Project

General

Profile

IODEF Contact Zoom » History » Version 2

Anonymous, 06/08/2015 11:02 AM

1 1 Anonymous
h1. IODEF Contact Zoom
2 1 Anonymous
3 1 Anonymous
[[IODEF Incident Zoom|Incident]]
4 1 Anonymous
* *Contact*
5 1 Anonymous
* [[IODEF Method Zoom|Method]]
6 1 Anonymous
* [[IODEF Assessment Zoom|Assessment]]
7 1 Anonymous
* [[IODEF EventData Zoom|EventData]]
8 1 Anonymous
** [[IODEF Flow Zoom|Flow]]
9 1 Anonymous
* [[IODEF History Zoom|History]]
10 1 Anonymous
11 1 Anonymous
----
12 1 Anonymous
13 1 Anonymous
!/attachments/download/53/Contact.svg!
14 2 Anonymous
15 2 Anonymous
----
16 2 Anonymous
17 2 Anonymous
h2. Contact Class
18 2 Anonymous
19 2 Anonymous
The Contact class describes contact information for organizations and personnel involved in the incident.  This class allows for the naming of the involved party, specifying contact information for them, and identifying their role in the incident.
20 2 Anonymous
21 2 Anonymous
People and organizations are treated interchangeably as contacts; one can be associated with the other using the recursive definition of the class (the Contact class is aggregated into the Contact class). The 'type' attribute disambiguates the type of contact information being provided.
22 2 Anonymous
23 2 Anonymous
The inheriting definition of Contact provides a way to relate information without requiring the explicit use of identifiers in the classes or duplication of data.  A complete point of contact is derived by a particular traversal from the root Contact class to the leaf Contact class.  As such, multiple points of contact might be specified in a single instance of a Contact class. Each child Contact class logically inherits contact information from its ancestors.
24 2 Anonymous
25 2 Anonymous
h4. The aggregate classes that constitute the Contact class are:
26 2 Anonymous
27 2 Anonymous
* ContactName
28 2 Anonymous
> Zero or one.  ML_STRING.  The name of the contact.  The contact may either be an organization or a person.  The type attribute disambiguates the semantics.
29 2 Anonymous
30 2 Anonymous
* Description
31 2 Anonymous
> Zero or many.  ML_STRING.  A free-form description of this contact.  In the case of a person, this is often the organizational title of the individual.
32 2 Anonymous
33 2 Anonymous
* RegistryHandle
34 2 Anonymous
> Zero or many.  A handle name into the registry of the contact.
35 2 Anonymous
36 2 Anonymous
* PostalAddress
37 2 Anonymous
> Zero or one.  The postal address of the contact.
38 2 Anonymous
39 2 Anonymous
* Email
40 2 Anonymous
> Zero or many.  The email address of the contact.
41 2 Anonymous
42 2 Anonymous
* Telephone
43 2 Anonymous
> Zero or many.  The telephone number of the contact.
44 2 Anonymous
45 2 Anonymous
* Fax
46 2 Anonymous
> Zero or one.  The facsimile telephone number of the contact.
47 2 Anonymous
48 2 Anonymous
* Timezone
49 2 Anonymous
> Zero or one.  TIMEZONE.  The timezone in which the contact resides.
50 2 Anonymous
51 2 Anonymous
* Contact
52 2 Anonymous
> Zero or many.  A Contact instance contained within another Contact instance inherits the values of the parent(s).  This recursive definition can be used to group common data pertaining to multiple points of contact and is especially useful when listing multiple contacts at the same organization.
53 2 Anonymous
54 2 Anonymous
* AdditionalData
55 2 Anonymous
> Zero or many.  A mechanism by which to extend the data model.
56 2 Anonymous
57 2 Anonymous
At least one of the aggregate classes MUST be present in an instance of the Contact class.  This is not enforced in the IODEF schema as there is no simple way to accomplish it.
58 2 Anonymous
59 2 Anonymous
h4. The Contact class has five attributes:
60 2 Anonymous
61 2 Anonymous
* role
62 2 Anonymous
> Required.  ENUM.  Indicates the role the contact fulfills. This attribute is defined as an enumerated list:
63 2 Anonymous
64 2 Anonymous
>|_.Rank        |_.Keyword          |_.Description|
65 2 Anonymous
>|    1 | creator      | The entity that generate the document. |
66 2 Anonymous
>|    2 | admin     | An administrative contact for a host or network.            |
67 2 Anonymous
>|    3 | tech    | A technical contact for a host or network.            |
68 2 Anonymous
>|    4 | irt      | The CSIRT involved in handling the incident.      |
69 2 Anonymous
>|    5 | cc      | An entity that is to be kept informed about the handling of the incident.    |
70 2 Anonymous
>|    6 | ext-value    | An escape value used to extend this attribute.     |
71 2 Anonymous
72 2 Anonymous
* ext-role
73 2 Anonymous
> Optional.  STRING.  A means by which to extend the role attribute.
74 2 Anonymous
75 2 Anonymous
* type
76 2 Anonymous
> Required.  ENUM.  Indicates the type of contact being described. This attribute is defined as an enumerated list:
77 2 Anonymous
78 2 Anonymous
79 2 Anonymous
>|_.Rank        |_.Keyword          |_.Description|
80 2 Anonymous
>|    1 | person      | The information for this contact references an individual. |
81 2 Anonymous
>|    2 | organization  | The information for this contact references an organization.      |
82 2 Anonymous
>|    3 | ext-value  | An escape value used to extend this attribute.        |
83 2 Anonymous
84 2 Anonymous
* ext-type
85 2 Anonymous
> Optional.  STRING.  A means by which to extend the type attribute.
86 2 Anonymous
87 2 Anonymous
* restriction
88 2 Anonymous
> Optional.  ENUM.  This attribute is defined in [[IODEF_Incident_Zoom#Incident-Class| Incident Class]].
89 2 Anonymous
90 2 Anonymous
h2. RegistryHandle Class
91 2 Anonymous
92 2 Anonymous
The RegistryHandle class represents a handle into an Internet registry or community-specific database.  The handle is specified in the element content and the type attribute specifies the database.
93 2 Anonymous
94 2 Anonymous
h4. The RegistryHandle class has two attributes:
95 2 Anonymous
96 2 Anonymous
* registry
97 2 Anonymous
> Required.  ENUM.  The database to which the handle belongs. The default value is 'local'.  The possible values are:
98 2 Anonymous
99 2 Anonymous
>|_.Rank        |_.Keyword          |_.Description|
100 2 Anonymous
>|    1 | internic      | Internet Network Information Center |
101 2 Anonymous
>|    2 | apnic     | Asia Pacific Network Information Center            |
102 2 Anonymous
>|    3 | arin    | American Registry for Internet Numbers           |
103 2 Anonymous
>|    4 | lacnic      | Latin-American and Caribbean IP Address Registry      |
104 2 Anonymous
>|    5 | ripe      | Reseaux IP Europeens      |
105 2 Anonymous
>|    6 | afrinic    | African Internet Numbers Registry   |
106 2 Anonymous
>|    7 | local    | A database local to the CSIRT    |
107 2 Anonymous
>|    8 | ext-value    | An escape value used to extend this attribute.     |
108 2 Anonymous
109 2 Anonymous
* ext-registry
110 2 Anonymous
> Optional.  STRING.  A means by which to extend the registry attribute.