Intrusion Detection Message Exchange Format Comparison of SMI and XML Implementations
draft-ietf-idwg-xmlsmi-01

Document Type Expired Internet-Draft (idwg WG)
Authors Glenn Mansfield  , David Curry 
Last updated 2000-09-27
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-idwg-xmlsmi-01.txt

Abstract

The purpose of the Intrusion Detection Message Exchange Format (IDMEF) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to the management systems which may need to interact with them. The goals and requirements of the IDMEF are described in [2]. Two implementations of the IDMEF data format have been proposed: one using the Structure of Management Information (SMI) to describe a MIB, and the other using a Document Type Definition (DTD) to describe XML documents. Both representations appear to have their good and bad traits, and deciding between them is difficult. To arrive at an informed decision, the working group tasked the authors to identify and analyze the pros and cons of both approaches, and to present the results in the form of an Internet-Draft. The initial version of this draft was reviewed by the IDWG at the February, 2000 interim meeting where it was tentatively decided that the XML/DTD solution was best at fulfilling the IDWG requirements. This decision was finalized at the March, 2000 IETF IDWG meeting.

Authors

Glenn Mansfield (glenn@cysols.com)
David Curry (davy@ecn.purdue.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)