Objects should be generic, with roles

[colesmj]

Today, we have object types:

• Element
• Server
• Client
• Process
• Asset
• Lambda

It seems that a Server, Client, and Lambda are all specializations of Process or Asset, and really represent the "role" of each; role is really determined by the specific use - a server is the sink for a dataflow, the source is a client. But when describing an object, until the dataflows are determined, why force users to know ahead of time which one they need? Also, a client or server may be a server or a client, based on other data flows...

An alternative suggestion: create a generic "node" (Asset may be the right object already available), and allow assignment of properties that are generic. If roles are needed, assigning a role may add attributes specific to the role(s) added at runtime.
This approach helps with constructing models based on less-than-perfect knowledge of the system.

[nineinchnick]

Fully agree! I still have a hard time telling how Process and Server are different...

[nozmore]

I still have a hard time telling how Process and Server are different...

Same. I have a collection of microservice applications where the element is both a Server and a Process. I created ServerProcess class in the model py file to get both annotation sets/threat eval.

[colesmj]

Rather than creating mixed object types, can we finally fix (and then properly document) the object model? ~Matthew Coles~

…

On Tue, Apr 6, 2021, 16:38 nozmore ***@***.***> wrote: I still have a hard time telling how Process and Server are different... Same. I have a collection of microservice applications where the element is both a Server and a Process. I created ServerProcess class in the model py file to get both annotation sets/threat eval. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#112 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJMQZ6WJ2BYGHNT45QCNIN3THNWMJANCNFSM4R3BV5TA> .

[nozmore]

I agree. I have an excel document with sheets for each object type and its annotations. I started going thru all annotations and capturing notes for things I'd like to move, rename, or need clarification on. I have work I would like to do on the threat lib but I want to get a handle on the model first.

[colesmj]

I started to document the object model in the wiki for this project ages ago. Please update it. ~Matthew Coles~

…

On Wed, Apr 7, 2021, 00:56 nozmore ***@***.***> wrote: I agree. I have an excel document with sheets for each object type and its annotations. I started going thru all annotations and capturing notes for things I'd like to move, rename, or need clarification on. I have work I would like to do on the threat lib but I want to get a handle on the model first. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#112 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJMQZ6QRIK5YUHWXQIHUJHDTHPQYVANCNFSM4R3BV5TA> .