IODEF Contact Zoom¶Incident
The Contact class describes contact information for organizations and personnel involved in the incident. This class allows for the naming of the involved party, specifying contact information for them, and identifying their role in the incident.
People and organizations are treated interchangeably as contacts; one can be associated with the other using the recursive definition of the class (the Contact class is aggregated into the Contact class). The 'type' attribute disambiguates the type of contact information being provided.
The inheriting definition of Contact provides a way to relate information without requiring the explicit use of identifiers in the classes or duplication of data. A complete point of contact is derived by a particular traversal from the root Contact class to the leaf Contact class. As such, multiple points of contact might be specified in a single instance of a Contact class. Each child Contact class logically inherits contact information from its ancestors.
The aggregate classes that constitute the Contact class are:¶
Zero or one. ML_STRING. The name of the contact. The contact may either be an organization or a person. The type attribute disambiguates the semantics.
Zero or many. ML_STRING. A free-form description of this contact. In the case of a person, this is often the organizational title of the individual.
Zero or many. A handle name into the registry of the contact.
Zero or one. The postal address of the contact.
Zero or many. The email address of the contact.
Zero or many. The telephone number of the contact.
Zero or one. The facsimile telephone number of the contact.
Zero or one. TIMEZONE. The timezone in which the contact resides.
Zero or many. A Contact instance contained within another Contact instance inherits the values of the parent(s). This recursive definition can be used to group common data pertaining to multiple points of contact and is especially useful when listing multiple contacts at the same organization.
Zero or many. A mechanism by which to extend the data model.
At least one of the aggregate classes MUST be present in an instance of the Contact class. This is not enforced in the IODEF schema as there is no simple way to accomplish it.
The Contact class has five attributes:¶
Required. ENUM. Indicates the role the contact fulfills. This attribute is defined as an enumerated list:
Rank Keyword Description 1 creator The entity that generate the document. 2 admin An administrative contact for a host or network. 3 tech A technical contact for a host or network. 4 irt The CSIRT involved in handling the incident. 5 cc An entity that is to be kept informed about the handling of the incident. 6 ext-value An escape value used to extend this attribute.
Optional. STRING. A means by which to extend the role attribute.
Required. ENUM. Indicates the type of contact being described. This attribute is defined as an enumerated list:
Rank Keyword Description 1 person The information for this contact references an individual. 2 organization The information for this contact references an organization. 3 ext-value An escape value used to extend this attribute.
Optional. STRING. A means by which to extend the type attribute.
Optional. ENUM. This attribute is defined in Incident Class.
The RegistryHandle class represents a handle into an Internet registry or community-specific database. The handle is specified in the element content and the type attribute specifies the database.
The RegistryHandle class has two attributes:¶
Required. ENUM. The database to which the handle belongs. The default value is 'local'. The possible values are:
Rank Keyword Description 1 internic Internet Network Information Center 2 apnic Asia Pacific Network Information Center 3 arin American Registry for Internet Numbers 4 lacnic Latin-American and Caribbean IP Address Registry 5 ripe Reseaux IP Europeens 6 afrinic African Internet Numbers Registry 7 local A database local to the CSIRT 8 ext-value An escape value used to extend this attribute.
Optional. STRING. A means by which to extend the registry attribute.