Invitation to comment on SAM Threshold Sharing Schemes v1.0

OASIS and the OASIS Security Algorithms and Methods (SAM) TC are pleased to announce that SAM Threshold Sharing Schemes Version 1.0 is now available for public review and comment.

SAM Threshold Sharing Schemes v1.0 is intended for developers and architects who wish to design systems and applications that utilize threshold sharing schemes in an interoperable manner.

The SAM TC defines a well-documented collection of algorithms, mechanisms and methods, including test-vectors.

The documents and related files are available here:

SAM Threshold Sharing Schemes Version 1.0
Committee Specification Draft 01
18 May 2021

Editable source (Authoritative):
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01.docx

HTML:
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01.html

PDF:
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01.zip

A public review announcement metadata record [3] is published along with the specification files.

How to Provide Feedback

OASIS and the SAM TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 03 June 2021 at 00:00 UTC and ends 02 July 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=sam).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/sam-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the SAM TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/sam/

Additional references:

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/sam/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode

[3] Public review announcement metadata:
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01-public-review-metadata.html

OSLC Core v3.0 approved by the OSLC Open Project

OASIS is pleased to announce that OSLC Core Version 3.0 from the Open Services for Lifecycle Collaboration Open Project [1] has been approved as an OASIS Project Specification.

Managing change and configuration in a complex systems development lifecycle is very difficult, especially in heterogeneous environments that include homegrown tools, open source projects, and commercial tools from different vendors. The OSLC initiative applies World Wide Web and Linked Data principles to enable interoperation of change, configuration, and asset management processes across a product’s entire application and product lifecycle.

OSLC Core defines the overall approach to Open Services for Lifecycle Collaboration based specifications and capabilities that extend and complement the W3C Linked Data Platform.

This Project Specification is an OASIS deliverable, completed and approved by the OP’s Project Governing Board and fully ready for testing and implementation. The applicable open source licenses can be found in the project’s administrative repository at https://github.com/oslc-op/oslc-admin/blob/master/LICENSE.md.

The specification and related files are available at:

OSLC Core Version 3.0
Project Specification 02
23 April 2021

– OSLC Core Version 3.0. Part 1: Overview
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/oslc-core.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/oslc-core.pdf

– OSLC Core Version 3.0. Part 2: Discovery
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/discovery.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/discovery.pdf

– OSLC Core Version 3.0. Part 3: Resource Preview
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/resource-preview.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/resource-preview.pdf

– OSLC Core Version 3.0. Part 4: Delegated Dialogs
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/dialogs.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/dialogs.pdf

– OSLC Core Version 3.0. Part 5: Attachments
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/attachments.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/attachments.pdf

– OSLC Core Version 3.0. Part 6: Resource Shape
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/resource-shape.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/resource-shape.pdf

– OSLC Core Version 3.0. Part 7: Vocabulary
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/core-vocab.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/core-vocab.pdf

– OSLC Core Version 3.0. Part 8: Constraints
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/core-shapes.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/core-shapes.pdf

– OSLC Core Vocabulary definitions file:
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/core-vocab.ttl

– OSLC Core Resource Shape Constraints definitions file:
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/core-shapes.ttl

Distribution ZIP file

For your convenience, OASIS provides a complete package of the specification and related files in a ZIP distribution file. You can download the ZIP file at:
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/ps02/core-v3.0-ps02.zip

Members of the OSLC OP Project Governing Board approved this specification by Special Majority Vote [2] as required by the Open Project rules [3].

Our congratulations to the participants and contributors in the Open Services for Lifecycle Collaboration Open Project on their achieving this milestone.

Additional references

[1] Open Services for Lifecycle Collaboration Open Project
https://open-services.net/

[2] Approval ballot:
– https://lists.oasis-open-projects.org/g/oslc-op-pgb/message/133

[3] https://www.oasis-open.org/policies-guidelines/open-projects-process

Invitation to comment on CACAO Security Playbooks v1.0

OASIS and the OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC are pleased to announce that CACAO Security Playbooks v1.0 is now available for public review and comment. This 30-day review is the third public review for this specification.

About the specification:

To defend against threat actors and their tactics, techniques, and procedures, organizations need to identify, create, document, and test detection, investigation, prevention, mitigation, and remediation steps. These steps, when grouped together, form a cyber security playbook that can be used to protect organizational systems, networks, data, and users.

This specification defines the schema and taxonomy for cybersecurity playbooks and how cybersecurity playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions.

The documents and related files are available here:

CACAO Security Playbooks Version 1.0
Committee Specification Draft 03
20 April 2021

Editable source (Authoritative):
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd03/security-playbooks-v1.0-csd03.docx
HTML:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd03/security-playbooks-v1.0-csd03.html
PDF:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd03/security-playbooks-v1.0-csd03.pdf
Change-marked PDF:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd03/security-playbooks-v1.0-csd03-DIFF.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd03/security-playbooks-v1.0-csd03.zip

How to Provide Feedback

OASIS and the CACAO TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 23 April 2021 at 00:00 UTC and ends 22 May 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cacao).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

https://lists.oasis-open.org/archives/cacao-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the CACAO TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/cacao/

Additional information related to this public review, including a complete publication and review history, can be found in the public review metadata document [3].

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/cacao/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

[3] Public review metadata document:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd03/security-playbooks-v1.0-csd03-public-review-metadata.html

Invitation to comment on AMQP Addressing v1.0

OASIS and the OASIS Advanced Message Queuing Protocol (AMQP) TC are pleased to announce that AMQP Addressing Version 1.0 is now available for public review and comment.


The Advanced Message Queuing Protocol (AMQP) is an open standard for passing business messages between applications or organizations. It connects systems, feeds business processes with the information they need and reliably transmits onward the instructions that achieve their goals.

AMQP Addressing v1.0 further defines the “AMQP network” concept introduced in the main AMQP specification as a federation of AMQP containers whose nodes communicate with each other either directly or via intermediaries. This specification also defines the semantics of the “address” archetype that was left undefined in the main AMQP specification, and the syntax for the AMQP URI scheme and a matching restriction of the AMQP “address-string” type.

The documents and related files are available here:

AMQP Addressing Version 1.0
Committee Specification Draft 01
17 March 2021

Editable source:
https://docs.oasis-open.org/amqp/addressing/v1.0/csd01/addressing-v1.0-csd01.md (Authoritative)
HTML:
https://docs.oasis-open.org/amqp/addressing/v1.0/csd01/addressing-v1.0-csd01.html
PDF:
https://docs.oasis-open.org/amqp/addressing/v1.0/csd01/addressing-v1.0-csd01.pdf

For your convenience, OASIS provides a complete package of the specification documents and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/amqp/addressing/v1.0/csd01/addressing-v1.0-csd01.zip

Metadata records [3] describing the publication and public review history of this specification are published along with the specification files.

How to Provide Feedback

OASIS and the AMQP TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public reviews start 22 April 2021 at 00:00 UTC and end 21 May 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=amqp).

Comments submitted by TC non-members for these works and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/amqp-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the AMQP TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/amqp/

Additional references:

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/amqp/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-RAND-Mode
RF on RAND Mode

[3] Public review announcement metadata:
– https://docs.oasis-open.org/amqp/addressing/v1.0/csd01/addressing-v1.0-csd01-public-review-metadata.html

Invitation to comment on three new AMQP specifications

OASIS and the OASIS Advanced Message Queuing Protocol (AMQP) TC are pleased to announce that three new AMQP specifications are now available for public review and comment:

  • Event Stream Extensions for AMQP Version 1.0
  • AMQP Filter Expressions Version 1.0
  • AMQP Claims-based Security Version 1.0

The Advanced Message Queuing Protocol (AMQP) is an open standard for passing business messages between applications or organizations. It connects systems, feeds business processes with the information they need and reliably transmits onward the instructions that achieve their goals.

Event Stream Extensions for AMQP Version 1.0 defines a set of AMQP extensions for interaction with event stream engines, including annotations for partition selection and filter definitions for indicating offsets into an extension stream to which a link is attached.

AMQP Filter Expressions Version 1.0 describes a syntax for expressions consisting of property selectors, functions, and operators that can be used for conditional transfer operations and for configuring a messaging infrastructure to conditionally distribute, route, or retain messages.

AMQP Claims-based Security Version 1.0 describes an AMQP authorization mechanism based on claims-based security tokens.

The documents and related files are available here:

Event Stream Extensions for AMQP Version 1.0
Committee Specification Draft 01
17 March 2021

Editable source:
https://docs.oasis-open.org/amqp/event-streams/v1.0/csd01/event-streams-v1.0-csd01.md (Authoritative)
HTML:
https://docs.oasis-open.org/amqp/event-streams/v1.0/csd01/event-streams-v1.0-csd01.html
PDF:
https://docs.oasis-open.org/amqp/event-streams/v1.0/csd01/event-streams-v1.0-csd01.pdf

AMQP Filter Expressions Version 1.0
Committee Specification Draft 01
17 March 2021

Editable source:
https://docs.oasis-open.org/amqp/filtex/v1.0/csd01/filtex-v1.0-csd01.docx (Authoritative)
HTML:
https://docs.oasis-open.org/amqp/filtex/v1.0/csd01/filtex-v1.0-csd01.html
PDF:
https://docs.oasis-open.org/amqp/filtex/v1.0/csd01/filtex-v1.0-csd01.pdf

AMQP Claims-based Security Version 1.0
Committee Specification Draft 01
17 March 2021

Editable source:
https://docs.oasis-open.org/amqp/amqp-cbs/v1.0/csd01/amqp-cbs-v1.0-csd01.docx (Authoritative)
HTML:
https://docs.oasis-open.org/amqp/amqp-cbs/v1.0/csd01/amqp-cbs-v1.0-csd01.html
PDF:
https://docs.oasis-open.org/amqp/amqp-cbs/v1.0/csd01/amqp-cbs-v1.0-csd01.pdf

ZIP distribution files

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP files at:

https://docs.oasis-open.org/amqp/event-streams/v1.0/csd01/event-streams-v1.0-csd01.zip

https://docs.oasis-open.org/amqp/filtex/v1.0/csd01/filtex-v1.0-csd01.zip

https://docs.oasis-open.org/amqp/amqp-cbs/v1.0/csd01/amqp-cbs-v1.0-csd01.zip

Public review announcement metadata records [3] are published along with the specification files.

How to Provide Feedback

OASIS and the AMQP TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public reviews start 31 March 2021 at 00:00 UTC and end 29 April 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=amqp).

Comments submitted by TC non-members for these works and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/amqp-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specifications and the AMQP TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/amqp/

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/amqp/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-RAND-Mode
RF on RAND Mode

[3] Public review announcement metadata:
Event Stream Extensions for AMQP Version 1.0
– https://docs.oasis-open.org/amqp/event-streams/v1.0/csd01/event-streams-v1.0-csd01-public-review-metadata.html
AMQP Filter Expressions Version 1.0
– https://docs.oasis-open.org/amqp/filtex/v1.0/csd01/filtex-v1.0-csd01-public-review-metadata.html
AMQP Claims-based Security Version 1.0
– https://docs.oasis-open.org/amqp/amqp-cbs/v1.0/csd01/amqp-cbs-v1.0-csd01-public-review-metadata.html

ebXML Messaging Protocol Binding for RegRep v1.0 approved as a Committee Specification

OASIS is pleased to announce that ebXML Messaging Protocol Binding for RegRep Version 1.0 from the OASIS ebXML Core (ebCore) TC [1] has been approved as an OASIS Committee Specification.

Electronic Business using eXtensible Markup Language (ebXML) is a family of standards developed through a joint initiative of OASIS and the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT). Five of these ebXML standards, including Collaboration Protocol Profile and Agreement, have been approved by the International Organization for Standardization (ISO) as the ISO 15000 standard. ebXML provides an open, XML-based infrastructure that enables the global use of electronic business information in an interoperable, secure, and consistent manner by all trading partners.

The ebXML Messaging Protocol Binding for RegRep v1.0 specifies a messaging protocol binding for the Registry Services of the OASIS ebXML RegRep Version 4.0 OASIS Standard. This binding is compatible with both the versions 2.0 and 3.0 of ebMS as well as the AS4 profile and complements the existing protocol bindings specified in OASIS RegRep Version 4.0.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

ebXML Messaging Protocol Binding for RegRep Version 1.0
Committee Specification 01
09 March 2021

Editable source (Authoritative):
https://docs.oasis-open.org/ebcore/ebrr-ebms/v1.0/cs01/ebrr-ebms-v1.0-cs01.odt
HTML:
https://docs.oasis-open.org/ebcore/ebrr-ebms/v1.0/cs01/ebrr-ebms-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/ebcore/ebrr-ebms/v1.0/cs01/ebrr-ebms-v1.0-cs01.pdf

Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/ebcore/ebrr-ebms/v1.0/cs01/ebrr-ebms-v1.0-cs01.zip

Members of the ebCore TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references:

[1] OASIS ebXML Core (ebCore) TC
https://www.oasis-open.org/committees/ebcore/

[2] Public review:
https://docs.oasis-open.org/ebcore/ebrr-ebms/v1.0/csd01/ebrr-ebms-v1.0-csd01-public-review-metadata.html
Comment resolution log:
https://docs.oasis-open.org/ebcore/ebrr-ebms/v1.0/csd01/ebrr-ebms-v1.0-csd01-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3577

AMQP Request-Response Messaging with Link Pairing v1.0 and Message Annotations for Response Routing v1.0 approved as Committee Specifications

OASIS is pleased to announce that AMQP Request-Response Messaging with Link Pairing Version 1.0 and Message Annotations for Response Routing Version 1.0 from the OASIS Advanced Message Queuing Protocol AMQP TC [1] have been approved as OASIS Committee Specifications.

AMQP is a vendor-neutral, platform-agnostic protocol for passing real-time data streams and business transactions. The goal of AMQP is to ensure information is safely and efficiently transported between applications, among organizations, across distributed cloud computing environments, and within mobile infrastructures by enabling a commoditized, multi-vendor ecosystem.

About AMQP Request-Response Messaging with Link Pairing:

AMQP defines links as unidirectional transport for messages between a source and a target. A common messaging pattern is that of “request-response”, that is, two parties partaking in a bidirectional conversation using messages. This document defines a common pattern for pairing two unidirectional links to create a bidirectional message transport between two endpoints.

About Message Annotations for Response Routing:

Large scale messaging networks may consist of multiple distinct sub-networks where addresses visible at one point in the network are not visible at other points. Where messages are transferred across network boundaries, addresses contained within the message (such as those in the reply-to field) may no longer be valid. This document defines mechanisms to allow messages which transit such boundaries to be annotated with sufficient information to allow responses to be directed back to the intended recipient.

These Committee Specifications are OASIS deliverables, completed and approved by the TC and fully ready for testing and implementation.

The specifications and related files are available here:

AMQP Request-Response Messaging with Link Pairing Version 1.0
Committee Specification 01
16 February 2021

Editable source (Authoritative):
https://docs.oasis-open.org/amqp/linkpair/v1.0/cs01/linkpair-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/amqp/linkpair/v1.0/cs01/linkpair-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/amqp/linkpair/v1.0/cs01/linkpair-v1.0-cs01.pdf
ZIP (complete package of the prose specification and related files):
https://docs.oasis-open.org/amqp/linkpair/v1.0/cs01/linkpair-v1.0-cs01.zip

Message Annotations for Response Routing Version 1.0
Committee Specification 01
16 February 2021

Editable source (Authoritative):
https://docs.oasis-open.org/amqp/respann/v1.0/cs01/respann-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/amqp/respann/v1.0/cs01/respann-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/amqp/respann/v1.0/cs01/respann-v1.0-cs01.pdf
ZIP (complete package of the prose specification and related files):
https://docs.oasis-open.org/amqp/respann/v1.0/cs01/respann-v1.0-cs01.zip

Members of the AMQP TC [1] approved these specifications by Special Majority Vote. The specifications had been released for public review as required by the TC Process [2]. The votes to approve as Committee Specifications passed [3], and the documents are now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] Advanced Message Queuing Protocol (AMQP) TC
https://www.oasis-open.org/committees/amqp/

[2] Public reviews:
Timeline for “linkpair”:
– https://docs.oasis-open.org/amqp/linkpair/v1.0/csd01/linkpair-v1.0-csd01-public-review-metadata.html
30-day public review of “respann”:
– started 08 May 2020 and ended 06 June 2020:
– https://lists.oasis-open.org/archives/members/202005/msg00001.html
Comment resolution logs:
– https://docs.oasis-open.org/amqp/linkpair/v1.0/csd01/linkpair-v1.0-csd01-comment-resolution-log.txt
– https://docs.oasis-open.org/amqp/respann/v1.0/csprd01/respann-v1.0-csprd01-comment-resolution-log.txt

[3] Approval ballots:
https://www.oasis-open.org/committees/ballot.php?id=3568
https://www.oasis-open.org/committees/ballot.php?id=3569

XACML v3.0 Related and Nested Entities Profile v1.0 approved as a Committee Specification

OASIS is pleased to announce the approval and publication of a new Committee Specification by the members of the eXtensible Access Control Markup Language (XACML) TC [1]:

XACML v3.0 Related and Nested Entities Profile Version 1.0
Committee Specification 02
16 February 2021

Overview:

It is not unusual for access control policy to be dependent on attributes that are not naturally properties of the access subject or resource, but rather are properties of entities that are related to the access subject or resource. This profile defines the means to reference such attributes from within XACML policies for processing by a policy decision point.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.docx
HTML:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.html
PDF:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.pdf
XML schemas:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/schemas/

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.zip

Members of the eXtensible Access Control Markup Language (XACML) TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] eXtensible Access Control Markup Language (XACML) TC
https://www.oasis-open.org/committees/xacml/

[2] Details of public reviews:
– https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd02/xacml-3.0-related-entities-v1.0-csd02-public-review-metadata.html

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3567

Universal Business Language v2.3 from the UBL TC approved as a Committee Specification

OASIS is pleased to announce that Universal Business Language Version 2.3 from the OASIS Universal Business Language TC [1] has been approved as an OASIS Committee Specification.

UBL is the leading interchange format for business documents. It is designed to operate within a standard business framework such as ISO/IEC 15000 (ebXML) to provide a complete, standards-based infrastructure that can extend the benefits of existing EDI systems to businesses of all sizes. The European Commission has declared UBL officially eligible for referencing in tenders from public administrations, and in 2015 UBL was approved as ISO/IEC 19845:2015.

Specifically, UBL provides:

  • A suite of structured business objects and their associated semantics expressed as reusable data components and common business documents.
  • A library of schemas for reusable data components such as Address, Item, and Payment, the common data elements of everyday business documents.
  • A set of schemas for common business documents such as Order, Despatch Advice, and Invoice that are constructed from the UBL library components and can be used in generic procurement and transportation contexts.

UBL v2.3 is a minor revision to v2.2 that preserves backwards compatibility with previous v2.# versions. It adds new document types, bringing the total number of UBL business documents to 91.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Universal Business Language Version 2.3
Committee Specification 01
19 January 2021

Editable source (Authoritative):
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/UBL-2.3.xml

HTML:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/UBL-2.3.html

PDF:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/UBL-2.3.pdf

Code lists for constraint validation:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/cl/

Context/value Association files for constraint validation:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/cva/

Document models of information bundles:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/mod/

Default validation test environment:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/val/

XML examples:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/xml/

Annotated XSD schemas:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/xsd/

Runtime XSD schemas:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/xsdrt/

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file at:

https://docs.oasis-open.org/ubl/cs01-UBL-2.3/UBL-2.3.zip

Members of the UBL TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references:

[1] OASIS Universal Business Language TC
https://www.oasis-open.org/committees/ubl

[2] History of publication, including public reviews:
https://docs.oasis-open.org/ubl/csd04-UBL-2.3/UBL-2.3-csd04-public-review-metadata.html

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3552

STIX Version 2.1 from CTI TC approved as a Committee Specification

OASIS is pleased to announce that STIX Version 2.1 from the OASIS Cyber Threat Intelligence (CTI) TC [1] has been approved as an OASIS Committee Specification.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence. STIX enables organizations and tools to share threat intelligence with one another in a way that improves many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

STIX v2.1 adds new objects and concepts and incorporates improvements based on experience implementing Version 2.0. The objects and features added for inclusion represent an iterative approach to fulfilling basic consumer and producer requirements for CTI sharing. Objects and properties not included in this version of STIX, but deemed necessary by the community, will be included in future releases.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

STIX Version 2.1
Committee Specification 02
25 January 2021

Editable source (Authoritative):
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.docx
HTML:
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html
PDF:
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.pdf

For your convenience, OASIS provides a complete package of the prose document and any related files in ZIP distribution files. You can download the ZIP file at:

https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.zip

Members of the CTI TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:
[1] OASIS Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/

[2] Public reviews:
This Committee Specification contains changes made since its last public review. The changes made are documented in https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05-comment-resolution-log.xlsx. A change-marked PDF document is available at https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02-DIFF.pdf.
Information on earlier public reviews is available at https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05-public-review-metadata.html.

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3556

CACAO Security Playbooks v1.0 approved as a Committee Specification

OASIS is pleased to announce that CACAO Security Playbooks Version 1.0 from the OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC [1] has been approved as an OASIS Committee Specification.

To defend against threat actors and their tactics, techniques, and procedures, organizations need to identify, create, document, and test detection, investigation, prevention, mitigation, and remediation steps. These steps, when grouped together, form a cyber security playbook that can be used to protect organizational systems, networks, data, and users.

This specification defines the schema and taxonomy for cybersecurity playbooks and how cybersecurity playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

CACAO Security Playbooks Version 1.0
Committee Specification 01
12 January 2021

Editable source (Authoritative):
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.zip

Members of the CACAO TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references:
[1] OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC
https://www.oasis-open.org/committees/cacao/

[2] Public review metadata document:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd02/security-playbooks-v1.0-csd02-public-review-metadata.html
– Comment resolution log:
https://docs.oasis-open.org/cacao/security-playbooks/v1.0/csd02/security-playbooks-v1.0-csd02-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3551

Invitation to comment on STIX v2.1

We are pleased to announce that STIX Version 2.1 Committee Specification Draft 05 from the OASIS Cyber Threat Intelligence (CTI) TC [1] is now available for public review and comment.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence. STIX enables organizations and tools to share threat intelligence with one another in a way that improves many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

STIX v2.1 adds new objects and concepts and incorporates improvements based on experience implementing Version 2.0. The objects and features added for inclusion represent an iterative approach to fulfilling basic consumer and producer requirements for CTI sharing. Objects and properties not included in this version of STIX, but deemed necessary by the community, will be included in future releases.

The documents and related files are available here:

STIX Version 2.1
Committee Specification Draft 05
18 December 2020

Editable source (Authoritative):
https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05.docx

HTML:
https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05.html

PDF:
https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05.pdf

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file at:
https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05.zip

How to Provide Feedback

OASIS and the CTI TC value your feedback. We solicit feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

This public review starts 23 December 2020 at 00:00 UTC and ends 06 January 2021 at 11:59 UTC.

This specification was previously submitted for public review [2]. This 15-day review is limited in scope to changes made from the previous reviews. Changes are highlighted in a red-lined DIFF file included in the package [3].

Comments on the work may be submitted to the TC by following the instructions located at:
https://www.oasis-open.org/committees/comments/form.php?wg_abbrev=cti

Feedback submitted by TC non-members for this work and for other work of this TC is publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/cti-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with the public review of these works, we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about this specification and the CTI TC may be found on the TC’s public home page [1].

Additional information related to this public review can be found in the public review metadata document [2].

Additional references:

[1] OASIS Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/

[2] Public review metadata document, including timeline of previous public reviews:
– https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05-public-review-metadata.html

[3] Red-lined version:
https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05-DIFF.pdf

[4] https://www.oasis-open.org/policies-guidelines/ipr

[5] https://www.oasis-open.org/committees/cti/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

No results with the selected filters