[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XSPA Profile of SAML for Healthcare v1.0 Submitted for OASIS Standard Approval Ballot
OASIS Members: The OASIS Security Services (SAML) Technical Committee has submitted the following specification, which is an approved Committee Specification, to be considered as an OASIS Standard: Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare Version 1.0 The text of the TC submission is appended. You now have until 15 October to familiarize yourself with the submission and provide input to your organization's voting representative. On 16 October, a Call For Vote will be issued to all Voting Representatives of OASIS member organizations. They will have until the last day of October, inclusive, to cast their ballots on whether this Committee Specification should be approved as an OASIS Standard or not. Members who wish to discuss this ballot may do so through member-discuss@lists.oasis-open.org . In accordance with the OASIS Technical Committee Process, this Committee Specification has already completed the necessary 60-day public review period as noted in the submission below. The normative TC Process for approval of Committee Specifications as OASIS Standards is found at http://www.oasis-open.org/committees/process-2009-07-30.php#OASISstandard Any statements related to the IPR of this specification are posted at: http://www.oasis-open.org/committees/security/ipr.php Your participation in the review and balloting process is greatly appreciated. Mary Mary P McRae Director, Technical Committee Administration OASIS: Advancing open standards for the information society email: mary.mcrae@oasis-open.org web: www.oasis-open.org twitter: fiberartisan #oasisopen phone: 1.603.232.9090 (a) Links to the approved Committee Specification in the TC’s document repository, and any appropriate supplemental documentation for the specification, both of which must be written using the OASIS templates. The specification may not have been changed between its approval as a Committee Specification and its submission to OASIS for consideration as an OASIS Standard, except for the changes on the title page and running footer noting the approval status and date. Editable Source: http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.doc HTML: http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.html PDF: http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.pdf (b) The editable version of all files that are part of the Committee Specification; http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.doc (c) Certification by the TC that all schema and XML instances included in the specification, whether by inclusion or reference, including fragments of such, are well formed, and that all expressions are valid; The required certification was made by the TC and is documented in the SSTC minutes of 08-25-2009: http://lists.oasis-open.org/archives/security-services/200908/msg00083.html (d) A clear English-language summary of the specification; This profile describes a Cross-enterprise Security and Privacy Authorization (XSPA) framework using the SAML core standard and specific attributes to satisfy requirements pertaining to information- centric security and privacy within the healthcare community. (e) A statement regarding the relationship of this specification to similar work of other OASIS TCs or other standards developing organizations; The Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare Version 1.0 is related to the work of the OASIS XSPA TC. The profile has been demonstrated by members of the XSPA TC along with the work of the XACML TC, specifically the Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0, at the Healthcare Information and Management Systems Society (HIMSS) 2009 conference. The XSPA profile is consistent with the TP 20 “Access Control Transaction Package” recognized by the Healthcare Information Technology Standards Panel (HITSP). (f) The Statements of Use presented above; Three Statements of Use from OASIS members successfully using or implementing the Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare Version 1.0: Jericho Systems http://lists.oasis-open.org/archives/security-services/200908/msg00032.html Red Hat: http://lists.oasis-open.org/archives/security-services/200908/msg00031.html Sun Microsystems: http://lists.oasis-open.org/archives/security-services/200908/msg00035.html (g) The beginning and ending dates of the public review(s), a pointer to the announcement of the public review(s), and a pointer to an account of each of the comments/issues raised during the public review period(s), along with its resolution; The XSPA profile of SAML has gone through 60 day public review (12 Jan - 13 Mar), announced in: http://lists.oasis-open.org/archives/tc-announce/200901/msg00011.html A link to the public comments and resolution is consolidated in a spreadsheet at the bottom of the e-mail message below: http://lists.oasis-open.org/archives/security-services/200905/msg00021.html Changes due to the comments made in the first review resulted in a shortened 15-day review (15 Jun - 30 Jun) announced in: http://lists.oasis-open.org/archives/tc-announce/200906/msg00006.html Comments made during this review were consolidated in a spreadsheet at the bottom of the e-mail message below and resulted in no changes: http://lists.oasis-open.org/archives/security-services/200907/msg00020.html (h) An account of and results of the voting to approve the specification as a Committee Specification, including the date of the ballot and a pointer to the ballot; The ballot to make the profile a Committee Specification was approved by special majority on 24 August 2009. A pointer to the result of the ballot is below: http://www.oasis-open.org/committees/ballot.php?id=1757 (i) An account of or pointer to votes and comments received in any earlier attempts to standardize substantially the same specification, together with the originating TC’s response to each comment; There were no earlier attempts to standardize substantially the same specification. (j) A pointer to the publicly visible comments archive for the originating TC; http://lists.oasis-open.org/archives/security-services-comment/ (k) A pointer to any minority reports delivered by one or more Members who did not vote in favor of approving the Committee Specification, which report may include statements regarding why the member voted against the specification or that the member believes that Substantive Changes were made which have not gone through public review; or certification by the Chair that no minority reports exist. There were no negative votes cast on the final ballot and no minority reports were submitted during the process. Hal Lockhart Thomas Hardjono Co-Chairs Security Services TC
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]