Boston, MA, and Santa Ana, Calif., USA; 03 June 2003 – Industry standards consortia, OASIS and RosettaNet, formalized plans for a coordinated approach to standards development and implementation that will streamline business-to-business (B2B) integration practices for global supply chain companies. The new alliance leverages the supply chain expertise of RosettaNet with the broad, interoperability focus of OASIS.

"This is a productive alignment of activities, and where practical, a convergence of our work," emphasized Patrick Gannon, president and CEO of OASIS. "Under this scenario, RosettaNet can leverage standards developed by OASIS, such as ebXML and the Universal Business Language (UBL), creating implementation-oriented solutions at a content level. OASIS, in turn, will look to RosettaNet for domain-specific input to ensure the applicability of universal standards within and between industries."

"By coordinating efforts, standards bodies can effectively avoid the duplication of development, strengthen existing global standards in support of ongoing business requirements, and speed time-to-market of standards solutions," remarked Karen Peterson, vice president and research director, Gartner, Inc. "Businesses can implement these valuable standards with confidence, and therefore, more readily connect with domestic and international trading partners on a broader scale."

As a first step in putting this new agreement into practice, RosettaNet has assumed a major role in the OASIS Electronic Procurement Standardization (EPS) Technical Committee. The group provides a forum for government agencies, organizations, and companies to guide the coordinated development of global e-procurement standards. The committee is working to analyze requirements for electronic procurement processes, identify gaps, and recommend new standards as needed.

"While RosettaNet remains committed to developing business process standards required to support the complex needs of the high-technology industry, we also want to realize interoperability across all supply chains. To that end, we see tremendous value in ensuring our supply chain standards are supported by cross-industry, universally accepted standards, such those developed by OASIS," said Jennifer Hamilton, RosettaNet CEO.

RosettaNet and OASIS have established respective liaison memberships that allow representatives of each consortium to actively participate in the technical work of the other. In addition to the OASIS EPS Technical Committee, RosettaNet representatives contribute to the OASIS UBL Technical Committee. RosettaNet is also using the binary collaboration portion of ebXML BPSS, initially developed by OASIS, in its PIP specification format. Possible areas for future collaboration and cross participation are messaging services, advanced business process descriptions, constraint representation, document presentation, repository and meta data standards.

"The RosettaNet and OASIS collaboration should drive a set of robust business solutions that are easy to implement, interoperable, and cost-effective," said Colin Evans, Director of Systems Software, Intel Research and Development, Chairman of the OASIS Board and past Chairman of the RosettaNet Executive Board. "Both organizations have very compatible open philosophies and are dedicated to presenting the e-business community with a unified approach. In addition, RosettaNet will be able to expose its five years of experience implementing XML-based transactions in high-tech businesses into a broader community addressed by OASIS members."

About OASIS (www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

About RosettaNet (www.rosettanet.org)

RosettaNet is a non-profit consortium dedicated to the collaborative development and rapid deployment of open internet-based business standards that align processes within the global high technology and telecommunications trading networks. More than 500 companies, representing over $1 trillion in annual information technology, electronic components and semiconductor manufacturing revenues, currently participate in RosettaNet’s standards development, strategy and implementation activities. Information on the consortium’s worldwide activities in the Americas, Europe and Asia, and a complete list of Partner companies, is available at www.rosettanet.org. RosettaNet is a subsidiary of the Uniform Code Council, Inc. (UCC).

For more information:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209

Lynda Yana Director of Global Marketing & Communications RosettaNet lynda.yana@rosettanet.org +1.714.480.3806

Boston, MA, USA; 28 May 2003 — Members of the OASIS standards consortium are uniting to create an open data format to describe Web application security vulnerabilities. The new OASIS Web Application Security (WAS) Technical Committee will produce a classification scheme for Web security vulnerabilities, a model to provide guidance for initial threat, impact and risk ratings, and an XML schema to describe Web security conditions that can be used by both assessment and protection tools.

"Gartner believes the OASIS WAS standard effort will play a key role in supporting innovation in security assessment tools and application-level intrusion prevention products," said John Pescatore, Vice President for Internet Security at Gartner Inc. "Having a standard vulnerability description language will allow enterprises to choose and integrate best-of-breed products to best address changing threat scenarios."

"Currently, security advisories are published in ambiguous textual forms or proprietary data files. The same vulnerability is often described in several different ways, using different languages and contexts that quantify risks in different ways," explained Mark Curphey, chair of the OASIS WAS Technical Committee. "WAS will allow vulnerabilities to be published and received in a consistent manner. Risks will be universally understood by law enforcement agencies, government representatives, companies, and organizations, regardless of which tools or technologies are used."

OASIS WAS Technical Committee members include NetContinuum, Qualys, Sanctum, SPI Dynamics, and others. Participation remains open to all organizations and individuals, and OASIS will host an open mail list for public comment. The committee will hold its first meeting on 3 July 2003.

"WAS is complementary to the work of the OASIS Application Vulnerability Description Language (AVDL) Technical Committee, which was formed earlier this year to standardize the format for the way security products communicate. AVDL, using WAS vulnerability classification, will deliver a standard method for vulnerabilities to be described and communicated across multi-vendor products," noted Kevin Heineman of SPI Dynamics and Jan Bialkowski of NetContinuum, co-chairs of the OASIS AVDL Technical Committee.

In the interest of convergence, the OASIS WAS Technical Committee will consider contributions of related work from other groups and companies. The Open Web Application Security Project (OWASP), an Open Source community group dedicated to helping government and industry understand and improve the security of Web applications and services, plans to submit its Vulnerability Description Language (VulnXML) to the new OASIS technical committee.

Industry Support for OASIS WAS Technical Committee

"NetContinuum is a strong proponent of cross-vendor efforts like the OASIS WAS Technical Committee that create a more consistent classification and risk rating system for known application vulnerabilities," said Jan Bialkowski, CTO of NetContinuum. "This information will serve as an ideal input to existing standards efforts like AVDL and provide customers with a more standardized approach to application security."

"OASIS has helped significantly drive the adoption and direction of electronic business through its development of global standards, particularly those focused on security," said Gerhard Eschelbeck, Qualys CTO & VP of Engineering and member of the OASIS WAS Technical Committee. "The growing sophistication of security threats requires standards for classifying risk and determining the impact of new web security vulnerabilities. Qualys is committed to developing and incorporating such standards into its Web-based service for vulnerability management, providing solutions that truly meet the needs of customers."

"SPI Dynamics fully supports the efforts of the OASIS WAS Technical Committee to establish standards in the classification of application vulnerabilities. In conjunction with the efforts of the OASIS AVDL Technical Committee, these initiatives provide significant benefits to the customer in securing their Web applications by facilitating interoperability of best-of-breed, multi-vendor products. We look forward to implementing the standards from both of these groups into our Web application assessment product, WebInspect," said Kevin Heineman, VP of Engineering, SPI Dynamics.

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Additional information:

OASIS WAS-XML Technical Committee http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was

Cover Pages Technology Report: Application Security http://xml.coverpages.org/appSecurity.html

Press contact: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 20 May 2003 — The OASIS interoperability consortium today announced that its members have approved the Universal Description, Discovery and Integration specification (UDDI) version 2.0 as an OASIS Open Standard, a status that signifies the highest level of ratification. UDDI enables companies and applications to dynamically publish, locate, and use Web services.

Uttam Narsu, Vice President, Forrester Research, Inc. noted, "While UDDI has not been as widely adopted as SOAP and WSDL, UDDI v2, under the aegis of OASIS, offers a concrete step to the widely anticipated version 3 specification. We foresee UDDI adoption as critical to the realization of a service-oriented architecture, and expect to see a significant increase in its adoption over the next two years."

"We came to OASIS with the goal of advancing UDDI into a recognized industry standard with support and input from the broadest possible range of constituents," recalled Luc Clement of Microsoft, co-chair of the OASIS UDDI Specification Technical Committee. "UDDI’s ratification as an OASIS Open Standard indicates our success in establishing an interoperable, cross-industry standard that provides a cornerstone for the Web services architecture."

Members of the OASIS UDDI Specification Technical Committee include Computer Associates, Fujitsu, IBM, IONA, Microsoft, Novell, OpenNetwork, Oracle, SAP, SeeBeyond, Sun Microsystems, Tata Consultancy Services, and others.

According to Tom Bellwood of IBM, co-chair of the OASIS UDDI Specification Technical Committee, "UDDI v2 is being widely implemented today. It provides powerful features like business relationships and external taxonomy validation. As OASIS now continues moving version 3 towards a standard, with its support of multi-registry environments and digital signature features, we expect the use of UDDI in all environments to expand even further."

Before becoming an OASIS Open Standard, UDDI v2 first completed an extensive public review and was approved by the OASIS UDDI Specification Technical Committee. Then, the specification demonstrated its readiness through multiple implementations, after which UDDI was reviewed and approved by the OASIS membership as a whole.

"Through OASIS, the key players, large and small, have joined together to advance UDDI within an open process," said Karl Best, vice president of OASIS. "OASIS is pleased to provide a forum, not only for UDDI, but also for so much of the Web services standardization work being done."

The growing portfolio of OASIS Open Standards and specifications for Web services includes UDDI as well as the Web Services Business Process Execution Language (WSBPEL), the Security Assertion Markup Language (SAML), Web Services Reliable Messaging (WSRM), WS-Security, Web Services Distributed Management (WSDM), ebXML, Universal Business Language (UBL), and others. OASIS currently has more than 50 active technical committees.

Industry Support for UDDI

Computer Associates: "As the catalog for Web services, UDDI will play a critical role in the management of enterprise Web service environments," said Bilhar Mann, director, eTrust product management and marketing at Computer Associates. "CA is clearly committed to optimizing the value that our customers gain from UDDI technology, as is demonstrated by both our incorporation of UDDI into eTrust Directory and our broader Web services management and security development initiatives."

DataPower: "DataPower believes that advanced registries and repositories are an essential component of the broader XML-aware network infrastructure. UDDI has the potential to do for server-to-server communication what DNS did for the Internet, by making it much easier and cheaper to connect and stay connected to services. So that, for example, DataPower’s network devices will be able to use UDDI to automatically route, secure and transform Web services requests," said Eugene Kuznetsov, founder, chairman and CTO, DataPower Technology.

Hewlett-Packard: "HP is pleased to support the nomination of UDDI v2 to become an OASIS Open Standard," said Russ Daniels, vice president and chief technology officer, HP Software Global Business Unit. "This level of acceptance by the broad OASIS community is an important indication of not only UDDI support, but also support for OASIS’ work in standards for Web services."

IBM: "UDDI is a key open technology for Web services and the deployment of Services Oriented Architectures," said Karla Norsworthy, Director of Dynamic e-business Technologies for IBM. "IBM supports UDDI in its industry leading WebSphere Application Server V5 because of UDDI’s importance for publication and discovery of services both within and across enterprises. We are thrilled that the work we started with industry partners has now reached the important stage of being an OASIS Open Standard and are confident that this will encourage even greater global adoption of the technology."

Intel: "Intel Corporation is a supporter and active contributor of UDDI – a key component in the Web services stack," said Colin Evans, Director of system software research at Intel Research and Development, and an Oasis Board Member. "With ratification of UDDI as an OASIS Open Standard, enterprises now have a truly open specification to deploy both private and public Web services, thus extending services to their business partners."

Novell: "Novell believes that UDDI’s role in services discovery will become increasingly more critical as the number of services in use within and across business boundaries continues to increase," said Winston Bumpus, Novell’s director of standards. "Therefore, a standard registry and management paradigm is critical, which is why Novell developed the Novell Nsure UDDI Server based on our market-leading eDirectory software and subsequently released it to the open source community through our Novell Forge Web site. As a sponsor member of the OASIS UDDI Specification Technical Committee, Novell is pleased to support the release of UDDI v2, and we look forward to promoting its adoption in the developer community."

SAP: "SAP AG supports UDDI v2 promotion to an OASIS Open Standard. UDDI has become a mature specification that advances interoperability in overall Web Services architectures," said Franz-Josef Fritz, VP Technology Architecture and Product Management, SAP AG. "SAP will continue to contribute to the OASIS UDDI Specification Technical Committee in order to develop industry best practices for the optimal configuration of UDDI. SAP customers benefit from the UDDI support in SAP NetWeaver, SAP’s integration and application platform."

SeeBeyond: "As an active contributor to the development of the UDDI specification, SeeBeyond supports the approval of UDDI v2 as an OASIS Open Standard," said Alan Davies, vice president of standards for SeeBeyond. "SeeBeyond believes that UDDI represents a key component in the set of Web services standards aimed at facilitating application integration and business interchange, and will actively participate in the development of future versions of the UDDI specification."

VeriSign: "As a company committed to integrating trust into all aspects of Web Services, VeriSign welcomes the security enhancements to UDDI v3," said Hemma Prafullchandra, strategic architect in the advance products and research group at VeriSign, Inc. "We are very encouraged by the tremendous progress the industry has been making through standards organizations like OASIS and look forward to continued progress on the trust and security fronts."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

For more information:

Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 29 April — Members of the OASIS open standards consortium will advance a specification to formally describe interoperable business processes and business interaction protocols for Web services orchestration. The new OASIS Web Services Business Process Execution Language (WSBPEL) Technical Committee will continue work on the Business Process Execution Language for Web Services (BPEL4WS) specification, an XML-based language that allows users to describe business process activities as Web services and define how they can be connected to accomplish specific tasks.

BEA, IBM, Microsoft, and SAP intend to formally submit BPEL4WS version 1.1 under royalty free terms to the new OASIS Technical Committee at its first meeting on 16 May 2003. The committee is open to submissions of other in-scope contributions and will establish liaison relationships with related Web services efforts within OASIS and other standards organizations including the World Wide Web Consortium (W3C).

Ted Schadler, analyst at Forrester Research, described the move as good news for firms focused on Web services. "The co-authors rightfully view customer adoption as the most important hurdle in making a business process standard meaningful–and that means ubiquitous ISV support. So they’re submitting this spec under a royalty-free license, permitting any ISV to use it without cost," (from "BPEL4WS: The Right Web Services Process Standard," 15 April 2003, Forrester Research, Inc.).

"To solve real-life business problems, companies may need to invoke multiple Web services applications inside their firewalls and across networks to communicate with their customers, partners, and suppliers," said Diane Jordan of IBM, co-chair of the OASIS WSBPEL Technical Committee. "BPEL4WS allows you to sequence and coordinate internal and external Web services to accomplish your business tasks. Thus, the result of one Web service can influence which Web service gets called next, and successful completion of multiple Web services in a process can be coordinated."

John Evdemon of Microsoft, co-chair of the OASIS WSBPEL Technical Committee, added, "The participants in this Technical Committee are committed to building and delivering standards-based interoperable Web services solutions to meet customer requirements. Business processes are potentially very complex and require a long series of time- and data-dependent interactions. However, BPEL4WS allows companies to describe sequential interactions and exception handling in a standard, interoperable way that can be shared across platforms, applications, transports and protocols."

OASIS WSBPEL Technical Committee members include Booz Allen Hamilton, BEA Systems, Commerce One, E2open, EDS, IBM, Microsoft, NEC, Novell, SAP, SeeBeyond, Sybase, Tibco Software, Vignette, Waveset, and others. Participation remains open toall organizations and individuals, and OASIS encourages both vendors of business process automation software as well as end users interested in automating and integrating their internal or external business processes to join this effort. OASIS will host an open mail list for public comment.

"Through OASIS, a large group of organizations are joining together to further the evolution of BPEL4WS from specification to standard–within the context of an open, publicly vetted process. Active participation from the OASIS membership at-large, which includes many business process solution vendors as well as customers, will provide valuable input on usage cases and implementation scenarios that will result in the broadest possible industry adoption," commented Karl Best, vice president of OASIS. "We plan to work closely with organizations such W3C, UN/CEFACT, and others in completing the ‘big picture’ of Web services."

"W3C’s members believe coordination is vital to ensure the delivery of timely and thorough technical solutions that truly meet the needs of customers, especially in the area of Web services," explained Steve Bratt, Chief Operating Officer for W3C. "To that end, W3C’s Web Services Choreography Working Group has invited representatives of the OASIS WSBPEL Technical Committee to attend its second face-to-face meeting in June. We look forward to building on the technical coordination already established between OASIS Technical Committees and W3C Working Groups."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for Web services, security, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Additional information:

OASIS WSBPEL Technical Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel

Cover Pages Technology Report: Business Process Management and Choreography: http://xml.coverpages.org/bpm.html

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.941.284.0403

Industry Support for the OASIS WSBPEL Technical Committee:

BEA Systems: "The submission of BPEL4WS to the OASIS standards process reflects the growing importance of high level XML-based business integration," said Edward Cobb, VP of Architecture and Standards, BEA Systems. "Such standards will have broad impact on enterprise computing environments. BEA supports the convergence of the computing industry toward a single model for expression of business processes and looks forward to continued contributions to the OASIS WSBPEL Technical Committee."

EDS: "As more and more companies work to streamline their supply chain and open new distribution channels, process management optimization will be an increasingly critical factor. EDS sees business process orchestration as being near the top of the integration stack in terms of the value that it can provide to clients," said Waqar Sadiq, EIT ESAI enterprise consultant for EDS.

NEC: "NEC believes that having a standardized business process language will benefit all parties concerned in creating dependable business solutions by interlinking Web services," said Yutaka Kasahara, general manager, Internet Solution Platform Development Division, NEC Corporation. "NEC is pleased to be a part of the OASIS WSBPEL Technical Committee and to contribute our expertise in building mission critical enterprise systems."

Novell: "Through its acquisition of SilverStream Software, Novell was the first vendor to provide a commercially available WSFL-based Business Process Manager–a predecessor to BPEL," said Winston Bumpus, Novell’s director of standards. "Largely based on WSFL and XLang, BPEL improves on existing workflow architectures by promoting an intuitive process model and native integration with complementary Web services standards such as SOAP and WSDL. Novell’s support of BPEL underscores the company’s commitment to providing visual tools based on industry standards that increase developer productivity, and therefore we are pleased to see this important work released to OASIS."

SAP: "SAP is excited to co-author BPEL4WS 1.1 and actively support the corresponding standardization efforts at OASIS," said Sinisa Zimek, Director Technology Architecture & Standards at SAP. "More than 19,000 of our customers could benefit from such a business process standard and the interoperability it would enable. SAP will now focus on the delivery of the specification and work to provide the industry with strategic direction to drive adoption of these technologies."

SeeBeyond: "SeeBeyond works with all of the major standards organizations to support the deployment of open solutions, and we will continue to participate in the further development of this important specification to meet our customers’ integration and BPM needs," said Alan Davies, vice president of standards for SeeBeyond. "It is especially beneficial when competing technologies can be merged through open standards, and with SeeBeyond’s experience in integrating enterprise systems for over a decade, we believe WSBPEL will provide greater interoperability between disparate systems to both accelerate and complement the adoption of business process management solutions."

Sybase: "The submission of BPEL4WS version 1.1 to OASIS is the critical first step toward wide-scale adoption of an open Web services orchestration standard," said Peter Hoversten, chief technology officer for Sybase, Inc. "The royalty-free nature of the submission shows that this standard is intended to benefit the technology community as a whole. Sybase is pleased be a co-proposer of the OASIS WSBPEL Technical Committee in actively working towards the specification adoption, integration with other standards, and use as a business process driver within our own products."

Waveset Technologies: "The standardization of a single encompassing workflow and business process definition language is an essential. Waveset’s identity management solutions use an XML-based workflow engine for coordinated process control and workflow, seamlessly integrating business process requests and approvals into an overall identity management infrastructure. As a result, WSBPEL will become a key component of our standards-based architecture," said Darran Rolls, Waveset Technologies.

###

Boston, MA, USA; 28 April 2003 — The OASIS interoperability consortium today announced that it is providing a forum for government agencies, organizations and companies to guide the coordinated development of global e-procurement standards. The OASIS Electronic Procurement Standardization (EPS) Technical Committee will work to analyze requirements for electronic procurement processes, identify gaps, and recommend new standards as needed.

"Our first priority will be to develop a comprehensive framework for electronic procurement standards, relating existing specifications to those in development. It is vital that we reach consensus on how these standards fit together," noted Terri Tracey of the Institute for Supply Management, chair of the OASIS EPS Technical Committee. "Once we establish our framework and priorities, we will create technical committees within OASIS to advance the necessary standards and implementation processes."

To facilitate the adoption of its work, the OASIS EPS Technical Committee has secured broad global representation from the entire supply chain. Participants include the Institute for Supply Management, Information Society Standardization System of the European Standards Committee (CEN/ISSS), US National Institute for Governmental Purchasing (NIGP), US National Association of State Procurement Officials (NASPO), RosettaNet, SeeBeyond, and others.

"Input from government and industry on the direction of the OASIS EPS activity is essential to ensure credible, effective, and neutral specifications," said Patrick Gannon, OASIS president and CEO. "OASIS is pleased to provide a common ground where e-procurement stakeholders of every type can collaborate amongst themselves and with related efforts, such as the OASIS Universal Business Language (UBL) and the OASIS e-Government Technical Committees."

"CEN/ISSS will participate to ensure the maximum synergies between the emerging global consensus and regional requirements in Europe," said John Ketchell, CEN/ISSS director. "CEN/ISSS plans to start an e-procurement project to complement European legislative initiatives to develop and harmonize public e-procurement across EU member states by analyzing standards requirements. Our results will be contributed to the OASIS EPS Technical Committee."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for Web services, security, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Additional information:

OASIS EPS Technical Committee http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=eps

Cover Pages Technology Report: Electronic Procurement Standardization http://xml.coverpages.org/eps.html

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.941.284.0403

San Francisco, Calif. (RSA Security Conference); 14 April 2003 — Members of the OASIS interoperability consortium announced plans to define a standard method of exchanging information concerning security vulnerabilities within Web services and Web applications. The new OASIS Application Vulnerability Description Language (AVDL) Technical Committee will address the challenge of how businesses manage ongoing application security risk on a day-to-day basis.

"Although there are several products available that help companies discover application vulnerabilities, block application-layer attacks, repair vulnerable web sites, distribute patches and manage security events, there is currently no universal way for these products to communicate with one another, making pragmatic risk management a highly manual, often complex process," explained Kevin Heineman of SPI Dynamics, co-chair of the OASIS AVDL Technical Committee. "The goal of AVDL is to enable companies to manage and simplify the full application security lifecycle by providing a uniform way to communicate application security vulnerabilities, policies and events using XML."

"With the growing adoption of Web-based technologies, applications have become far more dynamic, often changing daily, or even hourly," said Jan Bialkowski of NetContinuum, co-chair of the OASIS AVDL Technical Committee. "Keeping pace with these rapidly changing threats will increasingly require close cooperation between various security components. The formation of this technical committee will give vendors an optimal forum to synchronize their products across the entire application security lifecycle."

Initial members of the OASIS AVDL Technical Committee include Booz Allen Hamilton, NetContinuum, Reed Elsevier, Sanctum, SPI Dynamics, and others. Participation remains open to all organizations and individuals, and OASIS will host an open mail list for public comment. The committee will hold its first meeting on 15 May 2003.

Industry Support for AVDL

"Sanctum fully supports OASIS and the AVDL TC as a cross vendor effort to unify the terminology, and standardize the way application level vulnerabilities are communicated and represented to users in the industry. Sanctum’s AppScan, an automated security testing tool, will take full advantage of this standard to allow for interoperability with third party reporting and assessment tools," said Steve Orrin, CTO of Sanctum, Inc.

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Additional information:

OASIS AVDL Technical Committee http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=avdl

Cover Pages: Application Security http://xml.coverpages.org/appSecurity.html

Press contact:

Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.941.284.0403

San Francisco, Calif. (RSA Security Conference); 11 April 2003 — The Liberty Alliance Project and OASIS today announced that the Liberty Alliance has contributed its version 1.1 federated network identity specifications to OASIS. The OASIS Security Services Technical Committee requested Liberty’s contribution to permit possible incorporation of Liberty version 1.1 specification features in future versions of the OASIS Open Standard Security Assertion Markup Language (SAML).

SAML, an XML-based security framework for authentication and authorization in Web services, serves as a key underpinning to the Liberty Alliance federated network identity architecture. In keeping with Liberty Alliance’s philosophy to leverage existing open standards whenever possible and build new functionality only if needed, the Alliance incorporated SAML into its Phase 1 specifications introduced in 2002.

The Liberty Alliance chose to extend SAML in version 1.1 to include additional security enhancements vital to identity management, such as opt-in account linking, simple session management and global log-out capabilities. For the benefit of SAML and Liberty implementers and the industry as a whole, Liberty Alliance is providing those extensions back to OASIS for future versions of SAML.

"Collaboration between standards groups enables the Web services industry to move forward at a pace that meets the needs of the market," said Patrick Gannon, president and CEO of OASIS. "As SAML evolves, it makes sense to leverage the work Liberty Alliance has already done in this area. Our mutual goal is to decrease time-to-market for new technology, enhance interoperability between products and drive broader adoption of open standards."

"We will continue to work closely with OASIS as the Liberty Alliance federated identity architecture evolves," said Michael Barrett, president of the Liberty Alliance Management Board and vice president for Internet strategy at American Express. "The Alliance will continue to develop Liberty’s Identity Federation Framework within the consortium, and plans to collaborate closely with OASIS on future enhancements."

"OASIS is a highly-regarded industry association and the OASIS Security Services Technical Committee’s interest in incorporating Liberty’s version 1.1 features into future versions of the SAML standard demonstrates the relevance and credibility of Liberty Alliance’s work," said Dan Blum, Senior Vice President and Research Director at the Burton Group. "It also shows the industry’s willingness to work together to solve some of the barriers impeding the growth of web services."

About the Liberty Alliance Project (www.projectliberty.org) The Liberty Alliance Project is a consortium formed to develop open standards for federated network identity management and identity-based services. The Alliance is made up of 160 members, representing a worldwide cross-section of organizations ranging from educational institutions and government organizations, to service providers and financial institutions, to technology firms and wireless providers. Federated identity will help drive the next generation of the Internet, offering businesses and consumers convenience and choice. Membership is open to all commercial and non-commercial organizations.

About OASIS (http://www.oasis-open.org) OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

CONTACTS:

Carol Geyer

Michelle Vance

OASIS, Director of Communications

Ketchum PR for Liberty Alliance

941-284-0403

415-984-6170

carol.geyer@oasis-open.org

michelle.vance@ketchum.com

Geneva, Switzerland and Boston, MA, USA; 27 March 2003 — International standards bodies, OASIS and UN/CEFACT, will host the ebXML Showcase in London, 5-6 May 2003. Highlighting the growing use of Electronic Business XML (ebXML) in a range of industries as well as ebXML’s role in Web services, the two-day event will be held in conjunction with IDEAlliance’s XML Europe 2003 conference.

The ebXML Showcase is designed for developers and business managers worldwide with an interest in ebXML’s modular suite of specifications for conducting business over the Internet. The event will feature answers to real-life questions of adopting the UN/CEFACT and OASIS ebXML standards for exchanging business messages, establishing trading relationships, communicating data in common terms and defining and registering business processes. Attendees will also hear about the business benefits of managing electronic commerce through ebXML from existing ebXML end users and software suppliers.

Keynote presentations from Paul Murphy of the European Commission, Patrick Gannon, president and CEO of OASIS, and Ray Walker, chair of the UN/CEFACT Steering Group, will be featured at the ebXML Showcase. The program will also include updates from ebXML users in the telecommunications, shipping, publishing, manufacturing, and e-commerce industries. Representatives of the United Nations, Fujitsu, NIST, SeeBeyond, Sun Microsystems, and others will present.

"ebXML adoption around the world has been steadily building, and some of the most pervasive and exciting applications are being implemented in Europe," said Patrick Gannon. "The London Showcase will offer industry organizations and business users the chance to learn more about planning, integrating, and implementing various combinations of the ebXML specifications in practical business scenarios. The program will explore how ebXML is being used to facilitate Web services with the support of global product vendors and the backing of major standards-setting bodies."

Ray Walker added, "We are very pleased that the ebXML specifications will be submitted to the UN/CEFACT plenary immediately following the ebXML Showcase. This should pave the way for a UN recommendation to industry, commerce and governments on the use of ebXML."

The ebXML Showcase will feature a presentation by the European ebXML interoperability pilot (a project of the CEN/ISSS eBES Workshop), demonstrating interoperable implementations of the ebXML Messaging OASIS Open Standard in a real-life use case scenario. The demo will employ e-business integration scenarios currently being used in a live ebXML messaging implementation at STEEL24-7, the vertical hub steel industry.

The ebXML Showcase http://www.xmleurope.com/2003/ebxmlconference.asp will be open to all XML Europe 2003 conference attendees, as well as to those who would like to register for the two-day event separately.

About ebXML ebXML (www.ebXML.org), jointly sponsored by UN/CEFACT and OASIS, is a modular suite of specifications that enables enterprises of any size and in any geographical location to conduct business over the Internet. Using ebXML, companies now have a standard method to exchange business messages, conduct trading relationships, communicate data in common terms and define and register business processes. UN/CEFACT (www.uncefact.org) is the United Nations body whose mandate covers worldwide policy and technical development in the area of trade facilitation and electronic business. OASIS (http://www.oasis-open.org) is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards.

For more information: Carol Geyer Director of Communications OASIS carol.geyer@oasis-open.org +1.941.284.0403

Boston, MA, USA; 10 March 2003 — The OASIS interoperability consortium today announced plans to define a standard way of using Web services architecture and technology to manage distributed resources. The new OASIS Web Services Distributed Management (WSDM) Technical Committee will closely align its work with related activities at other standards groups, including the World Wide Web Consortium (W3C) Web Services Architecture Working Group and the Distributed Management Task Force (DMTF), and with other OASIS security and Web services efforts.

"As the number of Web services deployed across the extended enterprise increases, the ability to effectively manage those services will become critical to building out a comprehensive services-oriented architecture," said Winston Bumpus of Novell, co-chair of the OASIS WSDM Technical Committee. "By collaborating with other ongoing industry standards activities in this area, this new technical committee will play a important role in defining how services should be managed."

Heather Kreger of IBM, co-chair of the OASIS WSDM Technical Committee, added, "This work is immediately relevant for business integrators who use Web services, management system vendors, and Web service platform vendors. It also applies to ongoing work being done by business, government, and university sectors on provisioning, management, grid, and on-demand computing."

Initial members of the OASIS Web Services Distributed Management Technical Committee include Actional, BMC Software, Computer Associates, Confluent Software, Hewlett-Packard, Hitachi, IBM, Novell, OpenNetwork, SeeBeyond, Sun Microsystems, Waveset, webMethods, and others.

Industry Support for WSDM

"BMC Software is pleased to be part of the OASIS Web Services Distributed Management Technical Committee," said Mary Smars, vice president, product management and development, PATROL, BMC Software. "As a leader in systems management, we understand that while Web services brings the opportunity for organizations to share data across companies to work together, it also brings significant management challenges. BMC’s goal is to help streamline and improve manageability of these services so that all can benefit from a strong Web Services environment."

"Web services are bringing a new dimension to interoperability and are dramatically affecting the way we manage the IT environment," said Dmitri Tcherevik, vice president in the Office of the CTO at Computer Associates. "CA is committed to supporting industry-wide initiatives to ensure the standards-based manageability of this evolving IT environment, so that customers can gain its full business benefits while optimizing the efficiency of their IT operations."

"The industry has recognized that Web service management is a core requirement for mission-critical deployment of distributed applications. As a leading provider of Web services management products, Confluent Software is pleased to support the formation of the OASIS WSDM Technical Committee," said Dr. Sekhar Sarukkai, co-founder and CTO, Confluent Software Inc. "Confluent will contribute key customer learnings in order to help the new committee successfully deliver on the creation of a Web services-based architecture and technology–in line with what enterprises have told us they need."

"HP is focusing strategic investments in improved manageability, including management of Web services and management through Web services, critical to offering customers the flexibility, adaptability and the economic benefit they require," said Nora Denzel, senior vice president, HP Software Global Business Unit. "As the recognized leader in adaptive management software, HP is committed to the OASIS WSDM Technical Committee; and, on behalf of our customers, we are working with strategic partners to reduce the complexity and costs of managing technology."

"Management is a key component in the Web services stack, and the ability to manage Web services between enterprises and across disparate computing platforms is critical," said Heather Kreger of IBM. "Providing a way to help enable and advance resource management will create new business opportunities for vendors and developers. We are excited to be working with the Web services and management communities to develop these necessary specifications."

"Just as security is a prime concern for our customers looking to deploy Web services, so too is the need to effectively manage those distributed Web services across their organizations – and the WSDM standard will provide an ideal vehicle to accomplish this," said Winston Bumpus, director of standards for Novell. "To that end, Novell brings a wealth of experience in network management to this technical committee, and we are pleased to provide leadership in the important work being conducted by this group."

"With every new wave of technology adoption comes a new set of management challenges. Waveset is committed to providing innovative security management solutions that address these challenges for its customers and partners," says Darran Rolls, Director of Technology for Waveset Technologies Inc. "Defining a standards-based management model for Web services will be a critical part of the end-to-end systems architecture for successful Web services deployments."

"webMethods has played a very active role in writing and promoting management standards based on Web services technologies, exemplified by our efforts in co-creating the OMI specification," said Matt Green, director, Business Technology Group, webMethods, Inc. "We consider our work with the OASIS Web Services Distributed Management Technical Committee to be important for the future development of a Web services management framework. We look forward to helping further drive the adoption of Web services by providing a simple and cost-effective means to manage Web services and other resources in the production environment."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

For more information:

Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.941.284.0403

Boston, MA, USA; 26 February 2003 — Members of the OASIS standards consortium announced plans to collaborate on the development of a generic and open model for ensuring reliable message delivery for Web services. The new OASIS Web Services Reliable Messaging (WS-RM) Technical Committee will work to establish a standard, interoperable way of achieving reliability at the SOAP messaging level and potentially with other messaging protocols.

The WS-Reliability specification, published by Fujitsu, Hitachi, Oracle, NEC, Sonic Software, and Sun Microsystems, will be submitted as input for the OASIS WS-RM Technical Committee. Other contributions are welcome. The group plans to work closely with related OASIS Technical Committees, such as the ebXML Messaging Services and the Web Services Security teams, and with relevant efforts of other organizations, such as the World Wide Web Consortium (W3C) Web Services Architecture Working Group.

According to Thomas Koulopoulos, Delphi Group CEO, "Through WS-RM, OASIS is once again demonstrating a leadership role in the movement towards building a services-based architecture. The initiative is a critical step forward in creating a solid foundation for virtualization and the underlying, broad-based processes that are critical to its adoption."

"Interoperability, ease-of-implementation, and ease-of-use are our fundamental goals," stated Tom Rutt of Fujitsu, chair of the OASIS WS-RM Technical Committee. "We are determined to build on existing standards wherever possible so that the results of our work will interoperate and not overlap with Web services specifications that are being developed by other open, recognized, standards bodies."

The OASIS Reliable Messaging specification will address message persistence, acknowledgement and resending, elimination of duplicate messages, ordered delivery, and delivery status awareness for sender and receiver applications. It will provide WSDL definitions for reliable messaging, and the message formats will be specified as SOAP headers and/or body content.

Members of the OASIS WS-RM Technical Committee include Commerce One, Cyclone Commerce, Fujitsu, Hitachi, IONA, NEC, Oracle, SAP, See Beyond, Sonic Software, Sun Microsystems, webMethods, WRQ, and others.

Under the rules adopted by the OASIS WS-RM Technical Committee, each participant has agreed to provide a free license to any of its intellectual property rights which someone building a product to the final technical specification would need. Participation in the technical committee remains open to all organizations and individuals, and OASIS will host an open mail list for public comment.

Industry Support for WS-RM

"Fujitsu is committed to contribute its expertise in high reliability communication and messaging software to the OASIS WS-RM Technical Committee in order to realize an open, royalty-free reliable messaging specification for Web services," said Yasushi Ishida, General Manager of Strategy and Technology Division, Software Group for Fujitsu Limited. "We have already demonstrated the high level of our commitment to this goal by our involvement in the collaborative publication of the initial WS-Reliability draft specification, and by our leadership role in the formation of the OASIS WS-RM Technical Committee. We are also very honored to have Tom Rutt of Fujitsu serve as chair of this group."

"As a supplier of XML-based messaging technology for more than three years, IONA is very pleased to support the proposal to charter a technical committee at OASIS to develop a royalty-free reliable messaging specification for Web services," said Eric Newcomer, CTO at IONA. "A reliable messaging standard is key to wider adoption of Web services in mission critical applications."

"Reliable messaging based on open standards is essential for Web services to meet real-world business needs," said Don Deutsch, Vice president of Standards Strategy and Architecture for Oracle Corporation. "Oracle is pleased to co-sponsor the OASIS Web Services Reliable Messaging Technical Committee and to contribute our enterprise software expertise to this effort."

"By providing an open standard for a SOAP-based reliable transport, WS-Reliability will help accelerate adoption of asynchronous Web services, making them relevant for an even wider range of standards-based integration across the extended enterprise and cross-company collaboration challenges. Sonic Software is pleased to be a sponsor of the OASIS WS-RM Technical Committee," said Dave Chappell, vice president and chief technology evangelist, Sonic Software.

"Sun is pleased to work with other industry leading vendors to sponsor this essential OASIS effort," said Mark Bauhaus, vice president Sun ONE Java Web Services. "The WS-RM work is a tremendous step forward in terms of enabling complex business-to-business transaction and real time enterprise application integration. We encourage industry participation and input from those vendors who share our unequivocal commitment to open and royalty-free Web services standards."

"At WRQ, we believe that the WS-Reliability standard is a significant step in moving the industry closer to business-ready Web services," said Scott Rosenbloom, chief strategist at WRQ. "To make that happen, the industry needs to take Web services standards to the next level. Once reliable messaging is added, more companies can confidently take advantage of Web services technology to simplify interoperability among enterprise systems."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

For more information:

Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.941.284.0403

Boston, MA, USA; 18 February 2003 — The OASIS interoperability consortium today announced that its members have approved the Extensible Access Control Markup Language (XACML) as an OASIS Open Standard, a status that signifies the highest level of ratification. XACML allows developers to express and enforce policies for information access over the Internet. “XACML is designed to enable the interoperability of a broad range of administration and authorization products by providing a universal language for authorization policy. Its flexibility and features for supporting large scale, federated environments will literally set the standard for the next generation of authorization products,” explained Hal Lockhart of BEA Systems, co-chair of the OASIS XACML Technical Committee. “Policies applied consistently across environments and across vendor products is the cornerstone of good security,” added Carlisle Adams of Entrust, co-chair of the OASIS XACML Technical Committee. “Coupled with secure mechanisms for carrying requester attributes–such as SAML assertions, Java permissions, or WS-Security tokens–XACML is a key component in an authorization infrastructure that can span Web services, J2SE, and other e-business environments.” The OASIS XACML specification was developed by Entrust, IBM, OpenNetwork, Quadrasis, Sterling Commerce, Sun Microsystems, and other members of the OASIS Extensible Access Control Markup Language Technical Committee. Before becoming an OASIS Open Standard, XACML first completed an extensive public review and was approved by the OASIS XACML Technical Committee. Then, the specification demonstrated its readiness through multiple implementations, after which XACML was reviewed and approved by the OASIS membership as a whole. “Ratification as an OASIS Open Standard means that developers can deploy XACML with confidence,” said Karl Best, vice president of OASIS. “We congratulate and thank the members of the OASIS XACML Technical Committee for all their outstanding efforts in advancing XACML as the newest OASIS Open Standard.” XACML is the latest addition to the growing OASIS portfolio of security standards. It joins another recently approved OASIS Open Standard, the Security Assertion Markup Language (SAML), as well as emerging specifications advanced within OASIS such as WS-Security, Service Provisioning Markup Language (SPML), Digital Signature Services (DSS), and Public Key Infrastructure (PKI). Industry Support for XACML “The ratification of XACML as an OASIS Open Standard reaffirms OASIS’ leadership in interoperable secuirty standards for XML,” said Edward Cobb, VP of Architecture and Standards, BEA Systems. “XACML and SAML as completed standards, and in-process work such as WS-Security, are the foundation for securing eBusiness interactions. We congratulate the OASIS XACML Technical Committee on reaching this important milestone.” “DataPower applauds the OASIS XACML Technical Committee on their efforts to address a key part of the security area for distributed systems. Their common framework should greatly help accelerate the move away from proprietary systems and towards open networks. DataPower looks forward to suporting rich access control as defined by XACML in our XML-aware network devices,” said Rich Salz, chief security architect at DataPower Technology Inc. “As a leader in delivering enhanced Internet security solutions, Entrust is very proud to have played a role in the development of the XACML 1.0 specification, and we are pleased to see the overwhelming support it has received,” said Brian O’Higgins, chief technology officer at Entrust, Inc. “XACML 1.0, in conjunction with the recently approved SAML standard, will provide critical functionality for a comprehensive authorization architecture. OASIS has taken yet another significant step forward in solving the Internet security puzzle.” “Sun believes that flexible and interoperable access control standards are critical for the future of network computing and for the development of secure Web services,” said Mark Bauhaus, vice president of Java Web services at Sun. “That’s why we have supported and continue to support the XACML standard. Sun announced today that we are releasing our XACML implementation under an Open Source license. This will help developers build secure Web services and enterprise applications, delivering cost savings and simplification to our customers.” About OASIS (http://www.oasis-open.org) OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries. For more information: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209

Boston, MA, USA; 10 February 2003 — Members of the OASIS standards consortium have announced plans to collaborate on the development of XML-based standards for emergency management and incident preparedness and response. The new OASIS Emergency Management Technical Committee will define standards to enable vital information exchange between local, state and federal agencies including law enforcement, medical professionals, companies, and other responders to natural and man-made disasters and emergency situations. “The OASIS Emergency Management Technical Committee is an important step in creating interoperability for the Responder Community. As an integral part of the Disaster Management e-Gov Initiative, it is a true partnership between industry and government. Most important, the effort is being led by the emergency management industry,” said Mark G. Zimmerman, Program Manager, Disaster Management E-Gov Initiative, Office of the CIO, U.S. Federal Emergency Management Agency (FEMA). “The output of this OASIS committee will be a critical component for the Federal Enterprise Architecture as well as the Disaster Management e-Gov Initiative. Developing these XML standards is in keeping with the spirit and intent of the President’s Management Agenda e-Gov effort of using information tools to serve the citizen. It could not come at a more critical time in our Nation’s history.” The scope of the OASIS activity will include unified incident identification, emergency GIS data accessibility and usage, notification methods and messages, situational reporting, source tasking, asset and resources management, monitoring and data acquisition systems, and organizational coordination. “Studies conducted under the Homeland Security Act agree that the need for standards in this area is acute. Currently, emergency management is being handled by disparate systems using proprietary architectures and platforms that pose enormous technical challenges to coordinating activities and sharing information,” explained R. Allen Wyke of Blue292, chair of the OASIS Emergency Management Technical Committee. “The efforts at OASIS will allow greater interoperability and open communication that ultimately will reduce both human and financial losses.” The OASIS effort is supported by the EM-XML Consortium, a group comprised of both industry and government to facilitate collaboration among all parties responsible for preparing, responding, and recovering from incidents and emergencies of any kind. “There is a unanimity of positive response across industry and government for the development of emergency management standards to address the critical interoperability problems at the heart of homeland security,” said Matt Walton of E Team, chair of the EM-XML Consortium Steering Committee. “This strong support not only validates the need for creating standards, but also shows that XML is the right technology and OASIS the appropriate place to solve these fundamental interoperability issues.” Blue292, Boeing, E Team, IBM, MTG Management Consultants, National Center for Crisis and Continuity Coordination (NC4), Oracle, Wells Fargo, and other OASIS members will participate in the OASIS Emergency Management Technical Committee. “Any company that is developing software or hardware solutions for risks, incidents, emergencies, or disasters should be represented in this work,” noted Scott McGrath, director of membership for OASIS. “The standards developed by this committee will benefit both public agencies and private organizations responsible for meeting safety and security requirements for their communities, as well as the companies that provide products and solutions to support these needs.” Participation in the OASIS Emergency Management Technical Committee remains open to all organizations and individuals. OASIS will host an open mail list for public comment, and completed work will be freely available to the public without licensing or other fees. Information on joining OASIS can be found on http://www.oasis-open.org/join. Industry Support for the OASIS Emergency Management Technical Committee “Blue292 has always believed in open architectures and products, with the founding principle that value is not inherently in the technology, but in how that technology can be applied. By supporting the OASIS Emergency Management Technical Committee, we have taken a step in removing the barriers that currently exist at emergency operation and disaster recovery centers, so that we can focus on providing features, tools, and products to help save lives,” said Susan K. Acker, president, CEO and co-founder of Blue292. “When an emergency occurs, not only do the responding organizations need interoperable voice communications, they need to share data as well. This allows them to develop the common situational awareness that is the critical success factor during emergency response activities,” said Kevin Minds, director, Boeing Mobile Broadband Solutions. “By the end of this year, the OASIS Emergency Management Technical Committee will have developed an industry standard that allows different emergency response groups to share information across their various decision support software platforms.” “The forming of the OASIS Emergency Management Technical Committee is a significant step toward the creation of a comprehensive set of standards that will accelerate emergency response time among public safety organizations,” said Steve Davis, CEO of MTG Management Consultants, L.L.C. “MTG is proud to lend its experience and expertise in providing highly specialized IT planning and business process review services to state and local public safety organizations. We look forward to supporting this valuable effort to advance incident preparedness.” “The challenges of homeland security require an unprecedented level of communication and coordination, not only between government agencies at all levels, but equally important, between government and business. The absence of interoperable emergency management information systems severely hinders our nation’s ability to protect our critical infrastructure,” said Jim Montagnino, Vice President and General Manager of NC4 (The National Center for Crisis and Continuity Coordination). “The efforts of the OASIS Emergency Management Technical Committee are vital to advancing NC4’s goal of enabling effective coordination between the public and private sector before, during, and after crises.” “As XML has emerged as the premier method for data exchange, many large commercial organizations have sought to leverage the technology for their own unique information requirements,” said David Robinson of Wells Fargo. “Data exchange is especially relevant for those involved in emergency and incident management systems because data will originate from a variety of systems that do not inherently communicate with one another. The OASIS Emergency Management Technical Committee will define and develop an emergency/incident specific XML standard to enable data exchange between public and private institutions on diverse platforms and applications.” About OASIS (http://www.oasis-open.org) OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries. For more information: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209