Boston, MA, USA; 22 September 2003 — The OASIS standards consortium today announced that its members have approved the Security Assertion Markup Language (SAML) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. SAML provides an XML-based framework for exchanging authentication and authorization information, enabling single sign-on–the ability to use a variety of Internet resources without having to log in repeatedly.

"SAML has gained widespread industry adoption as a basis for federated identity and security environments," said James Kobielus, senior analyst at Burton Group. "Clearly, SAML is a living, evolving standard, and OASIS has, with the new version 1.1, incorporated changes that reflect real-world experience with SAML version 1.0."

According to Prateek Mishra of Netegrity, co-chair of the OASIS Security Services Technical Committee, "Prior to SAML, there was no XML-based standard that enabled exchange of security information between a security system (such as an authentication authority) and an application. SAML provides a way to specify authentication, attribute, and authorization decision statements. It also specifies a Web services-based request/reply protocol for exchanging these statements."

"The SAML 1.1 standard introduces important enhancements that improve its interoperability and utility to other Web services security efforts in the industry. This can be seen through the adoption of SAML 1.1 as a foundation for the Liberty Alliance’s Identity Federation Framework, the implementation of SAML 1.1 by the Internet2/MACE Shibboleth project, and the development of a SAML profile by the OASIS Web Services Security (WSS) Technical Committee for using SAML with WS-Security," added Rob Philpott of RSA Security, co-chair of the OASIS Security Services Technical Committee. "The growing participation of OASIS member companies in SAML’s development and our committee’s increasing collaboration with other security-related standards groups demonstrate the value of OASIS SAML standardization to the industry."

Liberty Alliance Management Board president, Michael Barrett, also vice president of Internet Strategy at American Express, commented, "Collaboration between standards organizations is critical to industry momentum and to ensure new technologies like single sign-on and Web services succeed. Organizations looking to benefit from these new technologies need access to proven, interoperable, and secure standards that they can build on for the next new technology. Open standards like SAML and Liberty’s specifications have been proven to meet that need."

Members of the OASIS Security Services Technical Committee include Baltimore Technologies, BEA Systems, Computer Associates, Entrust, Hewlett-Packard, Netegrity, Oblix, OpenNetwork, Reactivity, RSA Security, SAP, Sun Microsystems, Verisign, and other security software vendors, financial institutions, government agencies, and academia.

Industry Support for SAML 1.1

Baltimore Technologies "Baltimore welcomes the completion of SAML 1.1 as an important building-block of the security services infrastructure that will underpin the emerging service oriented computing landscape," said Patrick McLaughlin, CTO, Baltimore Technologies.

BEA Systems "SAML 1.1 continues the evolution of this key standard for interoperable exchange of security information in federated environments," said Ed Cobb, Vice President, Architecture and Standards, BEA Systems, Inc (NASDAQ: BEAS). "We are pleased at the growing industry support for SAML to secure information access and to enhance user experiences in service-oriented environments."

Computer Associates "Managing the identities of users outside the enterprise has become as integral to business enablement as managing the identities of internal users," said Bilhar Mann, director of eTrust identity and access management solutions at Computer Associates. "The SAML OASIS Standard will play an instrumental role in enabling identity management beyond the enterprise. It will also enable users of CA’s SAML-compliant, eTrust identity and access management solutions to more readily apply corporate management and security policies to systems that touch customers and supply-chain partners."

Confluent Software "The approval of SAML 1.1 as an OASIS Standard is an important step towards broader adoption of standards-based authentication and authorization solutions," said Sekhar Sarukkai, Vice President of Technology & Co-Founder of Confluent Software. "As a Web services management vendor supporting SAML in many customer engagements, we believe that the several important extensions in SAML 1.1 will help accelerate the deployment of secure, standards-compliant Service Oriented Architectures."

DataPower Technology "The release of the 1.1 specification is a testament to the advancement for Web services deployments and the demand for pragmatic, interoperable solutions for Web services security," said Rich Salz, Chief Security Architect at DataPower Technology Inc. "The fact that much of SAML 1.1 is based on feedback from the 1.0 user community shows that SAML is being deployed and is meeting real-world needs. We look forward to increased adoption and evolution."

Entrust "As one of the early founding members of the OASIS Security Services Technical Committee and an ongoing contributor to SAML’s development, we are happy to see its advancement in the industry as a standard for identity federation," said Tim Moses, Director of Advanced Security Technology, Entrust, Inc. "We are seeing increasing interest in the marketplace around SAML and are committed to continuing our support for the OASIS Standard through Entrust’s broad portfolio of security solutions for Web Portals, Identity Management, and Web Services."

Hitachi "Hitachi welcomes the enhancement of the SAML OASIS Standard," said Takao Nakamura, General Manager, Network Software of Hitachi, Ltd., Software Division. "We believe that SAML 1.1 will be an integral part of a secure Web services environment. We plan on adopting this standard for our Web services products in the future.

Oblix "The ratification of SAML 1.1 accelerates broader adoption of federated identity as a way to increase collaboration and effectiveness," said Prakash Ramamurthy, vice president of products and technology, Oblix. "We are pleased by growing industry support for SAML and are very proud of our customers, such as Southwest Airlines and SPAWAR, who report real business value from live SAML deployments."

OpenNetwork "As security technologists and active participants in OASIS, we are excited that SAML 1.1 has become an OASIS Standard," said Bob Worner, vice president of product engineering at OpenNetwork. "We look forward to continued work and standards development and to delivering these technologies to our customers for more secure and cost effective identity management across disparate corporate boundaries."

Netegrity "We are very pleased with the significant traction that SAML has received and the enhancements in the 1.1 release of SAML incorporate what has been learned in those deployments," said Deepak Taneja, CTO at Netegrity. "Utilizing the SAML support within Netegrity’s identity and access management solutions companies are able to realize the benefits of flexible federation models."

Reactivity, Inc. "Reactivity is pleased to support SAML 1.1 as an OASIS Standard. The Reactivity XML Firewall™ incorporates support for the SAML Token Profile for Web Services to provide out customers with interoperable authentication credentials for securing XML and Web Services. SAML 1.1 incorporates feedback from actual production deployments of SAML, which attests to the strength of the standard in solving real-world problems and delivering rapid business results," said John Lilly, VP and CTO, Reactivity, Inc.

RSA Security "RSA Security is firmly committed to industry standards that help our customers to be more productive, enjoy greater interoperability, achieve new business opportunities, and realize a strong return-on-investment across their infrastructure," said Jason Lewis, Vice President of Product Management and Marketing at RSA Security. "We have been involved with SAML from its inception, contributing core intellectual property and technical expertise to guide its development, and we are pleased with the progress that is reflected in version 1.1. We support version 1.1 in the latest release of RSA ClearTrust software and look forward to helping more of our customers capitalize on federated identity management."

SAP "The area of security poses a real concern for companies assessing their web services strategy," said Sachar Paulus, Director of Product Security, SAP. "Now that SAML 1.1 has achieved OASIS ratification as the industry standard for security assertions, e.g., for delegating authentication and authorization decisions to central, federated Identity and Access Management solutions, a major aspect of the security architecture of a Web services-based landscape is addressed. SAP already supports SAML 1.0 with its current NetWeaver release for Single Sign-On purposes and is committed to use SAML 1.1 as a cornerstone for achieving the needed security of SAP’s Enterprise Service Architecture."

Sun Microsystems "Sun continues to be committed to supporting SAML as it provides an essential framework for delivering secure, identity-enabled Web services," said Stephen Pelletier, vice president, Network Identity, Communication and Portal Products. "SAML is a key part of the Liberty Alliance’s federated identity management initiatives, further demonstrating its significant value and market adoption. Sun is committed to supporting SAML version 1.1 in our market-leading, Liberty-enabled Java System Identity Server early next year."

About OASIS (http://www.oasis-open.org): OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

OASIS Security Services Technical Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

Press contact: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 16 September 2003 — The OASIS standards consortium today announced that its members have approved the XML Common Biometric Format (XCBF) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. XCBF provides a standard way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. XCBF can be used in applications as varied as homeland security, corporate privacy, law enforcement, and biotechnical research. It will assist in identifying citizenship, measuring attendance, controlling access to documents, facilitating non-repudiation in commerce, and many other functions.

Tyky Aichelen of IBM, chair of the OASIS XCBF Technical Committee, stated, "XCBF bridges the gap between the worlds of biometrics and Web services, making it possible to have a common, standardized, secure way to define, store, manage, and exchange biometric information with greater interoperability between systems."

"Traditional biometric standards are based on binary encoding formats, which severely limit their use in XML-enabled systems and applications," explained John Messing, American Bar Association representative to OASIS. "By providing a standard way for biometric information to be exchanged using XML, XCBF literally redefines biometrics as a practical solution for a Web-based environment."

Members of the OASIS XCBF Technical Committee include Booz Allen Hamilton, IBM, MTG Management Consultants, and others.

"OASIS is pleased to provide a forum where work from other standards bodies can be advanced for the XML environment," noted Karl Best, vice president of OASIS. "XCBF builds on development from Common Biometric Exchange File Format (CBEFF), work of the American National Standards Institute (ANSI), managed and maintained by the U.S. National Institute of Standards Technology (NIST). This commitment to cross-consortia collaboration is essential for interoperability among standards."

XCBF adds to the growing portfolio of OASIS Standards and specifications for security, which also includes SAML for exchanging authentication and authorization information, SPML for provisioning, XACML for access control, WS-Security, and others. OASIS currently has more than 60 active technical committees.

"Life Sciences is a strategic industry in which we place great importance," said Karla Norsworthy, director of Dynamic e-Business Technologies for IBM. "XCBF is extremely important in the development of products that can be more easily integrated and leveraged by our customers that do business in the biometric life sciences industries."

About OASIS (http://www.oasis-open.org): OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Press contact: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 11 September 2003 — The OASIS standards consortium today announced that its members have approved Web Services for Remote Portlets (WSRP) version 1.0 as an OASIS Standard, a status that signifies the highest level of ratification. WSRP standardizes the consumption of Web services in portal front ends, as well as the way in which content providers write Web services for portals.

"WSRP defines how Web services plug into portals," explained Delphi president, Thomas Koulopoulos. "Once a WSRP service is published to a public directory, portal administrators are able to locate and dynamically integrate it with just a few mouse clicks. WSRP is a critcal standard enabling distributed portals to share portlets as visual, user-facing Web services for integration with other portals."

WSRP eliminates the need for content aggregators to choose between locally hosting a content source or writing code specific to each remote content source. Instead, WSRP allows content to be hosted in the environment most suitable for its execution while still being easily accessed by content aggregators. The standard enables content producers to maintain control over the code that formats the presentation of their content. By reducing the cost for aggregators to access their content, WSRP increases the rate at which content sources may be easily integrated into pages for end-users.

"The OASIS WSRP Technical Committee was founded in early 2002 with the vision of providing a single interface standard for all interactive, presentation-oriented Web services. WSRP v1.0 succeeds in providing this platform neutral definition of an interface," said Rich Thompson of IBM, chair of the OASIS WSRP Technical Committee. "Early vendor support for WSRP–we’ve tracked eight implementations to date–clearly demonstrates the need for this standardized means of accessing remote content."

"WSRP builds on foundational work from the Worldwide Web Consortium (W3C)," said Patrick Gannon, president and CEO of OASIS. "WSRP uses WSDL to describe interfaces, and requires SOAP bindings for all conformant services. WSRP is an excellent example of how an open, standards-based approach will enable end-user interactive web services to be deployed in a lower cost, faster-to-implement, plug-and-play environment."

WSRP allows remote portlet Web services to be implemented in a variety of ways, including Java/J2EE and Microsoft’s .NET platform.

WSRP is the result of a collaboration of 25 OASIS member companies including BEA Systems, Citrix Systems, Factiva, IBM, Microsoft, Novell, Oracle, Plumtree Software, Reed Elsevier, SAP, Sun Microsystems, TIBCO, and Vignette. It joins a growing portfolio of OASIS Standards and specifications for Web services including Universal Description, Discovery, and Integration of Web Services (UDDI), Web Services Business Process Language (WSBPEL), Web Services for Distributed Management (WSDM), Web Services for Reliable Messaging (WSRM), WS-Security, and others. OASIS currently has more than 60 active technical committees.

Industry Support for WSRP

BEA Systems "WSRP 1.0 is an important step forward in expanding the reach and ubiquity of portal technologies by providing standards that extend customer applications to support federated portals," said Shane Pearson, Group Product Manager, WebLogic Portal, BEA Systems, Inc (NASDAQ: BEAS). "The increase in available content and applications, combined with the ease of deployment and consistent APIs of the Java Portlet Specification, both of which are available to BEA developers today, will increase the return on investment and usefulness of portal solutions."

Computer Associates "By providing a ‘plug-n-play’ standard that enables developers to capture portal content from compliant sources and make that content available to users in readily accessible portlets, WSRP unleashes the full potential power of Web services," said Dmitri Tcherevik, vice president and director of Web services at CA. "CA is committed to supporting WSRP in our CleverPath information delivery solutions, and providing the security and management support necessary to ensure that WSRP-based business solutions are safe, reliable and scalable."

Factiva "WSRP approval is a significant milestone for OASIS and for our customers, especially as their enterprise portal deployments continue to grow," said Mike Menna, associate vice president of Applications and Integration of Products for Factiva. "For Factiva, the approval of WSRP further validates our integration strategy dating back to early 2000. Going forward, we will continue to work with our fellow OASIS WSRP Technical Committee members to provide the best business intelligence content at the point of decision."

IBM "As a co-author and a leader of the WSRP and JSR 168 initiatives, IBM is very glad to see that WSRP has been approved by OASIS as a formal standard. IBM, through WebSphere Portal, will be enabled to integrate WSRP services offered by any WSRP-compliant producer and to publish portlets running on WebSphere Portal as WSRP services," said Larry Bowden, vice president of Portals and Lotus products for IBM. "To push for the quick adoption of the WSRP OASIS Standard by providers of content and application services, IBM provides a free, open source implementation of WSRP based on Tomcat and the Java Portlet API (JSR 168) Reference Implementation at the Apache Software Foundation – WSRP4J (http://ws.apache.org/wsrp4j/), thus enabling third parties to implement WSRP services by implementing JSR 168 portlets and making them available as WSRP services which will plug into all WSRP-compliant portals."

Plumtree "Plumtree was the first vendor to release a WSRP product to customers and one of the only vendors whose WSRP software is built for use on many different application servers. We’ve also demonstrated interoperability with all WSRP test implementations including those offered by BEA, IBM, Oracle, and Citrix," said Plumtree CEO, John Kunze. "Plumtree will continue its role as an active participant in the OASIS WSRP Technical Committee and other standards bodies. We also hope to guide standards beyond just portlets to include other key elements for building rich applications, such as Web services for indexing content, importing user profiles and security, and for federating searches. Creating a world of standardized, interoperable portals is an ambitious vision–the finalization of WSRP is an important first step."

Sun Microsystems "We fully support the WSRP standard as it will be a key driver of Web services adoption in the portal marketplace," said David Bryant, director of marketing for the Sun ONE Portal Server, Sun Microsystems, Inc. "Sun is committed to helping our customers build federated portals that deliver easy access to services for their end-users through standards such as WSRP, Liberty, and JSR 168."

Vignette "The WSRP OASIS Standard and its ‘plug-and-play’ structure for diverse user-facing Web applications, including portals, will help organizations rapidly assimilate information from across the enterprise to provide a better customer experience," said Ed Anuff, vice president of strategy at Vignette. "Vignette continues its long-standing push to define and promote open standards, in turn giving its customers maximum flexibility and the opportunity to reduce complexity while speeding deployment and time to benefit."

WebCollage "As a leader in enabling companies to integrate interactive applications across Web systems, WebCollage is proud to have played a role in the development of the WSRP 1.0 specification, and we are pleased to see the support it has received," said Gil Tayar, Chief Technology Officer at WebCollage, Inc. "WSRP has the potential to do for interactive applications what SOAP did for the programmatic services, by making it easier and cost effective to integrate application functionality across a large number of portals. WebCollage customers benefit from the ability to repurpose existing Web applications as WSRP-enabled remote portlets."

About OASIS (http://www.oasis-open.org): OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Press contact: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 29 July 2003 — OASIS, the international standards organization, today announced the election of four members to its Board of Directors. John Borras of the United Kingdom Office of e-Envoy and Eduardo Gutentag of Sun Microsystems were elected and Jim Hughes of Hewlett-Packard and Chris Kurt of Microsoft were re-elected by the OASIS membership to provide business leadership to advance OASIS as a major standards-setting body for Web services, e-business security and other applications.

Borras, Gutentag, Hughes, and Kurt join existing directors whose seats expire in 2004, Edward Cobb of BEA, Colin Evans of Intel, Patrick Gannon of OASIS, and Laura Walker of The Federal Reserve System. Each director serves two-year terms.

The consortium also announced the appointment of four new members to the OASIS Technical Advisory Board (TAB), a group of industry experts who provide guidance on issues related to strategy, process, interoperability, and scope of OASIS technical work. New OASIS TAB representatives include William Cox, Ph.D. of BEA Systems, Christopher Ferris of IBM, Timothy Moses, Ph.D. of Entrust, and Peter Wenzel of SeeBeyond.

"We had an unprecedented number of exceptionally qualified candidates for this year’s Board election; testimony to the fact that OASIS has become one of the most important independent standards development organizations," noted Colin Evans of Intel, chair of the OASIS Board of Directors. "Most often identified with programs such as ebXML and UBL for e-commerce, and UDDI for directories, OASIS and its members are rapidly expanding its scope to Web services standards and vertical community initiatives."

On behalf of the OASIS membership, Patrick Gannon, president and CEO of OASIS, expressed appreciation for departing Board members, Simon Nicholson of Sun Microsystems and Michael Weiner of IBM, for their outstanding leadership and guidance over the past two years.

About OASIS (http://www.oasis-open.org): OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Press contact: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 26 June 2003 — The first public demonstration of the OASIS Service Provisioning Markup Language Specification (SPML) v1.0 will be held on 9 July 2003 at the Catalyst Conference in San Francisco. SPML is an XML-based framework for exchanging and administering user access rights and resource information across heterogeneous environments. Ten members of the OASIS standards consortium will come together at Catalyst to prove the stability of the new specification and demonstrate interoperability between SPML-conformant security software products.

"SPML is the product of an open collaboration process involving identity management vendors committed to the creation of a standard that any application or software product could use to request provisioning services," said Phil Schacter vice president and director, directory and security strategies, Burton Group. "The effort and commitment by these vendors to create SPML demonstrates their recognition of the key role standards play in enabling the virtual enterprise. Provisioning is clearly becoming a key component in the identity management infrastructure for many companies."

SPML lets organizations automate, centralize, and manage the process of provisioning user access to internal and external corporate systems and data. SPML has been designed to work with the World Wide Web Consortium’s SOAP, the OASIS Standard SAML, the OASIS WS-Security specification, and other open standards that allow companies to securely leverage Web services.

"SPML allows cooperating elements of an Identity Management infrastructure to securely exchange provisioning and service subscription requests using an open standards-based protocol," explained Darran Rolls of Waveset, chair of the OASIS Provisioning Services Technical Committee. "This demonstration highlights interoperability between the industry’s leading provisioning and identity management vendors, based on our committee’s specification. As infrastructure becomes more identity-centric and companies start to model and deploy Web services, SPML will be a critical element of an end-to-end standards-based identity management strategy."

"We are very pleased with the work surrounding the development of the SPML specification," said Gavenraj Sodhi of Business Layers, secretary for the OASIS Provisioning Services Technical Committee. "This is a collective effort by industry leaders to take an administrative burden off the customer by creating an open standard that will be applied to Web services strategies moving forward." Sodhi will make an SPML presentation at the Catalyst Conference.

"Clearly, security is essential for the proliferation of Web services. That’s why it’s so significant that these SPML developers are proving interoperability on a major scale, in a public forum," said Karl Best, vice president of OASIS. "The demonstration is a milestone in the development and recognition of SPML 1.0 as an crucial security layer in the Web services stack."

The SPML specification is currently in a public review period which occurs prior to being submitted to the OASIS membership at-large for consideration as an OASIS Standard. SPML is one of several security standards being developed at OASIS. Other standards and specifications include WS-Security for high-level security services, XACML for access control, XCBF for describing biometrics data, and SAML for exchanging authentication and authorization information.

Industry Leaders Support SPML

BMC Software: "BMC Software is proud to be a member of the OASIS SPML Interoperability Demonstration. As the identity management market emerges, addressing the need for integration and interoperability of disparate access control components and business applications becomes a top priority of our customers’ identity management strategy. Provisioning systems can now use a standard language to exchange identity information with business applications and service providers to achieve automated provisioning of users and services. SPML adds a much needed dimension to the open and secure identity management solution market," said Doron Cohen, Chief Architect, Security Business Unit, BMC Software.

Business Layers: "Business Layers is proud to be part of the process in ratifying the SPML specification. This is an important achievement for both customers and vendors that support them. We look forward to continuing our investment and active involvement with OASIS through our commitment to open standards for Identity Management and Provisioning," said Adrian Viego, chief technology officer for Business Layers.

Entrust: "SPML represents a significant step forward in the industry’s collective efforts to help governments and businesses manage user identities across a broad range of applications in a cost-effective and timely manner. As a strong advocate of open standards, Entrust is proud to have played an active role in SPML’s development to date, and we look forward to demonstrating our ongoing commitment to this important specification at the upcoming OASIS SPML Interoperability Demonstration," said Tim Moses, director of advanced security technology at Entrust.

OpenNetwork: "As technologists and active participants in OASIS, we are committed to delivering standards-based solutions that meet our customers’ challenges of securely managing identities across complex enterprises. We are excited about the benefits of the new SPML specification and are pleased to team with our partners and deliver the first prototype of its kind to the market," said Bob Worner, vice president of product engineering at OpenNetwork.

Waveset: "More and more Waveset customers are adopting Web services as a way to build and expand business opportunities. By providing open, SPML-enabled identity management solutions, we can help them protect and maximize current enterprise investments, while also leveraging the latest, most innovative technologies for continued competitive advantage. We are proud of our contribution to OASIS, which underscores a continued commitment to industry standards in the development and deployment of award-winning products," said Kevin Cunningham, vice president of marketing at Waveset.

About OASIS (www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Press inquiries:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.941.284.0403

Geneva, Switzerland; 3 June 2003 — International standards bodies, OASIS and UN/CEFACT, today announced that the latest completed versions of ebXML specifications have been endorsed by the 2003 Plenary session of UN/CEFACT meeting in Geneva. The United Nations Centre for Trade Facilitation and Electronic Business endorsed the adoption of ebXML global standards for exchanging business messages, establishing trading relationships, communicating data in common terms and defining and registering business processes.

Seven components of ebXML were reviewed and endorsed by the Plenary including the OASIS Open Standards: ebXML Message Service Specification v2.0; ebXML Registry Information Model v2.0; ebXML Registry Services Specification v2.0; and the ebXML Collaboration Protocol Profile and Agreement v2.0; as well as the ebXML Business Process Specification Schema v1.01 now managed by UN/CEFACT, and the jointly managed ebXML Technical Architecture v1.04 and the ebXML Requirements v1.06.

"We are proud that the UN/CEFACT Plenary has added another level of international endorsement to the four ebXML specifications which are OASIS Open Standards," noted Patrick Gannon, president and CEO of OASIS.

Ray Walker, chair of the UN/CEFACT Steering Group added, "The endorsement of the UN/CEFACT Plenary is another milestone for ebXML. It demonstrates conclusively that ebXML has begun to fulfill its promise to make e-business possible for any company or organization anywhere in the world. It also paves the way for the development of a formal UN recommendation to governments and to inter-governmental and non-governmental organizations on the use of ebXML in their eBusiness exchanges."

About ebXML (www.ebXML.org)

ebXML (Electronic Business using eXtensible Markup Language), jointly sponsored by UN/CEFACT and OASIS, is a modular suite of specifications that enables enterprises of any size and in any geographical location to conduct business over the Internet. Using ebXML, companies now have a standard method to exchange business messages, conduct trading relationships, communicate data in common terms and define and register business processes. UN/CEFACT (www.uncefact.org) is the United Nations body whose mandate covers worldwide policy and technical development in the area of trade facilitation and electronic business. OASIS (http://www.oasis-open.org) is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards.

Press information:

Carol Geyer Director of Communications OASIS carol.geyer@oasis-open.org +1.941.284.0403

Boston, MA, and Santa Ana, Calif., USA; 03 June 2003 – Industry standards consortia, OASIS and RosettaNet, formalized plans for a coordinated approach to standards development and implementation that will streamline business-to-business (B2B) integration practices for global supply chain companies. The new alliance leverages the supply chain expertise of RosettaNet with the broad, interoperability focus of OASIS.

"This is a productive alignment of activities, and where practical, a convergence of our work," emphasized Patrick Gannon, president and CEO of OASIS. "Under this scenario, RosettaNet can leverage standards developed by OASIS, such as ebXML and the Universal Business Language (UBL), creating implementation-oriented solutions at a content level. OASIS, in turn, will look to RosettaNet for domain-specific input to ensure the applicability of universal standards within and between industries."

"By coordinating efforts, standards bodies can effectively avoid the duplication of development, strengthen existing global standards in support of ongoing business requirements, and speed time-to-market of standards solutions," remarked Karen Peterson, vice president and research director, Gartner, Inc. "Businesses can implement these valuable standards with confidence, and therefore, more readily connect with domestic and international trading partners on a broader scale."

As a first step in putting this new agreement into practice, RosettaNet has assumed a major role in the OASIS Electronic Procurement Standardization (EPS) Technical Committee. The group provides a forum for government agencies, organizations, and companies to guide the coordinated development of global e-procurement standards. The committee is working to analyze requirements for electronic procurement processes, identify gaps, and recommend new standards as needed.

"While RosettaNet remains committed to developing business process standards required to support the complex needs of the high-technology industry, we also want to realize interoperability across all supply chains. To that end, we see tremendous value in ensuring our supply chain standards are supported by cross-industry, universally accepted standards, such those developed by OASIS," said Jennifer Hamilton, RosettaNet CEO.

RosettaNet and OASIS have established respective liaison memberships that allow representatives of each consortium to actively participate in the technical work of the other. In addition to the OASIS EPS Technical Committee, RosettaNet representatives contribute to the OASIS UBL Technical Committee. RosettaNet is also using the binary collaboration portion of ebXML BPSS, initially developed by OASIS, in its PIP specification format. Possible areas for future collaboration and cross participation are messaging services, advanced business process descriptions, constraint representation, document presentation, repository and meta data standards.

"The RosettaNet and OASIS collaboration should drive a set of robust business solutions that are easy to implement, interoperable, and cost-effective," said Colin Evans, Director of Systems Software, Intel Research and Development, Chairman of the OASIS Board and past Chairman of the RosettaNet Executive Board. "Both organizations have very compatible open philosophies and are dedicated to presenting the e-business community with a unified approach. In addition, RosettaNet will be able to expose its five years of experience implementing XML-based transactions in high-tech businesses into a broader community addressed by OASIS members."

About OASIS (www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

About RosettaNet (www.rosettanet.org)

RosettaNet is a non-profit consortium dedicated to the collaborative development and rapid deployment of open internet-based business standards that align processes within the global high technology and telecommunications trading networks. More than 500 companies, representing over $1 trillion in annual information technology, electronic components and semiconductor manufacturing revenues, currently participate in RosettaNet’s standards development, strategy and implementation activities. Information on the consortium’s worldwide activities in the Americas, Europe and Asia, and a complete list of Partner companies, is available at www.rosettanet.org. RosettaNet is a subsidiary of the Uniform Code Council, Inc. (UCC).

For more information:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Lynda Yana Director of Global Marketing & Communications RosettaNet lynda.yana@rosettanet.org +1.714.480.3806

Boston, MA, USA; 28 May 2003 — Members of the OASIS standards consortium are uniting to create an open data format to describe Web application security vulnerabilities. The new OASIS Web Application Security (WAS) Technical Committee will produce a classification scheme for Web security vulnerabilities, a model to provide guidance for initial threat, impact and risk ratings, and an XML schema to describe Web security conditions that can be used by both assessment and protection tools.

"Gartner believes the OASIS WAS standard effort will play a key role in supporting innovation in security assessment tools and application-level intrusion prevention products," said John Pescatore, Vice President for Internet Security at Gartner Inc. "Having a standard vulnerability description language will allow enterprises to choose and integrate best-of-breed products to best address changing threat scenarios."

"Currently, security advisories are published in ambiguous textual forms or proprietary data files. The same vulnerability is often described in several different ways, using different languages and contexts that quantify risks in different ways," explained Mark Curphey, chair of the OASIS WAS Technical Committee. "WAS will allow vulnerabilities to be published and received in a consistent manner. Risks will be universally understood by law enforcement agencies, government representatives, companies, and organizations, regardless of which tools or technologies are used."

OASIS WAS Technical Committee members include NetContinuum, Qualys, Sanctum, SPI Dynamics, and others. Participation remains open to all organizations and individuals, and OASIS will host an open mail list for public comment. The committee will hold its first meeting on 3 July 2003.

"WAS is complementary to the work of the OASIS Application Vulnerability Description Language (AVDL) Technical Committee, which was formed earlier this year to standardize the format for the way security products communicate. AVDL, using WAS vulnerability classification, will deliver a standard method for vulnerabilities to be described and communicated across multi-vendor products," noted Kevin Heineman of SPI Dynamics and Jan Bialkowski of NetContinuum, co-chairs of the OASIS AVDL Technical Committee.

In the interest of convergence, the OASIS WAS Technical Committee will consider contributions of related work from other groups and companies. The Open Web Application Security Project (OWASP), an Open Source community group dedicated to helping government and industry understand and improve the security of Web applications and services, plans to submit its Vulnerability Description Language (VulnXML) to the new OASIS technical committee.

Industry Support for OASIS WAS Technical Committee

"NetContinuum is a strong proponent of cross-vendor efforts like the OASIS WAS Technical Committee that create a more consistent classification and risk rating system for known application vulnerabilities," said Jan Bialkowski, CTO of NetContinuum. "This information will serve as an ideal input to existing standards efforts like AVDL and provide customers with a more standardized approach to application security."

"OASIS has helped significantly drive the adoption and direction of electronic business through its development of global standards, particularly those focused on security," said Gerhard Eschelbeck, Qualys CTO & VP of Engineering and member of the OASIS WAS Technical Committee. "The growing sophistication of security threats requires standards for classifying risk and determining the impact of new web security vulnerabilities. Qualys is committed to developing and incorporating such standards into its Web-based service for vulnerability management, providing solutions that truly meet the needs of customers."

"SPI Dynamics fully supports the efforts of the OASIS WAS Technical Committee to establish standards in the classification of application vulnerabilities. In conjunction with the efforts of the OASIS AVDL Technical Committee, these initiatives provide significant benefits to the customer in securing their Web applications by facilitating interoperability of best-of-breed, multi-vendor products. We look forward to implementing the standards from both of these groups into our Web application assessment product, WebInspect," said Kevin Heineman, VP of Engineering, SPI Dynamics.

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Additional information:

OASIS WAS-XML Technical Committee http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was

Cover Pages Technology Report: Application Security http://xml.coverpages.org/appSecurity.html

Press contact: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 20 May 2003 — The OASIS interoperability consortium today announced that its members have approved the Universal Description, Discovery and Integration specification (UDDI) version 2.0 as an OASIS Open Standard, a status that signifies the highest level of ratification. UDDI enables companies and applications to dynamically publish, locate, and use Web services.

Uttam Narsu, Vice President, Forrester Research, Inc. noted, "While UDDI has not been as widely adopted as SOAP and WSDL, UDDI v2, under the aegis of OASIS, offers a concrete step to the widely anticipated version 3 specification. We foresee UDDI adoption as critical to the realization of a service-oriented architecture, and expect to see a significant increase in its adoption over the next two years."

"We came to OASIS with the goal of advancing UDDI into a recognized industry standard with support and input from the broadest possible range of constituents," recalled Luc Clement of Microsoft, co-chair of the OASIS UDDI Specification Technical Committee. "UDDI’s ratification as an OASIS Open Standard indicates our success in establishing an interoperable, cross-industry standard that provides a cornerstone for the Web services architecture."

Members of the OASIS UDDI Specification Technical Committee include Computer Associates, Fujitsu, IBM, IONA, Microsoft, Novell, OpenNetwork, Oracle, SAP, SeeBeyond, Sun Microsystems, Tata Consultancy Services, and others.

According to Tom Bellwood of IBM, co-chair of the OASIS UDDI Specification Technical Committee, "UDDI v2 is being widely implemented today. It provides powerful features like business relationships and external taxonomy validation. As OASIS now continues moving version 3 towards a standard, with its support of multi-registry environments and digital signature features, we expect the use of UDDI in all environments to expand even further."

Before becoming an OASIS Open Standard, UDDI v2 first completed an extensive public review and was approved by the OASIS UDDI Specification Technical Committee. Then, the specification demonstrated its readiness through multiple implementations, after which UDDI was reviewed and approved by the OASIS membership as a whole.

"Through OASIS, the key players, large and small, have joined together to advance UDDI within an open process," said Karl Best, vice president of OASIS. "OASIS is pleased to provide a forum, not only for UDDI, but also for so much of the Web services standardization work being done."

The growing portfolio of OASIS Open Standards and specifications for Web services includes UDDI as well as the Web Services Business Process Execution Language (WSBPEL), the Security Assertion Markup Language (SAML), Web Services Reliable Messaging (WSRM), WS-Security, Web Services Distributed Management (WSDM), ebXML, Universal Business Language (UBL), and others. OASIS currently has more than 50 active technical committees.

Industry Support for UDDI

Computer Associates: "As the catalog for Web services, UDDI will play a critical role in the management of enterprise Web service environments," said Bilhar Mann, director, eTrust product management and marketing at Computer Associates. "CA is clearly committed to optimizing the value that our customers gain from UDDI technology, as is demonstrated by both our incorporation of UDDI into eTrust Directory and our broader Web services management and security development initiatives."

DataPower: "DataPower believes that advanced registries and repositories are an essential component of the broader XML-aware network infrastructure. UDDI has the potential to do for server-to-server communication what DNS did for the Internet, by making it much easier and cheaper to connect and stay connected to services. So that, for example, DataPower’s network devices will be able to use UDDI to automatically route, secure and transform Web services requests," said Eugene Kuznetsov, founder, chairman and CTO, DataPower Technology.

Hewlett-Packard: "HP is pleased to support the nomination of UDDI v2 to become an OASIS Open Standard," said Russ Daniels, vice president and chief technology officer, HP Software Global Business Unit. "This level of acceptance by the broad OASIS community is an important indication of not only UDDI support, but also support for OASIS’ work in standards for Web services."

IBM: "UDDI is a key open technology for Web services and the deployment of Services Oriented Architectures," said Karla Norsworthy, Director of Dynamic e-business Technologies for IBM. "IBM supports UDDI in its industry leading WebSphere Application Server V5 because of UDDI’s importance for publication and discovery of services both within and across enterprises. We are thrilled that the work we started with industry partners has now reached the important stage of being an OASIS Open Standard and are confident that this will encourage even greater global adoption of the technology."

Intel: "Intel Corporation is a supporter and active contributor of UDDI – a key component in the Web services stack," said Colin Evans, Director of system software research at Intel Research and Development, and an Oasis Board Member. "With ratification of UDDI as an OASIS Open Standard, enterprises now have a truly open specification to deploy both private and public Web services, thus extending services to their business partners."

Novell: "Novell believes that UDDI’s role in services discovery will become increasingly more critical as the number of services in use within and across business boundaries continues to increase," said Winston Bumpus, Novell’s director of standards. "Therefore, a standard registry and management paradigm is critical, which is why Novell developed the Novell Nsure UDDI Server based on our market-leading eDirectory software and subsequently released it to the open source community through our Novell Forge Web site. As a sponsor member of the OASIS UDDI Specification Technical Committee, Novell is pleased to support the release of UDDI v2, and we look forward to promoting its adoption in the developer community."

SAP: "SAP AG supports UDDI v2 promotion to an OASIS Open Standard. UDDI has become a mature specification that advances interoperability in overall Web Services architectures," said Franz-Josef Fritz, VP Technology Architecture and Product Management, SAP AG. "SAP will continue to contribute to the OASIS UDDI Specification Technical Committee in order to develop industry best practices for the optimal configuration of UDDI. SAP customers benefit from the UDDI support in SAP NetWeaver, SAP’s integration and application platform."

SeeBeyond: "As an active contributor to the development of the UDDI specification, SeeBeyond supports the approval of UDDI v2 as an OASIS Open Standard," said Alan Davies, vice president of standards for SeeBeyond. "SeeBeyond believes that UDDI represents a key component in the set of Web services standards aimed at facilitating application integration and business interchange, and will actively participate in the development of future versions of the UDDI specification."

VeriSign: "As a company committed to integrating trust into all aspects of Web Services, VeriSign welcomes the security enhancements to UDDI v3," said Hemma Prafullchandra, strategic architect in the advance products and research group at VeriSign, Inc. "We are very encouraged by the tremendous progress the industry has been making through standards organizations like OASIS and look forward to continued progress on the trust and security fronts."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

For more information:

Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 29 April — Members of the OASIS open standards consortium will advance a specification to formally describe interoperable business processes and business interaction protocols for Web services orchestration. The new OASIS Web Services Business Process Execution Language (WSBPEL) Technical Committee will continue work on the Business Process Execution Language for Web Services (BPEL4WS) specification, an XML-based language that allows users to describe business process activities as Web services and define how they can be connected to accomplish specific tasks.

BEA, IBM, Microsoft, and SAP intend to formally submit BPEL4WS version 1.1 under royalty free terms to the new OASIS Technical Committee at its first meeting on 16 May 2003. The committee is open to submissions of other in-scope contributions and will establish liaison relationships with related Web services efforts within OASIS and other standards organizations including the World Wide Web Consortium (W3C).

Ted Schadler, analyst at Forrester Research, described the move as good news for firms focused on Web services. "The co-authors rightfully view customer adoption as the most important hurdle in making a business process standard meaningful–and that means ubiquitous ISV support. So they’re submitting this spec under a royalty-free license, permitting any ISV to use it without cost," (from "BPEL4WS: The Right Web Services Process Standard," 15 April 2003, Forrester Research, Inc.).

"To solve real-life business problems, companies may need to invoke multiple Web services applications inside their firewalls and across networks to communicate with their customers, partners, and suppliers," said Diane Jordan of IBM, co-chair of the OASIS WSBPEL Technical Committee. "BPEL4WS allows you to sequence and coordinate internal and external Web services to accomplish your business tasks. Thus, the result of one Web service can influence which Web service gets called next, and successful completion of multiple Web services in a process can be coordinated."

John Evdemon of Microsoft, co-chair of the OASIS WSBPEL Technical Committee, added, "The participants in this Technical Committee are committed to building and delivering standards-based interoperable Web services solutions to meet customer requirements. Business processes are potentially very complex and require a long series of time- and data-dependent interactions. However, BPEL4WS allows companies to describe sequential interactions and exception handling in a standard, interoperable way that can be shared across platforms, applications, transports and protocols."

OASIS WSBPEL Technical Committee members include Booz Allen Hamilton, BEA Systems, Commerce One, E2open, EDS, IBM, Microsoft, NEC, Novell, SAP, SeeBeyond, Sybase, Tibco Software, Vignette, Waveset, and others. Participation remains open toall organizations and individuals, and OASIS encourages both vendors of business process automation software as well as end users interested in automating and integrating their internal or external business processes to join this effort. OASIS will host an open mail list for public comment.

"Through OASIS, a large group of organizations are joining together to further the evolution of BPEL4WS from specification to standard–within the context of an open, publicly vetted process. Active participation from the OASIS membership at-large, which includes many business process solution vendors as well as customers, will provide valuable input on usage cases and implementation scenarios that will result in the broadest possible industry adoption," commented Karl Best, vice president of OASIS. "We plan to work closely with organizations such W3C, UN/CEFACT, and others in completing the ‘big picture’ of Web services."

"W3C’s members believe coordination is vital to ensure the delivery of timely and thorough technical solutions that truly meet the needs of customers, especially in the area of Web services," explained Steve Bratt, Chief Operating Officer for W3C. "To that end, W3C’s Web Services Choreography Working Group has invited representatives of the OASIS WSBPEL Technical Committee to attend its second face-to-face meeting in June. We look forward to building on the technical coordination already established between OASIS Technical Committees and W3C Working Groups."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for Web services, security, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Additional information:

OASIS WSBPEL Technical Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel

Cover Pages Technology Report: Business Process Management and Choreography: http://xml.coverpages.org/bpm.html

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.941.284.0403

Industry Support for the OASIS WSBPEL Technical Committee:

BEA Systems: "The submission of BPEL4WS to the OASIS standards process reflects the growing importance of high level XML-based business integration," said Edward Cobb, VP of Architecture and Standards, BEA Systems. "Such standards will have broad impact on enterprise computing environments. BEA supports the convergence of the computing industry toward a single model for expression of business processes and looks forward to continued contributions to the OASIS WSBPEL Technical Committee."

EDS: "As more and more companies work to streamline their supply chain and open new distribution channels, process management optimization will be an increasingly critical factor. EDS sees business process orchestration as being near the top of the integration stack in terms of the value that it can provide to clients," said Waqar Sadiq, EIT ESAI enterprise consultant for EDS.

NEC: "NEC believes that having a standardized business process language will benefit all parties concerned in creating dependable business solutions by interlinking Web services," said Yutaka Kasahara, general manager, Internet Solution Platform Development Division, NEC Corporation. "NEC is pleased to be a part of the OASIS WSBPEL Technical Committee and to contribute our expertise in building mission critical enterprise systems."

Novell: "Through its acquisition of SilverStream Software, Novell was the first vendor to provide a commercially available WSFL-based Business Process Manager–a predecessor to BPEL," said Winston Bumpus, Novell’s director of standards. "Largely based on WSFL and XLang, BPEL improves on existing workflow architectures by promoting an intuitive process model and native integration with complementary Web services standards such as SOAP and WSDL. Novell’s support of BPEL underscores the company’s commitment to providing visual tools based on industry standards that increase developer productivity, and therefore we are pleased to see this important work released to OASIS."

SAP: "SAP is excited to co-author BPEL4WS 1.1 and actively support the corresponding standardization efforts at OASIS," said Sinisa Zimek, Director Technology Architecture & Standards at SAP. "More than 19,000 of our customers could benefit from such a business process standard and the interoperability it would enable. SAP will now focus on the delivery of the specification and work to provide the industry with strategic direction to drive adoption of these technologies."

SeeBeyond: "SeeBeyond works with all of the major standards organizations to support the deployment of open solutions, and we will continue to participate in the further development of this important specification to meet our customers’ integration and BPM needs," said Alan Davies, vice president of standards for SeeBeyond. "It is especially beneficial when competing technologies can be merged through open standards, and with SeeBeyond’s experience in integrating enterprise systems for over a decade, we believe WSBPEL will provide greater interoperability between disparate systems to both accelerate and complement the adoption of business process management solutions."

Sybase: "The submission of BPEL4WS version 1.1 to OASIS is the critical first step toward wide-scale adoption of an open Web services orchestration standard," said Peter Hoversten, chief technology officer for Sybase, Inc. "The royalty-free nature of the submission shows that this standard is intended to benefit the technology community as a whole. Sybase is pleased be a co-proposer of the OASIS WSBPEL Technical Committee in actively working towards the specification adoption, integration with other standards, and use as a business process driver within our own products."

Waveset Technologies: "The standardization of a single encompassing workflow and business process definition language is an essential. Waveset’s identity management solutions use an XML-based workflow engine for coordinated process control and workflow, seamlessly integrating business process requests and approvals into an overall identity management infrastructure. As a result, WSBPEL will become a key component of our standards-based architecture," said Darran Rolls, Waveset Technologies.

###

Boston, MA, USA; 28 April 2003 — The OASIS interoperability consortium today announced that it is providing a forum for government agencies, organizations and companies to guide the coordinated development of global e-procurement standards. The OASIS Electronic Procurement Standardization (EPS) Technical Committee will work to analyze requirements for electronic procurement processes, identify gaps, and recommend new standards as needed.

"Our first priority will be to develop a comprehensive framework for electronic procurement standards, relating existing specifications to those in development. It is vital that we reach consensus on how these standards fit together," noted Terri Tracey of the Institute for Supply Management, chair of the OASIS EPS Technical Committee. "Once we establish our framework and priorities, we will create technical committees within OASIS to advance the necessary standards and implementation processes."

To facilitate the adoption of its work, the OASIS EPS Technical Committee has secured broad global representation from the entire supply chain. Participants include the Institute for Supply Management, Information Society Standardization System of the European Standards Committee (CEN/ISSS), US National Institute for Governmental Purchasing (NIGP), US National Association of State Procurement Officials (NASPO), RosettaNet, SeeBeyond, and others.

"Input from government and industry on the direction of the OASIS EPS activity is essential to ensure credible, effective, and neutral specifications," said Patrick Gannon, OASIS president and CEO. "OASIS is pleased to provide a common ground where e-procurement stakeholders of every type can collaborate amongst themselves and with related efforts, such as the OASIS Universal Business Language (UBL) and the OASIS e-Government Technical Committees."

"CEN/ISSS will participate to ensure the maximum synergies between the emerging global consensus and regional requirements in Europe," said John Ketchell, CEN/ISSS director. "CEN/ISSS plans to start an e-procurement project to complement European legislative initiatives to develop and harmonize public e-procurement across EU member states by analyzing standards requirements. Our results will be contributed to the OASIS EPS Technical Committee."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for Web services, security, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Additional information:

OASIS EPS Technical Committee http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=eps

Cover Pages Technology Report: Electronic Procurement Standardization http://xml.coverpages.org/eps.html

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.941.284.0403

San Francisco, Calif. (RSA Security Conference); 14 April 2003 — Members of the OASIS interoperability consortium announced plans to define a standard method of exchanging information concerning security vulnerabilities within Web services and Web applications. The new OASIS Application Vulnerability Description Language (AVDL) Technical Committee will address the challenge of how businesses manage ongoing application security risk on a day-to-day basis.

"Although there are several products available that help companies discover application vulnerabilities, block application-layer attacks, repair vulnerable web sites, distribute patches and manage security events, there is currently no universal way for these products to communicate with one another, making pragmatic risk management a highly manual, often complex process," explained Kevin Heineman of SPI Dynamics, co-chair of the OASIS AVDL Technical Committee. "The goal of AVDL is to enable companies to manage and simplify the full application security lifecycle by providing a uniform way to communicate application security vulnerabilities, policies and events using XML."

"With the growing adoption of Web-based technologies, applications have become far more dynamic, often changing daily, or even hourly," said Jan Bialkowski of NetContinuum, co-chair of the OASIS AVDL Technical Committee. "Keeping pace with these rapidly changing threats will increasingly require close cooperation between various security components. The formation of this technical committee will give vendors an optimal forum to synchronize their products across the entire application security lifecycle."

Initial members of the OASIS AVDL Technical Committee include Booz Allen Hamilton, NetContinuum, Reed Elsevier, Sanctum, SPI Dynamics, and others. Participation remains open to all organizations and individuals, and OASIS will host an open mail list for public comment. The committee will hold its first meeting on 15 May 2003.

Industry Support for AVDL

"Sanctum fully supports OASIS and the AVDL TC as a cross vendor effort to unify the terminology, and standardize the way application level vulnerabilities are communicated and represented to users in the industry. Sanctum’s AppScan, an automated security testing tool, will take full advantage of this standard to allow for interoperability with third party reporting and assessment tools," said Steve Orrin, CTO of Sanctum, Inc.

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Additional information:

OASIS AVDL Technical Committee http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=avdl

Cover Pages: Application Security http://xml.coverpages.org/appSecurity.html

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.941.284.0403