-
Type:
Bug
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: TAXII Version 2.0 CSPRD01
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:
Normative
-
Proposal:
The section starts with normative text, switches to non-normative and then back to normative. To illustrate:
This Endpoint provides general information about a TAXII Server, including the advertised API Roots.
(ok, that's normative)
It's a common entry point for TAXII Clients into the data and services provided by a TAXII Server. For example, clients auto-discovering TAXII Servers via the DNS SRV record defined in section 1.4.1 will be able to automatically retrieve a discovery response for that server by requesting the /taxii/ path on that domain.
(Clearly non-normative, "common entry point," "for example,")
Discovery API responses MAY advertise any TAXII API Root (included those hosted on other servers).
(normative)
I would make the middle section a note.
BTW, are you serious about "any TAXII API Root?" I ask because some TAXII servers may wish to conceal their APIs until after non-TAXII authentication. Your call but it looks like a TAXII API could "out" another TAXII server's APIs.