San Francisco, CA, USA; 2005 RSA Conference; 16 February 2005 — Thirteen vendors from around the world teamed with the U.S. General Service Administration (GSA) E-Gov E-Authentication Initiative to demonstrate interoperability of the Security Assertion Markup Language (SAML) 2.0, a security specification developed by the OASIS standards consortium. SAML enables secure exchange of authentication, attribute, and authorization information between disparate security domains, making secure Internet e-business transactions possible.

The OASIS Federated Identity InterOp Lab, co-sponsored by GSA E-Authentication Initiative, Enspier, and RSA Security, demonstrated a combination of web single sign-on, and single logout scenarios.

"SAML 2.0 brings together SAML 1.x, Liberty Alliance and Shibboleth functionality to provide a logical convergence point for new products and deployments in the coming months," said Dan Blum, Senior Vice President and Research Director, Burton Group. "This OASIS InterOp demonstration offers an important proof-of-concept for the new specification."

According to Stephen Timchak, GSA Program Executive, "The E-Authentication Initiative is committed to helping drive the evolution of federated identity management, and that’s why we are excited to sponsor the OASIS Federated Identity InterOp on SAML 2.0 at RSA 2005. I believe that the E-Authentication-sponsored SAML 1.1 interoperability event at last year’s RSA conference helped speed the evolution of the SAML standard, and we look forward to being enthusiastic adopters of SAML 2.0 when it qualifies for inclusion in the E-Authentication architecture."

Vendors Collaborate on SAML Interoperability

Computer Associates "CA’s active participation in this year’s OASIS SAML Interoperability Lab highlights CA’s ongoing commitment to supporting federation standards that empower global enterprises to quickly and easily deliver secure business services," said Marc Chanliau, eTrust product manager at Computer Associates. "As one of the co-founders of the SAML specification, CA is delighted to see SAML 2.0’s latest enhancements which will enable our diverse customer base to further extend their federation initiatives and realize the full business benefits of standards-based identity management."

DataPower "Because organizations cannot possibly agree on a single vendor solution for identity, traditional, proprietary SSO is impractical for federated identity across extranets and Web services. By validating complete SAML interoperability of DataPower’s XS40 XML Security Gateway, we ensure that our customers are getting an open, standards-based solution for federated identity. For the second year in a row, DataPower is participating in OASIS SAML InterOp at the RSA Conference, an event that has done so much to advance the vision of ‘identity as a service,’" said Eugene Kuznetsov, CTO founder of DataPower.

Entrust "OASIS SAML 2.0 represents convergence within the SAML standard and signals the widespread acceptance and increasing importance of Federated Identity standards for interoperability between partner domains," said Chris Voice, Vice President of Technology at Entrust, Inc. "Our participation in the OASIS Federated Identity InterOp Lab demonstrates our ongoing support of open standards such as SPML, XACML and SAML."

Oracle "It is evident that Web services are rapidly becoming the cornerstone for integration and B2B transactions. SAML 2.0 will further propagate the use of Web services for federated identity management to securely connect customers, partners and employees with the information they need," said Uppili Srinavasan, senior director, Identity Management and Security Products, at Oracle Corp. "Oracle’s participation in this demonstration illustrates our support for the specification and its ability to enable the secure exchange of information among partners."

RSA Security "By embracing SAML.2.0 – a convergence standard that is a cornerstone in the future of identity federation – the technology industry will enable companies to collaborate efficiently and securely, across business boundaries," said Toffer Winslow, director of product management and marketing at RSA Security. "RSA Security is proud of its role in contributing intellectual property that led to SAML, and in co-authoring the standard. We’re delighted to see that a broad range of vendors — including RSA Security — are committed to bringing interoperable solutions to market."

Sun Microsystems "Sun continues to drive identity management and Web services standards both through our participation with organizations, such as OASIS and the Liberty Alliance, as well as providing full support of the latest standards within our products," said Sara Gates vice president identity management, Sun Microsystems, Inc. "Sun is proud to have been a supporter of SAML from its inception, and we are pleased to showcase SAML 2.0 interoperability between Sun Java System Access Manager and other vendors products at the RSA Conference."

About OASIS

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Additional information:

OASIS Federated Identity InterOp Lab RSA Conference Booth #1242

OASIS Security Services Technical Committee http://www.oasis-open.org/committees/security

GSA eAuthentication Program http://cio.gov/eauthentication

Press contact: Carol Geyer Director of Communications OASIS carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 7 Feb 2005 — OASIS, the international e-business standards consortium, revised its Intellectual Property Rights (IPR) Policy to enhance support for open standards development. The policy updates OASIS rules to take into account significant changes in the way that intellectual property laws and practices affect e-business standards. Rather than mandate a single set of IPR terms for all work, the OASIS IPR Policy allows members of each of its more than 60 Committees to choose for themselves one of three IPR modes best suited to their specific effort. OASIS Committees elect to work under "Reasonable And Non-Discriminatory (RAND)," "Royalty-Free (RF) on RAND Terms," or "RF on Limited Terms" modes.

"The policy clearly acknowledges the importance of creating royalty-free standards by providing two RF modes, while still allowing for work to be done under RAND terms when members prefer that option," explained Patrick Gannon, president and CEO of OASIS. "While nearly all OASIS Standards can be implemented today on a royalty-free basis, the revised IPR Policy helps to clarify our open standards process and assure implementers worldwide that OASIS Standards can be adopted with confidence."

Gartner research director, Ray Valdes, applauded the flexibility of the OASIS IPR Policy, noting, "The diversity of information technology systems built today is increasing significantly. This is not only with regard to their scope, complexity, and interoperability, but also in the way these systems are built, and in the types of organizations that build them. These changes require standards organizations to articulate a broader set of approaches to intellectual property issues than has been the case in the past."

As specified in the new OASIS IPR Policy, the RAND mode defines a basic set of minimal terms a patent holder is obliged to offer (such as granting a license that is worldwide, non-exclusive, perpetual, reasonable and non-discriminatory, etc.) and leaves all other non-specified terms to negotiations between the patent holder and the implementer seeking a license. The Royalty-Free (RF) on RAND Terms mode operates in the same manner as RAND, but does not permit the patent holder to charge fees or royalties for the license. The RF on Limited Terms mode is similar to the RF on RAND Terms mode, but it specifies the exact Royalty Free licensing terms and conditions that may be included in a patent holder’s license and that must be granted upon request without further negotiations.

"In today’s world, no standards organization can guarantee that its work is or will remain completely free of patent claims. The most any standards body can do is provide clear, equitable regulations to govern the behavior of those who participate in its work and publicly document their licensing commitments," said Jim Hughes of Hewlett Packard, chair of the OASIS Board of Directors. "By giving Committee members the clear choice between RAND, RF on RAND Terms, and RF on Limited Terms, the revised OASIS IPR Policy provides both standard developers and implementers with an equitable framework for contributing and licensing intellectual property."

OASIS IPR Policy http://www.oasis-open.org/who/intellectualproperty.php

OASIS IPR Policy FAQ http://www.oasis-open.org/who/ipr/ipr_faq.php

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WS-Security, XACML, and XCBF.

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

BOSTON, MA, USA; 3 FEBRUARY 2005 — The OASIS international standards consortium today announced that its members have approved the Universal Description, Discovery and Integration (UDDI) version 3.0.2 as an OASIS Standard, a status that signifies the highest level of ratification. Advanced through an open process, UDDI is commonly regarded as a cornerstone of Web services, defining a standard method for publishing and discovering network-based software components in a service-oriented architecture (SOA). “The UDDI registry model is one of the central elements of an interoperable framework that ensures the effective interaction of services in a service oriented architecture.” said Frank Kenney, analyst at Gartner. “By enabling policy-based distribution and management of enterprise Web services, a UDDI registry can deliver significant business value. It can help ensure that the convenience of developers, the requirements of enterprise architects, and the underlying business policies are not in opposition; in fact, it brings all of these needs into closer alignment by increasing software flexibility, reuse, centralization and control; allowing enforcement and ultimately governance.” The UDDI OASIS Standard specifies protocols for creating a registry for Web services, methods for controlling access to the registry, and a mechanism for distributing or delegating records to other registries. Version 3.0.2 adds the ability to affiliate registries in keeping with SOA’s emphasis on supporting a variety of infrastructural variations and providing a means to define relationships among a variety of UDDI registries. Although from its inception, the specification included concepts such as delegation and distribution among server peers, earlier UDDI definitions relied upon proprietary means of interaction. By contrast, UDDI v3.0.2 provides an open, standardized approach to ensure widely interoperable communication. “The v3.0.2 OASIS Standard represents another significant milestone in UDDI’s evolution,” noted Luc Clement of Systinet, co-chair of the OASIS UDDI Specification Technical Committee. “It delivers key capabilities for enterprise-level deployment, providing different responses depending upon the security, transport, or quality of service as defined by business rules or taxonomies.” “One of the most significant enhancements of UDDI v3.0.2 is that it allows well-known identifiers for service descriptions to be created, facilitating reuse of service descriptions among registries,” added Tony Rogers of Computer Associates, co-chair of the OASIS UDDI Specification Technical Committee. “This makes it much easier for developers and architects to communicate.” Other v3.0.2 features include support for digital signatures, allowing UDDI to deliver a higher degree of data integrity and authenticity. Extended discovery features can combine previous, multi-step queries into a single-step, complex query. UDDI now also provides the ability to nest sub-queries within a single query, letting clients narrow their searches much more efficiently. Patrick Gannon, president and CEO of OASIS, applauded the thorough approach taken by the UDDI developers, pointing to the large body of use cases and technical notes that supplement the specification. “The technical committee has taken the time to precisely articulate the business case for UDDI. They’ve also actively consulted and collaborated with related standards efforts, such as the OASIS Web Services for Remote Portlets (WSRP) Technical Committee, UN/CEFACT’s ebXML Core Components Working Group, and the OASIS Web Services for Business Process Execution Language (WSBPEL) Technical Committee.” Two new technical notes were released simultaneously with UDDI 3.0.2. The first provides advice on using UDDI and WSBPEL together. The second explains the process using JAX-RPC for a UDDI client. These technical notes are part of the on-going effort by the OASIS UDDI Technical Committee to facilitate and promote the use of UDDI in a wide variety of contexts. Participation in the OASIS UDDI Specification Technical Committee remains open to all organizations and individuals. Suppliers, end-users and system integrators are invited to join OASIS to participate in the continued development and the adoption of UDDI. OASIS hosts an open mail list for public comment and the uddi-dev mailing list for exchanging information on implementing the standard. Industry Support for UDDI v3.0.2 OASIS Standard Computer Associates “As the adoption of Web services by businesses worldwide continues to grow, it’s becoming more important to effectively provide reliable and standards-based discovery of these services. Along with advances in the standards for management and security of Web services, these latest enhancements to UDDI will help enterprises address these challenges and will, therefore, promote broader adoption of Web services and drive development of business solutions that take advantage of interoperability between multiple Web services,” said Toby J Weiss, Senior Vice President of eTrust Product Management at Computer Associates. DataPower “UDDI is doing for server-to-server communication what DNS did for the Internet, by making it much easier and cheaper to connect and stay connected to services,” said Eugene Kuznetsov, chairman and chief technical officer of DataPower, “DataPower customers see the combination of application-aware networking and UDDI as the cornerstone of SOA.” Digital Evolution “Digital Evolution became one of the first companies to offer a commercially available UDDI v3 registry when we released version 2.0 of our Service Manager product in 2003,” said Roberto Medrano, EVP Marketing at Digital Evolution. “We are excited OASIS is backing the latest iteration of UDDI as the right choice for enterprise-class registry deployments.” IBM “UDDI continues to serve an important role in the deployment of Services Oriented Architectures”, said Karla Norsworthy, Vice President of Software Standards for IBM. “IBM will extend support for UDDI Version 3 in the WebSphere Application Server. The security enhancements in UDDI combined with the industry leading enterprise capabilities in WebSphere will be especially important for customers using UDDI to improve reuse and simplify discovery of Web services across their IT infrastructure.” SAP “As one of the initial co-authors of UDDI V3, SAP supports its ratification as an OASIS Standard,” said Michael Bechauf, Vice President NetWeaver Standards at SAP. “Building on the enterprise-readiness of UDDI V2, the enhancements that went into UDDI V3, such as the support of XML digital signatures for data integrity and authenticity and a pub/sub-mechanism for change notifications address commonly requested requirements and make UDDI the canonical candidate for enterprise services registries. The next version of SAP NetWeaver, the open integration and application platform for mySAP Business Suite and SAP xApp composite applications, will support UDDI V3. Its openness reflects SAP’s commitment to industry standards and interoperability that enables users to implement, integrate and maintain their infrastructures through a Web services-oriented architecture.” Systinet “UDDI V3 is an important new specification for SOA,” said David Butler, VP Marketing, Systinet. “New features like registry affiliation, publisher assigned keys and the subscription API provide for enterprise class interoperability. These features are key to advancing UDDI’s ability to deliver significant business value to the enterprise.” Additional information: OASIS UDDI Specification Technical Committee OASIS UDDI Member Section UDDI FAQ Cover Pages Technology Report: UDDI About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Washington, DC, USA; 19 November 2004 — OASIS members from around the world collaborated on multiple interoperability demonstrations of various OASIS Standards and specifications at the XML 2004 conference this week. Implementations were shown of Web services standards for delivering messages reliably, aggregating content to portals, sharing customer data, and disseminating emergency event information in scenarios that ranged from a retail shopping experience to a chemical contamination event.

"The majority of these InterOps showcased work that has already attained the level of an approved OASIS Standard. Clearly, we’re seeing exciting progress in the maturity of Web services," noted Jamie Clark, director of standards development at OASIS. "It’s also significant to note that we’re not just seeing implementations of standards being applied to broad, foundational challenges. We’re also witnessing the development and application of XML standards to solve specific industry needs."

Demo #1: Web Services for Remote Portlets (WSRP) OASIS Standard.

BEA, IBM, Oracle, PeopleSoft, Sun Microsystems, Vignette, and others acted as both WSRP Producers and Consumers to demonstrate how WSRP can be used to define an interface and protocol for accessing remote aggregatable, interactive, presentation-oriented content sources. Their WSRP implementations showed content sources being deployed in a way that allowed portals to quickly incorporate the information into pages served to end users.

Demo #2: Common Alerting Protocol (CAP) OASIS Standard.

In this InterOp, Anteon and other OASIS members simulated a chemical event utilizing plume modeling to demonstrate how CAP employs XML to communicate key emergency event data to a variety of systems. A CAP message containing the affected areas, severity, etc. was posted on a central server, then players extracted the data, activated alert/notifications systems, and displayed incident management information. VIEW SLIDES

Demo #3: WS-Composite Application Framework (WS-CAF).

IONA, Oracle, and others each provided separate Web-based storefronts that used WS-CAF to share customer information, such as such as username/password, credit card data, and shopping cart contents. The customer was able to purchase goods from every store as if he or she was nteracting with a single storefront. VIEW SLIDES

Demo #4: WS-Reliability OASIS Standard.

Fujitsu, Hitachi, Oracle, and NEC demonstrated the use of WS-Reliability to guarantee message delivery over the Internet, enabling companies to conduct reliable business-to-business trading or collaboration using Web services. VIEW SLIDES

Demo #5: ebXML Implementation, Interoperability and Conformance.

Fujitsu and NIST demonstrated how the OASIS ebXML IIC Test Framework is used to conduct remote ebXML testing, either for conformance or interoperability. NIST’s test driver implementation allowed test cases using XML markup to be scripted. Black-box conformance testing of the Hermes open source ebXML Messaging server software was also shown. VIEW SLIDES

Demo #6: ebXML Registry OASIS Standard.

Here, ebXML Registry was demonstrated in tandem with ebXML Message Service (ebMS), Collaborative Partner Profile Agreement (ebCPPA), Business Process Specification Schema (ebBPSS), and Content Assembly Mechanism (CAM) specifications to manage a large community of participants in a typical e-Service and e-Business system, such as the DOD EMall. The service provider deployed the Registry, allowing partners to quickly join the community and integrate their own applications into the e-Service network. Partners selected the business process they wanted to use, picked the versions of transactions they supported, tested compliance, certified their ebMS systems, and then created CPPA definitions and began interacting. VIEW SLIDES

In other XML 2004 news, Robin Cover was awarded the XML Cup for contributions to the XML community. Cover is managing editor of the Cover Pages, http://xml.coverpages.org/, a comprehensive online resource that has served for more than 13 years as the chronicle of the structured information standards community. The Cover Pages is hosted by OASIS and sponsored by its members, Innodata Isogen, SAP, and Sun Microsystems.

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,500 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

ORLANDO, FLORIDA, USA; 17 NOVEMBER 2004–Implementations and interoperability of the Universal Description, Discovery, and Integration (UDDI) OASIS Standard were featured at today’s Gartner Application Integration and Web Services Summit. Representatives from The Hartford and Charles Schwab each presented details on their company’s implementation of UDDI registries as core foundation components of their Service Oriented Architectures (SOA). Then, members of the OASIS UDDI Specification Technical Committee staged a live demo incorporating UDDI product offerings from IBM, Oracle, SAP, Systinet, and others in a business scenario.

"Enterprise business analysts, architects, and developers fully understand that a business services registry is the foundation of the SOA infrastructure, " noted Tony Rogers of Computer Associates, co-chair of the OASIS UDDI Specification Technical Committee. "The UDDI OASIS Standard has established itself as an important enabler of visibility, manageability, adaptability, and reusability of the service-oriented enterprise."

The UDDI OASIS InterOp at Gartner featured an inventory management scenario for a chain of book stores. Varying in size from mall kiosks to large retail outlets, each store maintained its own inventory management processes, which were not centrally controlled. By using UDDI to integrate suppliers and inventory management systems, corporate purchasers were able to monitor inventory levels, replenish stock, respond quickly to demand fluctuations, streamline procurement, and deliver useful information on product demand to publishers.

"Today we provided concrete, real-world examples of UDDI registries as the foundation of SOA, " said Luc Clement of Systinet, CO-chair of the OASIS UDDI Specification Technical Committee. "We demonstrated how enterprises can exploit a UDDI registry to deploy adaptive business services dealing with the realities of change within the enterprise by showing the benefits of location-independence. In the process, we showed how you can add new services without the need to do any configuration other than the act of publishing the new service. And finally, we demonstrated how UDDI brings an increase in visibility and reuse that dramatically reduces the cost of an SOA integration."

Participation in the OASIS UDDI Specification Technical Committee remains open to all organizations and individuals. End-users and system integrators are invited to join OASIS to advance the adoption of this international standardization effort. OASIS hosts an open mail list for public comment and the uddi-dev mailing list for exchanging information on implementing the standard.

Additional information:

OASIS UDDI Specification Technical Committee http://www.oasis-open.org/committees/uddi-spec

OASIS UDDI Member Section http://www.uddi.org

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,500 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 15 November 2004 — The OASIS international standards consortium today announced that its members have approved WS-Reliability version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. Developed through an open process, WS-Reliability provides a method to guarantee message delivery over the Internet, enabling companies to conduct reliable business-to-business trading or collaboration using Web services.

"Reliable message delivery is one of the key issues to be addressed if there is to be widespread adoption of Web services, particularly in business-to-business scenarios," said Neil Macehiter, research director at Ovum. "Communications using Internet-based protocols, such as HTTP and SMTP, are inherently unreliable and do not support the assured or ordered delivery demanded by the applications on which businesses depend. WS-Reliability, being an approved OASIS Standard developed in open forum that addresses these limitations, is an important step on the path to realizing the promise of Web services."

WS-Reliability supports guaranteed delivery, which ensures the message is delivered at least once, duplication elimination, which certifies that the message is delivered at most once, and message delivery ordering, which guarantees messages in a sequence are delivered in the order sent.

"Financial transactions are just one example of the kind of applications that need WS-Reliability to meet quality-of-service standards. A message requesting a money withdrawal, for instance, must be received by an application once and only once," noted Tom Rutt, chair of the OASIS Web Services Reliable Messaging (WSRM) Technical Committee. "With the WS-Reliability OASIS Standard, information can be shared between software programs over the Internet as reliably as within a single application on a laptop."

Patrick Gannon, president and CEO of OASIS, applauded the efforts of the technical committee members who produced the new standard, recalling, "The genesis for WS-Reliability was submitted to OASIS in March 2003 by Fujitsu, Hitachi, Oracle, NEC, Sonic Software, and Sun Microsystems. These companies recognized the importance of advancing their work within an open process where the entire community of vendors, users, and governments could contribute. Today’s approval of WS-Reliability as an OASIS Standard is proof positive that it is possible to garner broad input on the development of a standard and still meet time-to-market needs."

Participation in the OASIS WSRM Technical Committee remains open to all organizations and individuals. End-users and system integrators are invited to join OASIS to participate in the adoption phase of this international standardization effort. OASIS hosts an open mail list for public comment and the ws-reliability-dev mailing list for exchanging information on implementing the standard. WS-Reliability was created by a royalty-free process technical committee within OASIS.

Industry Support for WS-Reliability OASIS Standard:

Fujitsu "Fujitsu believes that reliability of messaging is critical to the successful deployment of Web services. For this reason, we have been actively contributing to the design of WS-Reliability, leveraging the technologies and expertise we have accumulated in developing our customers’ enterprise systems. We intend to apply this OASIS Standard, not only for Web services, but also in our work relating to the Business Grid Computing Project in Japan, which aims to effectively utilize distributed IT resources on the network in enterprise systems. We are pleased, therefore, to see this reliability technology becoming an OASIS Standard and expect that it will accelerate the adoption of Web services", said Seigo Hirosue, General Manager of the Strategy and Technology Division, Software Group of Fujitsu Limited.

Hitachi "Hitachi is pleased with the result of the OASIS WS-Reliability standardization efforts. WS-Reliability is critical for extending business processes across a sometimes imperfect internet. Our customers demand perfect operation of Web services applications, and WS-Reliability provides the capability to meet their needs. One project that will see immediate utilization of WS-Reliability is the Business Grid Computing Project supported by Japanese Ministry of Economy, Trade and Industry. This project, jointly developed by Hitachi, Fujitsu, and NEC, which is approaching its third and final year, will generate middleware to encourage the wide deployment of failure tolerant, low cost, and flexible business grids. Innovations such as these will transform Web services technologies from a laboratory curiosity into a commercial reality with daily practical use. WS-Reliability is a fundamental part of this transformation," said Kiyoshi Kozuka, Executive General Manager, Software Division, Hitachi, Ltd.

NEC "NEC is pleased to see WS-Reliability become an OASIS Standard. We are convinced that this standard will accelerate the adoption of Web services in mission critical enterprise applications, where guaranteed and ordered delivery of messages is crucial to the business process. WS-Reliability will also be widely used in the business grid system we are developing, through an activity of the Japan business grid project," said Yosuke Takashima, General Manager of System Platform Software Development Division, NEC Corporation.

Novell "The ability to reliably exchange messages is a fundamental requirement from customers that deploy Web services across enterprise boundaries for collaboration and electronic transactions. Novell supports OASIS in the development of the WS-Reliability standard in order to provide a secure, reliable and manageable Web services platform," said Frank Auger, vice president of product management and marketing for Novell exteNd and Nsure.

Oracle "As an original supporter of this effort, Oracle views ratification of the WS-Reliability OASIS Standard as an essential step toward allowing organizations to realize the benefits that Web services can offer," said Jeff Mischkinsky, director of Web Services Standards at Oracle Corp. "The WS-Reliability OASIS Standard increases the business value and interoperability of Web services facilities by enabling guaranteed delivery, duplicate elimination, and guaranteed ordering of Web service messages."

Sun Microsystems "Reliable messaging is a key enabler for broad industry adoption of Web services, and WS-Reliability allows companies to deploy Web services with confidence that information is being exchanged between services with the appropriate level of reliability required for the application. Sun is proud to have been a supporter of WS-Reliability from the beginning, and we look forward to incorporating this technology into our product plans," said Ed Julson, Director of Web Technologies & Standards, Sun Microsystems.

Additional information:

OASIS WSRM Technical Committee http://www.oasis-open.org/committees/wsrm

Cover Pages Technology Report: Reliable Messaging http://xml.coverpages.org/reliableMessaging.html

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,500 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 8 November 2004 — The OASIS international standards consortium today announced that its members have approved the Universal Business Language (UBL) version 1.0 as an OASIS Standard, a status that signifies the highest level of ratification. Developed through an open process, UBL defines a common XML library of business documents, such as purchase orders and invoices, as well as reusable data components from which an unlimited number of other documents can be constructed. UBL is the first standard implementation of the ebXML Core Components Technical Specification.

"Agreement on a common set of business-to-business document standards is essential for successful electronic commerce," explained Jon Bosak of Sun Microsystems, chair of the OASIS UBL Technical Committee and organizer of the working group that created XML. "UBL provides the world with standard electronic versions of traditional business documents designed to integrate with established commercial and legal practices. Using UBL, businesses of all sizes can enjoy the benefits of electronic commerce."

Joanne Friedman, CEO of business-technology advisory, ConneKted Minds Inc., observed, "The combination of a fixed tag set for electronic business (UBL) together with a transport protocol designed for the same purpose (ebXML messaging) is analogous to the foundations which built the World Wide Web. Where HTML provides consumers with information ubiquity, and HTTP a transfer protocol designed for the same purpose provides universal access, the UBL/ebXML combination will bring industry the boundary-less, barrier-free information needed to catalyze economic growth and foster inter-industry global trade. E-business didn’t die, it just (quietly) got smarter."

"With XML came a proliferation of industry-specific vocabularies for business documents. Unfortunately, no company does business in isolation. The very nature of the supply chain requires meaningful, cross-industry communication," noted Mark Crawford of LMI Government Consulting, vice-chair of the OASIS UBL Technical Committee. "Instead of being optimized for a particular vertical industry or application domain, UBL is designed for real-world businesses that work with partners across multiple industries."

UBL was developed in harmony with ebXML OASIS Standards and in light of recommendations and standards issued by ISO, IEC, ITU, UNECE, W3C, IETF, and other relevant standards bodies and organizations. Industry groups including ACORD (insurance), ARTS (retail sales), CompTIA EIDX Leadership Group (electronics), HL7 (health care), NACS (convenience stores), RosettaNet (supply chain), UIG (utilities), VCA (prescription eyewear), and XBRL (accounting) all provided input on UBL.

"The key to UBL is that it was built on consensus and collaboration," said Patrick Gannon, president and CEO of OASIS. "The new OASIS Standard is an exciting example of the benefit of bringing together users, vendors, industry associations and government agencies. By actively involving all parties affected by cross-industry standards in the requirements and development phases, the usability of UBL across a variety of trading contexts is assured. We congratulate OASIS UBL Technical Committee members on their achievement and encourage other organizations to join them in advancing this work."

To promote global adoption of the new OASIS Standard, members of the OASIS UBL Localization Subcommittees have produced draft translations of UBL 1.0 data definitions into Chinese, Japanese, Korean, and Spanish. Together with the original English definitions, these translations will make UBL usable to approximately two-thirds of the world’s current online population.

UBL contributors include representatives of Accountis plc, ACORD, Asociación Nacional de Fabricantes Autoridad de Certificació, The Boeing Company, Center for Document Engineering, Denmark Ministry of Science, Technology & Innovation, East Asia Electronic Commerce Association, Infocomm Development Authority of Singapore, Korea CALS/EC Association, LMI Government Consulting, NEC, NIST, Oracle, PISCES Ltd, PSLX Consortium, SeeBeyond, Sterling Commerce, Sun Microsystems, University of Hong Kong, US Dept of the Navy, U.S. General Services Administration, and others.

Participation in the OASIS UBL Technical Committee remains open to all organizations and individuals; OASIS hosts an open mail list for public comment and the ubl-dev mailing list for exchanging information on implementing the standard. UBL is provided on a royalty-free basis, available to all without licensing or other fees.

Industry Support for UBL

"The UBL 1.0 release represents a significant advancement in the process of using international open standards to conduct business modeling, data analysis, and XML schema deployment. It provides an "out of the box" solution for document-based transactions as well as a library of reusable business data components," said Marion A. Royal, Senior Policy Advisor with the Office of Governmentwide Policy at U.S. General Services Administration.

"As a proponent of open standards-based integration, SeeBeyond is pleased to have participated in the development of UBL 1.0, and welcomes its approval as an OASIS Standard in the payload domain of XML-based B2B frameworks," said Alex Andrianopoulos, Vice President of Product Management for SeeBeyond. "Working with a broad range of businesses across all major industries, we see such a standard playing a key role to enabling global ecommerce interoperability as it promotes the integration of small-to-mid range businesses into broader electronic data exchange-based supply chains."

"Sun is committed to open standards development and is proud to have organized and led the UBL initiative that defines the standard XML payload format for Electronic Procurement," said Mark Bauhaus, vice president of Java Web Services at Sun Microsystems. "Sun is investing in developing UBL because we believe it will play an important role in providing an entry point into SOAs for small and medium sized businesses, where there is a significant need for standardized vocabularies to truly enable electronic business."

Additional information:

OASIS UBL Technical Committee http://www.oasis-open.org/committees/ubl

UBL FAQ http://www.oasis-open.org/committees/ubl/faq.php

About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,500 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x290

Boston, MA, USA; 21 October 2004 — International standards consortium, OASIS, has formed four committees to continue work originated by the DCML Organization, which recently transitioned its development and operations to OASIS. The new OASIS DCML Framework Technical Committee, the OASIS DCML Server Technical Committee, the OASIS DCML Network Technical Committee, and the OASIS DCML Applications and Services Technical Committee will collaborate on a holistic set of standards for the automated management of the data center infrastructure.

"Today’s complex IT environments are managed in silos of information and demand a data model and format to effectively exchange this information," explained Dr. Tim Howes of Opsware, chair of the OASIS DCML Framework Technical Committee. "Our goal is to enable the systems and people managing data centers to exchange crucial configuration, policy, and operating information in a reliable, standardized manner across all products, methods, and topologies."

Members of the OASIS DCML Framework Technical Committee will define the overall approach, concepts, and structures fundamental to DCML’s description and manipulation of data center elements and the policies governing their management. The group’s work will serve as the foundation for other OASIS DCML committees, which will develop sub-specifications to represent specific types of information.

The OASIS DCML Applications and Services Technical Committee will define extensions to represent abstract application and services architectures and specific products. "We will create a uniform, heterogeneous, and comprehensive data model and interchange format to allow applications, application components such as Web services, and IT services of all types to be referenced and managed," said J. Darrel Thomas of EDS, chair of the OASIS DCML Applications and Services Technical Committee.

The OASIS DCML Network Technical Committee will design a data model and XML-based format for the exchange of information about networking elements in the data center. "Our focus will be on the specifics of network equipment and technology, but our scope is large, covering all types of networking components, from simple switching and routing elements to nodes that provide advanced processing at all layers of the protocol stack," explained Dave Roberts of Inkra Networks, chair of the OASIS DCML Network Technical Committee.

The OASIS DCML Server Technical Committee will facilitate the representation and management of information about logical or physical compute resource in the data center. "This committee supports the larger DCML goals of facilitating the interchange of information between tools and devices, improving the data center environment, enabling increased automation, and leading the way for machine processing of descriptive and policy information," stated Moshe Bar of Qlusters, chair of the OASIS DCML Server Technical Committee.

Members of the OASIS DCML Technical Committees include representatives of BEA Systems, BMC Software, Computer Associates, Electronic Data Systems, Inkra Networks, Opsware, Tibco, and others. Participation remains open to all organizations and individuals. The first meeting of the new committees will be held on 15 November 2004.

About OASIS DCML Member Section

The OASIS DCML Member Section (http://www.dcml.org) is an open coalition of vendors and users working to advance utility computing through the development and adoption of the Data Center Markup Language (DCML). DCML is the freely licensed specification that provides a structured model and encoding to describe, construct, replicate, and recover data center environments and elements. The group is part of OASIS (http://www.oasis-open.org), the not-for-profit, international consortium that drives the development, convergence and adoption of e-business standards.

More information

OASIS DCML Applications and Services Technical Committee: http://www.oasis-open.org/committees/dcml-appserv OASIS DCML Framework Technical Committee: http://www.oasis-open.org/committees/dcml-frame OASIS DCML Network Technical Committee: http://www.oasis-open.org/committees/dcml-network OASIS DCML Server Technical Committee: http://www.oasis-open.org/committees/dcml-server Cover Pages Technology Report: http://xml.coverpages.org/computingResourceManagement.html OASIS DCML Member Section http://www.dcml.org

Press contact:

Karli Overmier Barokas PR +1.206.264.8220 karli@barokas.com

Boston, MA and Sunnyvale, CA, USA; 30 August 2004 — Plans were announced today for the Data Center Markup Language (DCML) Organization to advance its specification, technical agenda, membership, and operations as part of the global OASIS standards consortium. Through this transition, DCML stands to benefit from OASIS’ broad membership base–more than 3,000 participants representing over 600 organizations and individual members across 100 countries. The transition will result in the formation of the OASIS DCML Member Section, which will promote the use of utility computing by providing a standard way to represent the IT environment and enabling data center automation and system management solutions to easily exchange information about the environment under management.

"Transitioning the DCML Organization to OASIS marks the next significant milestone in the development of the specification and promises to further accelerate its adoption amongst organizations worldwide," said Louis Blatt of Computer Associates, president of the DCML Organization. Blatt noted that nearly half of OASIS member organizations represent end users, diversity which he considers, "a key factor for ensuring the broad market adoption of the DCML specification. OASIS has an impressive track record and offers DCML access to deep resources across the industry. We expect the new OASIS DCML Member Section will advance the current DCML specification to the status of an internationally accepted OASIS Standard that will allow end users to increase service levels and align their IT infrastructure with business priorities."

"The DCML Organization has demonstrated significant traction over the last nine months and garnered tremendous vendor and end-user participation. Their efforts offer exciting potential for managing the massive complexity that exists in IT environments," commented Patrick Gannon, president and CEO of OASIS. "We welcome the DCML community to OASIS and look forward to advancing its mission of open standardization for utility computing."

By moving its operations and technical committees under OASIS, DCML takes advantage of the international consortium’s respected open technical process, transparent governance, and international reach. Founded in 1993, OASIS produces widely adopted standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. DCML joins a host of specifications developed at OASIS including the Security Assertion Markup Language (SAML), Web Services Distributed Management (WSDM), Web Services Security (WSS), and Universal Description, Discovery and Integration (UDDI).

Gartner vice president and distinguished analyst, Donna Scott, applauded the transition, saying, "OASIS is a natural fit for DCML and will provide the global participation and momentum to drive the Framework Specification forward. Today’s data centers are struggling under many burdens, and specifications such as DCML could become key to achieving an efficient, automated IT infrastructure that provides the benefits of a real-time infrastructure."

The OASIS DCML Member Section will be managed by a Steering Committee made up of the existing DCML Board of Directors, Louis Blatt of Computer Associates, Darrel Thomas of EDS, and Sharmila Shahani of Opsware, Inc; others may be added in the future.

About DCML The DCML Organization (http://www.dcml.org) is an open coalition of vendors and users working to advance utility computing through the development and adoption of the Data Center Markup Language (DCML). DCML is the first, freely licensed specification that provides a structured model and encoding to describe, construct, replicate, and recover data center environments and elements. Founded in October 2003, the mission of the organization also extends to DCML certification, compliance programs, and education.

About OASIS OASIS (http://www.oasis-open.org) is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces.

Press contact: Carol Geyer Director of Communications, OASIS carol.geyer@oasis-open.org Tel: +1 978.667.5115 x209

BOSTON, MA, USA; 5 AUGUST 2004 — OASIS, the international standards consortium, today announced the results of the 2004 elections for their Board of Directors and Technical Advisory Board. Mike DeNicola of Fujitsu was elected and Edward Cobb of BEA Systems, Colin Evans of Intel, Frederick Hirsch of Nokia, and Jeff Mischkinsky of Oracle were re-elected by the OASIS membership to provide business leadership to advance OASIS as a major standards-setting body for Web services, e-business, security, and other applications. Each director serves two-year terms.

DeNicola, Cobb, Evans, Hirsch, and Mischkinsky join existing directors whose seats expire in 2005, John Borras of the UK Cabinet Office’s e-Government Unit, Eduardo Gutentag of Sun Microsystems, Jim Hughes of Hewlett-Packard, Christopher Kurt of Microsoft, and Michael Weiner of IBM, as well as Patrick Gannon, who has an appointed seat on the Board as president and CEO of OASIS.

The Consortium also announced the nomination and subsequent appointment of three new members to the OASIS Technical Advisory Board (TAB), a group of industry experts who provide guidance on issues related to strategy, process, interoperability, and scope of OASIS technical work. New OASIS TAB representatives include Jacques Durand of Fujitsu, Michael Mahan of Nokia, Jishnu Mukerji of Hewlett Packard, and Timothy Stevens of LexisNexis.

"As business over the World Wide Web becomes a reality, it is important for the organizations that set the standards for this expansion to have representation from industry leaders around the globe. Recently, OASIS has seen significant growth in its membership from outside of North America, and as a representative of Fujitsu, I am honored to take a seat on the Board of Directors of this truly international standards body," said Mike DeNicola, Director of Industry Relations for Fujitsu.

"I am pleased to have been returned to the OASIS Board of Directors for a second term and look forward to working with the other directors, staff, and the OASIS membership to make OASIS even stronger," said Edward Cobb, VP, Architecture & Standards at BEA Systems.

"Open standards, convergence and interoperability are essential for global business adoption and deployment of e-business standards, especially across diverse industries," said Frederick Hirsch, Senior Architect at Nokia Corporation. "I am pleased to be re-elected to the OASIS Board to serve the membership of OASIS in supporting the mission of the consortium."

"OASIS has played an important role in the development of Web services standards and hosts a number of technical committees working on a broad range of specifications for e-business," said Jeff Mischkinsky, Director of Web Services Standards for Oracle Corporation. "Oracle has always been committed to promoting interoperability based on open industry standards, and I am pleased to continue serving on the OASIS Board of Directors toward that end."

On behalf of the OASIS membership, Patrick Gannon expressed appreciation to departing Board member, Laura Walker, and departing TAB members, Derek Coleman of Hewlett Packard, Chet Ensign of LexisNexis, Jackson He of Intel, and Krishna Sankar of Cisco Systems, for their service and guidance over the past two years.

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UDDI, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x290

BOSTON, MA, USA; 4 AUGUST 2004— After more than five years of successful cooperation with OASIS as an affiliate, CGM Open has transitioned to become a Member Section of the OASIS global standards consortium. With the inaugural meeting of its OASIS CGM Open WebCGM Technical Committee, CGM Open has taken the next step, launching an aggressive agenda built around advanced development and interoperability of the well-established WebCGM standard.

WebCGM version 1.0, a vector graphics standard used in online technical documents such as parts catalogs and electronic manuals, was produced by a collaborative effort of CGM Open and the World Wide Web Consortium (W3C) in 1999 and revised in 2001. Requirements from the user community, especially for a Document Object Model (DOM) and an XML companion file architecture, have elevated production of a WebCGM version 2.0 as the first priority for the OASIS CGM Open WebCGM Technical Committee. A WebCGM DOM will allow dynamic access to information stored in the graphics file. An XML companion file architecture will allow objects in the file to be associated with metadata – from simple hotspot links to complex multi-language screentips or context-sensitive data. These enhancements will improve both the vendor neutrality of WebCGM, and the application neutrality as well – industry consortia will be able to easily derive their individual standards from the WebCGM base.

"WebCGM 2.0 will incorporate critical new features needed in the marketplace," said Dave Cruikshank of the Boeing Company, chair of the OASIS CGM Open WebCGM Technical Committee. "We expect WebCGM 2.0 to become the core profile for all industry sectors, ensuring vendor-neutral interoperability between CGM-enabled products."

"WebCGM is an exciting example of productive, cross-consortia cooperation at work," noted Patrick Gannon, president and CEO of OASIS. "CGM was first published by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC). CGM Open and W3C expanded on that work by developing WebCGM. Now, the OASIS CGM Open Member Section looks forward to continuing that productive collaboration with WebCGM version 2.0."

"WebCGM 2.0 forms a significant portion of our vision of where CGM is going," commented Dieter Weidenbrück of ITEDO Software, chair of the OASIS CGM Open Member Section Steering Committee. "We see our main goal in providing users with a reliable and powerful format that meets their requirements."

Members of the OASIS CGM Open Member Section include representatives of Airbus, Arbortext, Auto-trol Technology, The Boeing Company, US National Institute of Standards and Technology (NIST), and others. WebCGM 2.0 technical definition, plus several parallel implementations, are expected to be substantially finished in late 2004.

About CGM Open

CGM Open, an OASIS Member Section, works to accelerate the adoption, application, and implementation of the Computer Graphics Metafile (CGM), the ISO/IEC 8632:1999 standard for open interchange of structured graphical objects and their associated attributes. In collaboration with the World Wide Web Consortium (W3C), CGM Open developed WebCGM, a profile that provides a reliable method of publishing two-dimensional technical graphics on the Web.

About OASIS

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces more Web services standards than any other organization along with standards for security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UDDI, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Additional information

OASIS CGM Open WebCGM Technical Committee http://www.oasis-open.org/committees/cgmo-webcgm

Press contact

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x290

Boston, MA, USA; 23 June 2004 — The OASIS international standards consortium today announced that its members have approved the Application Vulnerability Description Language (AVDL) version 1.0 as an OASIS Standard, a status that signifies the highest level of ratification. AVDL provides a standard method for exchanging information concerning security vulnerabilities within Web services and Web applications.

"AVDL addresses the challenge of how businesses manage ongoing application security risk on a day-to-day basis," explained Gartner VP and analyst John Pescatore. "When you consider that upwards of 80 application vulnerabilities are announced each week, it’s clear how significant this work is. By employing solutions based on the AVDL OASIS Standard, companies can reduce the threat they face from the moment a vulnerability is discovered to the time it takes them to first shield, then patch their systems."

AVDL is already being implemented by companies and government agencies including the central security incident response organization for the United States Department of Energy (DOE) and National Nuclear Security Administration (NNSA), which plans to AVDL-enable its new Security Incident Response Portal.

"Prior to AVDL, network managers had to manually compare reports from application vulnerability assessments with their application firewall rules, patch management systems, and other information from event correlation engines. Then, they needed to take appropriate remediation steps and create firewall rules to secure their applications," said Kevin Heineman of SPI Dynamics, co-chair of the OASIS AVDL Technical Committee. "Now network managers can save valuable time by importing vulnerability assessment data from AVDL-compliant application scanners. Firewalls can configure appropriate rules, patch management software can provide automatic remediation, and event correlation products can include application-level vulnerability data in the organization’s overall risk assessment picture. AVDL offers a welcome alternative to the labor-intensive job of eyeballing and rewriting scores of text alerts, freeing security administrators to focus on higher-level policy analysis."

Jan Bialkowski of NetContinuum, co-chair of the OASIS AVDL Technical Committee, agreed, "Organizations are drowning in the flood of security bulletins and alerts while application vulnerability exploits are wreaking havoc on networks around the globe. AVDL offers an automated way to break this cycle by dramatically reducing the time between the discovery of a new vulnerability and the response time to block attacks at the security gateway. Since AVDL is an easy schema to implement, we hope to see rapid adoption, advancing the industry to an era where all security products can share and effectively utilize vulnerability data via AVDL."

Participation in the OASIS AVDL Technical Committee remains open to all organizations and individuals, and OASIS hosts an open mail list for public comment.

Industry Support for AVDL OASIS Standard

"With the ratification of AVDL, we will now have the capability to provide interoperability between industry-leading network and application security technologies and our vulnerability management solutions. Large enterprise and government customers will benefit enormously from the greater flexibility and consistency for implementing security policies with a standard approach to managing vulnerability data," said Carl Banzhof, CTO, Citadel Security Software.

About OASIS

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces more Web services standards than any other organization along with standards for security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include CAP, DocBook, DSML, ebXML, SAML, SPML, UDDI, WSRP, WSS, XACML, and XCBF. http://www.oasis-open.org

Additional information:

OASIS AVDL Technical Committee http://www.oasis-open.org/committees/avdl

Cover Pages: Application Security http://xml.coverpages.org/appSecurity.html

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x290