Enable TAXII server to check for Interop requirements #154
Description
The TAXII interop document has some restrictions beyond what is in the TAXII spec. Check for these when an command line argument indicates it.
Possible issues:
- Sorting criteria for the collection endpoint (section 2.1.7) seems to be more restrictive than the spec (section 3.3)
- TAXII Client MUST support certificate-based authentication
- Many endpoints do not have a full set of error test cases
- Section 3.5 – test cases seem redundant
- The spec says that either 403 or 404 could be returned if there is a mismatch between a get_object request and its read/write permissions, but section 3.5.2 implies it should be a 403
- The spec says that either 403 or 404 could be returned if can_read is false for the client of the request, but section 3.6, 3.7 and 3.8 says it MUST be a 403
- The spec says that either 403 or 404 could be returned if can_write is false for the client of the request, but section 3.10 says it MUST be a 403
- 24-hour requirement for get-status is a MUST
- No Delete error test cases
- If we want to use the examples in this document, we need to get the test data
- Should the error messages in the TAXII spec be the ones returned in the error responses?
- Custom property names must include a UUID, which is different from the spec.
Metadata
Metadata
Assignees
Labels
No labels