solutions?

Clone this wiki locally