The Extended Incident Handling(INCH) Working Group was part of the Security Area of the Internet Engineering Task Force (IETF). It was chartered to create an exchange format for computer security incident data used by Computer Security Incident Response Teams (CSIRTs).
The working group authored five documents. The requirements for INCH were documented in the Format for Incident Reporting (FINE). A data model, the Incident Object Description Exchange Format (IODEF), for exchanging this incident information was specified. The Real-time Inter-Network Defense (RID) protocol provided a messaging format for IODEF which with an associated binding to SOAP was provided. An initial extension of the core IODEF data model describing phishing information was also authored.
The INCH WG was closed in Oct-2006. Prior to this closure, the requirements and IODEF data model were submitted to the IESG as WG documents. Ultimately, the AD decided not to sponsor the requirements document for publication. The remaining documents were resubmitted as individual drafts on the standards track. The AD has provided guidance on their publication after the publication of the IODEF. The mailing list remains open for discussion of these drafts and implementation issues.
Additional information about the IETF standards process can be found in RFC 2026, RFC 2418, and The Tao of the IETF. Refer to the official INCH charter, and the IETF web-site for information about the organization and the associated standards processAdministrative Contact Information
|Requirements for the Format for INcident information Exchange (FINE)||I-D
-- Apr-05-2007: rejected by AD
-- Oct-02-2007: submitted to AD
-- Jun-25-2006: published
|Won't be published|
|The Incident Object Description Exchange Format (IODEF)||RFC 5070 (xsd)||Dec-2007||Standards|
|Incident Handling: Real-Time Inter-Network Defense||I-D
|06||Apr-15-2008||Individual draft as Standards4|
|The Incident Object Description Exchange Format (IODEF) Implementation Guide||I-D
|01||Nov-09-2004||Expired draft. Volunteers are considering an update|
|Extension to IODEF-Document Class for Phishing, Fraud, and Other Non-Network Layer Reports||I-D
|04||May-24-2008||Individual draft as Standards4|
|IODEF/RID over SOAP||I-D
|05||Feb-25-2008||Individual draft as Standards4|
1 Draft file name
2 Publish date is the release date of the document; Last-Call date is the projected date when the WG will submit the draft to the IESG
3 IETF document track (see Section 4 of RFC 2026)
4Not submitted to the IESG at the time of the closure of the WG. These WG documents were resubmitted as individual drafts for publications. The AD's has provided instructions for publication of these documents.
Additional status about all the working group documents can be found in the Draft Tracker maintained by the IETF Secretariat.
|Sharing Transaction Fraud Data||I-D
|Jul-2006||IETF 66||Montreal, Canada|
|Mar-2006||IETF 65||Dallas, USA|
|Nov-09-2005 (summary)||IETF 64||Vancouver, Canada|
|Aug-03-2005 (summary)||IETF 63||Paris, France|
|Mar-09-2005 (summary)||IETF 62||Minneapolis, USA|
|Nov-11-2004 (summary)||IETF 61||Washington DC, USA|
|Aug-05-2004||IETF 60||San Diego, USA|
|Jun-13-2004||Interim Meeting||Budapest, Hungary|
|Mar-4-2004||IETF 59||Seoul, Korea|
|Nov-13-2003||IETF 58||Minneapolis, USA|
|Jul-16-2003||IETF 57||Vienna, Austria|
|Mar-19-2003||IETF 56||San Francisco, USA|
|Feb-8-2003||Interim Meeting||Uppsala, Sweden|
|Sep-21-2002||IETF 55||Atlanta, USA|
|Jul-??-2002||IETF 54||Yokohama, Japan|
|Mar-21-2002||IETF 53||Minneapolis, USA|
|Dec-10-2001||IETF 52||Salt Lake City, USA|
The following implementation reports have been made at various IETF meetings:
The following are a list of the known, publicly available software libraries and applications making using of the IODEF.
IODEF and RID implementation
XML::IODEF is a perl module for easily creating/parsing IODEF Documents. It is a wrapper around XML::Simple, providing an interface designed to simplify the parsing and creation of IODEF documents.
s. It is a wrapper around XML::Simple, providing an interface designed to simplify the parsing and creation of IODEF documents.
Phishing Reports using XForm
A XML XForms web page to let a user enter test information and generate an IETF INCH compliant XML report.
Additional, there are several active projects making use of the IODEF.
If you have an implementation or project using IODEF and would like to be listed, please contact email@example.com.