Dear Chris and list,
I agree to Chris that STIX/TAXII is one of the de facto standard in the exchange of the security information. (or implicit de jure ??? :-p
At the same time I am apt to feel hesitation over the variable format such as JSON and XML. This is because I have to provide full text search for such format, but I often realise fts won't work as expected with the bigger dataset. (I am using PostgreSQL and PGroonga, but its index crushes very often. maybe I should give a try on tsvector/tsquery and pg_bigm.)
On the other hand, I also understand why it is required in the noSQL age, so I don't have a clear opinion yet.
Hence, I'd raise a very humble objection to introduce multi-value column and variable format.
Thank you very much.
Best Regards,