Project

General

Profile

IODEF Contact Zoom

Incident


Contact Class

The Contact class describes contact information for organizations and personnel involved in the incident. This class allows for the naming of the involved party, specifying contact information for them, and identifying their role in the incident.

People and organizations are treated interchangeably as contacts; one can be associated with the other using the recursive definition of the class (the Contact class is aggregated into the Contact class). The 'type' attribute disambiguates the type of contact information being provided.

The inheriting definition of Contact provides a way to relate information without requiring the explicit use of identifiers in the classes or duplication of data. A complete point of contact is derived by a particular traversal from the root Contact class to the leaf Contact class. As such, multiple points of contact might be specified in a single instance of a Contact class. Each child Contact class logically inherits contact information from its ancestors.

The aggregate classes that constitute the Contact class are:

  • ContactName

Zero or one. ML_STRING. The name of the contact. The contact may either be an organization or a person. The type attribute disambiguates the semantics.

  • Description

Zero or many. ML_STRING. A free-form description of this contact. In the case of a person, this is often the organizational title of the individual.

  • RegistryHandle

Zero or many. A handle name into the registry of the contact.

  • PostalAddress

Zero or one. The postal address of the contact.

  • Email

Zero or many. The email address of the contact.

  • Telephone

Zero or many. The telephone number of the contact.

  • Fax

Zero or one. The facsimile telephone number of the contact.

  • Timezone

Zero or one. TIMEZONE. The timezone in which the contact resides.

  • Contact

Zero or many. A Contact instance contained within another Contact instance inherits the values of the parent(s). This recursive definition can be used to group common data pertaining to multiple points of contact and is especially useful when listing multiple contacts at the same organization.

  • AdditionalData

Zero or many. A mechanism by which to extend the data model.

At least one of the aggregate classes MUST be present in an instance of the Contact class. This is not enforced in the IODEF schema as there is no simple way to accomplish it.

The Contact class has five attributes:

  • role

Required. ENUM. Indicates the role the contact fulfills. This attribute is defined as an enumerated list:

Rank Keyword Description
1 creator The entity that generate the document.
2 admin An administrative contact for a host or network.
3 tech A technical contact for a host or network.
4 irt The CSIRT involved in handling the incident.
5 cc An entity that is to be kept informed about the handling of the incident.
6 ext-value An escape value used to extend this attribute.
  • ext-role

Optional. STRING. A means by which to extend the role attribute.

  • type

Required. ENUM. Indicates the type of contact being described. This attribute is defined as an enumerated list:

Rank Keyword Description
1 person The information for this contact references an individual.
2 organization The information for this contact references an organization.
3 ext-value An escape value used to extend this attribute.
  • ext-type

Optional. STRING. A means by which to extend the type attribute.

  • restriction

Optional. ENUM. This attribute is defined in Incident Class.

RegistryHandle Class

The RegistryHandle class represents a handle into an Internet registry or community-specific database. The handle is specified in the element content and the type attribute specifies the database.

The RegistryHandle class has two attributes:

  • registry

Required. ENUM. The database to which the handle belongs. The default value is 'local'. The possible values are:

Rank Keyword Description
1 internic Internet Network Information Center
2 apnic Asia Pacific Network Information Center
3 arin American Registry for Internet Numbers
4 lacnic Latin-American and Caribbean IP Address Registry
5 ripe Reseaux IP Europeens
6 afrinic African Internet Numbers Registry
7 local A database local to the CSIRT
8 ext-value An escape value used to extend this attribute.
  • ext-registry

Optional. STRING. A means by which to extend the registry attribute.

Contact.svg View - IODEF UML Diagram Contact Zoom (76.2 KB) Vérène Houdebine, 05/07/2015 05:30 PM