Invitation to comment on CACAO Security Playbooks v1.1

OASIS and the OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC are pleased to announce that CACAO Security Playbooks v1.1 is now available for public review and comment. This 30-day review is the first public review for Version 1.1 of this specification.

About the specification draft:

To defend against threat actors and their tactics, techniques, and procedures, organizations need to identify, create, document, and test detection, investigation, prevention, mitigation, and remediation steps. These steps, when grouped together, form a cyber security playbook that can be used to protect organizational systems, networks, data, and users.

This specification defines the schema and taxonomy for cybersecurity playbooks and how cybersecurity playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions.

The documents and related files are available here:

CACAO Security Playbooks Version 1.1
Committee Specification Draft 01
22 October 2021

Editable source (Authoritative):
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd01/security-playbooks-v1.1-csd01.docx
HTML:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd01/security-playbooks-v1.1-csd01.html
PDF:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd01/security-playbooks-v1.1-csd01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd01/security-playbooks-v1.1-csd01.zip

How to Provide Feedback

OASIS and the CACAO TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 26 October 2021 at 00:00 UTC and ends 24 November 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility, which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cacao).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

https://lists.oasis-open.org/archives/cacao-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the CACAO TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/cacao/

Additional information related to this public review, including a complete publication and review history, can be found in the public review metadata document [3].

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/cacao/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

[3] Public review metadata document:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd01/security-playbooks-v1.1-csd01-public-review-metadata.html

SAM Threshold Sharing Schemes v1.0 from SAM TC approved as a Committee Specification

OASIS is pleased to announce that SAM Threshold Sharing Schemes Version 1.0 from the OASIS Security Algorithms and Methods (SAM) TC [1] has been approved as an OASIS Committee Specification.

This document is intended for developers and architects who wish to design systems and applications that utilize threshold sharing schemes in an interoperable manner. Committee Specification 03 (CS03) incorporates non-material changes following further editorial review.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

SAM Threshold Sharing Schemes Version 1.0
Committee Specification 03
14 October 2021

Editable source:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs03/sam-tss-v1.0-cs03.docx (Authoritative)
HTML:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs03/sam-tss-v1.0-cs03.html
PDF:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs03/sam-tss-v1.0-cs03.pdf
Non-material changes between CS02 and this CS03 are marked in:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs03/sam-tss-v1.0-cs03-DIFF.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs03/sam-tss-v1.0-cs03.zip

Members of the SAM TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Security Algorithms and Methods (SAM) TC
https://www.oasis-open.org/committees/sam/

[2] Public review:
* 30-day public review, 02 June 2021:
https://lists.oasis-open.org/archives/members/202106/msg00002.html
https://lists.oasis-open.org/archives/members/202106/msg00003.html
– Review metadata:
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01-public-review-metadata.html
– Comment resolution log:
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3653

OSLC Architecture Management v3.0 Project Specification 01 approved by the OSLC Open Project

OASIS is pleased to announce that OSLC Architecture Management Version 3.0 from the Open Services for Lifecycle Collaboration Open Project [1] has been approved as an OASIS Project Specification.

Managing change and configuration in a complex systems development lifecycle is very difficult, especially in heterogeneous environments that include homegrown tools, open source projects, and commercial tools from different vendors. The OSLC initiative applies World Wide Web and Linked Data principles to enable interoperation of change, configuration, and asset management processes across a product’s entire application and product lifecycle.

OSLC Architecture Management defines a RESTful web services interface for the management of architectural resources and relationships between those and related resources such as product change requests, activities, tasks, requirements or test cases. To support these scenarios, this specification defines a set of HTTP-based RESTful interfaces in terms of HTTP methods: GET, POST, PUT and DELETE, as well as HTTP response codes, content type handling and resource formats.

This Project Specification is an OASIS deliverable, completed and approved by the OP’s Project Governing Board and fully ready for testing and implementation. The applicable open source licenses can be found in the project’s administrative repository at https://github.com/oslc-op/oslc-admin/blob/master/LICENSE.md.

The specification and related files are available at:

OSLC Architecture Management Version 3.0
Project Specification 01
30 September 2021

– OSLC Architecture Management Version 3.0. Part 1: Specification
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/architecture-management-spec.html
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/architecture-management-spec.pdf

– OSLC Architecture Management Version 3.0. Part 2: Vocabulary
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/architecture-management-vocab.html
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/architecture-management-vocab.pdf

– OSLC Architecture Management Version 3.0. Part 3: Constraints
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/architecture-management-shapes.html
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/architecture-management-shapes.pdf

– OSLC Architecture Management Vocabulary Terms definition file:
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/architecture-management-vocab.ttl
– OSLC Architecture Management Constraints definition file:
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/architecture-management-shapes.ttl

Distribution ZIP file

For your convenience, OASIS provides a complete package of the specification and related files in a ZIP distribution file. You can download the ZIP file at:
https://docs.oasis-open-projects.org/oslc-op/am/v3.0/ps01/am-v3.0-ps01.zip

Members of the OSLC OP Project Governing Board approved this specification by Special Majority Vote [2] as required by the Open Project rules [3].

Our congratulations to the participants and contributors in the Open Services for Lifecycle Collaboration Open Project on their achieving this milestone.

Additional references

[1] Open Services for Lifecycle Collaboration Open Project
https://open-services.net/

[2] Approval ballot:
– https://lists.oasis-open-projects.org/g/oslc-op-pgb/message/184

[3] https://www.oasis-open.org/policies-guidelines/open-projects-process

OSLC PROMCODE v1.0 from the OSLC PROMCODE TC approved as a Committee Specification

OASIS and the OASIS OSLC Lifecycle Integration for Project Management of Contracted Delivery (OSLC PROMCODE) TC are pleased to announce that OSLC PROMCODE Version 1.0 has been approved as an OASIS Committee Specification.

This three-part specification defines the overall approach to PROMCODE (PROject Management of COntracted DElivery) based on the Open Services for Lifecycle Collaboration (OSLC) Core v3.0 specification. OSLC Core v3.0 was recently published as an OASIS Standard.

The documents and related files are available here:

OSLC PROMCODE Version 1.0
Committee Specification 01
11 October 2021

OSLC PROMCODE Version 1.0. Part 1: Specification
HTML:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-spec.html (Authoritative)
PDF:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-spec.pdf

OSLC PROMCODE Version 1.0. Part 2: Vocabulary
HTML:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-vocab.html (Authoritative)
PDF:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-vocab.pdf

OSLC PROMCODE Version 1.0. Part 3: Constraints
HTML:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-shapes.html (Authoritative)
PDF:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-shapes.pdf

Machine-readable files
Vocabulary terms: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-vocab.ttl
Constraints: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-shapes.ttl

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs01/promcode-v1.0-cs01.zip

Members of the OSLC PROMCODE TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS OSLC Lifecycle Integration for Project Management of Contracted Delivery (OSLC PROMCODE) TC
https://www.oasis-open.org/committees/oslc-promcode/

[2] Public review information:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/csd01/promcode-v1.0-csd01-public-review-metadata.html
https://lists.oasis-open.org/archives/oslc-promcode/202107/msg00006.html

[3] Approval ballot:
https://www.oasis-open.org/apps/org/workgroup/oslc-promcode/ballot.php?id=3647

Invitation to comment on AS4 Interoperability Profile for Four-Corner Networks v1.0

We are pleased to announce that AS4 Interoperability Profile for Four-Corner Networks v1.0 from the BDXR TC [1] is now available for public review and comment. This is its second public review.

This specification defines an interoperability profile of the AS4 Profile of ebMS 3.0 for use in four-corner networks. In a 4-corner network, entities are exchanging business documents through intermediary gateway services (sometimes called Access Points).

The documents and related files are available here:

AS4 Interoperability Profile for Four-Corner Networks Version 1.0
Committee Specification Draft 02
22 September 2021

Editable source (Authoritative):
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02.docx
HTML:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02.html
PDF:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02.pdf
PDF marked with changes since previous public review:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02-DIFF.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02.zip

A public review metadata record documenting this and any previous public reviews is available at:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02-public-review-metadata.html

How to Provide Feedback

OASIS and the OASIS Business Document Exchange (BDXR) TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 16 October 2021 at 00:00 UTC and ends 30 October 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=bdxr).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

https://lists.oasis-open.org/archives/bdxr-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [2] applicable especially [3] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the BDXR TC can be found at the TC’s public home page [1].

Additional references

[1] OASIS Business Document Exchange (BDXR) TC
http://www.oasis-open.org/committees/bdxr/

[2] http://www.oasis-open.org/policies-guidelines/ipr

[3] http://www.oasis-open.org/committees/bdxr/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

Invitation to comment on Transfer of OpenC2 Messages via HTTPS v1.1

OASIS and the OASIS Open Command and Control (OpenC2) TC are pleased to announce that Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1 is now available for public review and comment.

Open Command and Control (OpenC2) is a concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. HTTP over TLS (HTTPS) provides an authenticated, ordered, lossless delivery of uniquely-identified messages. This document specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages. A testing conformance target is provided to support interoperability testing without security mechanisms.

The documents and related files are available here:

Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1
Committee Specification Draft 01
15 September 2021

Editable source (Authoritative):
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01.md

HTML:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01.html

PDF:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01.zip

A public review metadata record documenting this and any previous public reviews is available at:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01-public-review-metadata.html

How to Provide Feedback

OASIS and the OpenC2 TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 13 October 2021 at 00:00 UTC and ends 11 November 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=openc2).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/openc2-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the OpenC2 TC can be found at the TC’s public home page:

https://www.oasis-open.org/committees/openc2/

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/openc2/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

Invitation to comment on Business Document Naming and Design Rules (BDNDR) v1.1 from the UBL TC

We are pleased to announce that Business Document Naming and Design Rules (BDNDR) Version 1.1 from the UBL TC [1] is now available for public review and comment. This is the third public review for BDNDR v1.1.

Overview

An important and powerful method to design interoperable business documents is to construct logical semantic models using concepts described in the UN/CEFACT Core Components Technical Specification (CCTS) Version 2.01. From these semantic models one can create physical syntax models with which to express the content constraints of actual business documents to be interchanged.

The OASIS Business Document Naming and Design Rules (BDNDR) Version 1.1 Draft Specification prescribes a set of naming and design rules used to create complete CCTS models of interoperable business documents. It also includes the rules needed to create validation artefacts corresponding to them. For XML syntax, the rules govern creating W3C Schema (XSD) and OASIS Context/value Association (CVA) validation artefacts. For JSON syntax, the rules govern creating JSON Schema validation artefacts.

BDNDR Version 1.1 changes no rules for XML syntax from BDNDR Version 1.0 and only adds the new rules prescribed for JSON syntax.

The specification documents and related files are available here:

Business Document Naming and Design Rules (BDNDR) Version 1.1
Committee Specification Draft 04
08 September 2021

Editable source (Authoritative):
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/csd04/Business-Document-NDR-v1.1-csd04.xml
HTML:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/csd04/Business-Document-NDR-v1.1-csd04.html
PDF:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/csd04/Business-Document-NDR-v1.1-csd04.pdf

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file at:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/csd04/Business-Document-NDR-v1.1-csd04.zip

How to Provide Feedback

OASIS and the UBL TC value your feedback. We solicit feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

This public review starts 08 October 2021 at 00:00 UTC and ends 22 October 2021 at 11:59 UTC.

This specification was previously submitted for public review [2]. This 15-day review may be limited in scope to changes made from the previous review. Changes are described in the previous comment resolution log [2] and highlighted in a red-lined file included in the package [3].

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=ubl).

Feedback submitted by TC non-members for this work and for other work of this TC is publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/ubl-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with the public review of this work, we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about this specification and the UBL TC may be found on the TC’s public home page [1].

Additional references:

[1] OASIS Universal Business Language (UBL) TC
https://www.oasis-open.org/committees/ubl/

[2] ÂPrevious public reviews and comment resolution logs:
– Please see the “Timeline Summary” in the public review metadata document at:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/csd04/Business-Document-NDR-v1.1-csd04-public-review-metadata.html

[3] Red-lined version:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/csd04/Business-Document-NDR-v1.1-csd04-DIFF.pdf

[4] https://www.oasis-open.org/policies-guidelines/ipr

[5] https://www.oasis-open.org/committees/ubl/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-Limited-Mode
RF on Limited Terms Mode

OSLC Core v3.0 and OSLC Query v3.0 OASIS Standards published

OASIS is pleased to announce the publication of its two newest OASIS Standards, approved by the members on 26 August 2021:

OSLC Core Version 3.0
OASIS Standard
26 August 2021

OSLC Query Version 3.0
OASIS Standard
26 August 2021

The Open Services for Lifecycle Collaboration (OSLC) Open Project applies Linked Data principles, such as those defined in the W3C Linked Data Platform (LDP), to create a cohesive set of specifications that can enable products, services, and other distributed network resources to interoperate successfully.

Managing change and configuration in a complex systems development lifecycle is very difficult, especially in heterogeneous environments that include homegrown tools, open source projects, and commercial tools from different vendors.

OSLC Core v3.0 defines the overall approach to OSLC-based specifications and capabilities that extend and complement the W3C Linked Data Platform. This eight-part specification also includes two files of machine-readable definitions of the OSLC Core Vocabulary and the OSLC Core Resource Shape Constraints.

OSLC Query v3.0 provides a mechanism for a client to search for RDF resources that match given criteria. The response to a successful query includes the RDF of a query result container that references the member resources found by the query, and optionally includes selected properties of each member resource.

The approval and publication of OASIS Standards for OSLC Change Management v3.0 and OSLC Requirements Management v2.1 were recently announced.

The specifications and related files are available at:

OSLC Core:
– OSLC Core Version 3.0. Part 1: Overview
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/oslc-core.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/oslc-core.pdf

– OSLC Core Version 3.0. Part 2: Discovery
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/discovery.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/discovery.pdf

– OSLC Core Version 3.0. Part 3: Resource Preview
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/resource-preview.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/resource-preview.pdf

– OSLC Core Version 3.0. Part 4: Delegated Dialogs
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/dialogs.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/dialogs.pdf

– OSLC Core Version 3.0. Part 5: Attachments
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/attachments.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/attachments.pdf

– OSLC Core Version 3.0. Part 6: Resource Shape
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/resource-shape.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/resource-shape.pdf

– OSLC Core Version 3.0. Part 7: Vocabulary
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/core-vocab.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/core-vocab.pdf

– OSLC Core Version 3.0. Part 8: Constraints
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/core-shapes.html
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/core-shapes.pdf

– OSLC Core Vocabulary definitions file:
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/core-vocab.ttl

– OSLC Core Resource Shape Constraints definitions file:
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/core-shapes.ttl

OSLC Query:
– OSLC Query Version 3.0
https://docs.oasis-open-projects.org/oslc-op/query/v3.0/os/oslc-query.html
https://docs.oasis-open-projects.org/oslc-op/query/v3.0/os/oslc-query.pdf

Distribution ZIP files

For your convenience, OASIS provides a complete package of each specification and related files in a ZIP distribution file.

OSLC Core:
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/os/core-v3.0-os.zip
OSLC Query:
https://docs.oasis-open-projects.org/oslc-op/query/v3.0/os/query-v3.0-os.zip

The applicable open source licenses can be found in the project’s administrative repository at https://github.com/oslc-op/oslc-admin/blob/master/LICENSE.md.

Our congratulations to the participants and contributors in the Open Services for Lifecycle Collaboration Open Project on their achieving this milestone.

Invitation to comment on Specification for Transfer of OpenC2 Messages via MQTT v1.0

OASIS and the OASIS Open Command and Control (OpenC2) TC are pleased to announce that Specification for Transfer of OpenC2 Messages via MQTT Version 1.0 is now available for public review and comment. This is the first public review for this specification.

Open Command and Control (OpenC2) is a concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. Message Queuing Telemetry Transport (MQTT) is a widely-used publish / subscribe (pub/sub) transfer protocol. This specification describes the use of MQTT Version 5.0 as a transfer mechanism for OpenC2 messages.

The documents and related files are available here:

Specification for Transfer of OpenC2 Messages via MQTT Version 1.0
Committee Specification Draft 04
18 August 2021

Editable source (Authoritative):
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04.md

HTML:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04.html

PDF:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04.zip

How to Provide Feedback

OASIS and the OpenC2 TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 31 August 2021 at 00:00 UTC and ends 29 September 2021 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility, which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=openc2).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/openc2-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the OpenC2 TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/openc2/

Additional information related to this public review can be found in the public review metadata document [3].

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/openc2/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

[3] Public review metadata document:
– https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04-public-review-metadata.html

SAM Threshold Sharing Schemes v1.0 from SAM TC approved as a Committee Specification

OASIS is pleased to announce that SAM Threshold Sharing Schemes Version 1.0 from the OASIS Security Algorithms and Methods (SAM) TC [1] has been approved as an OASIS Committee Specification.

This document is intended for developers and architects who wish to design systems and applications that utilize threshold sharing schemes in an interoperable manner. Committee Specification 02 (CS02) clarifies that the implementation examples in Appendix E are non-normative.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

SAM Threshold Sharing Schemes Version 1.0
Committee Specification 02
19 August 2021

Editable source:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs02/sam-tss-v1.0-cs02.docx (Authoritative)
HTML:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs02/sam-tss-v1.0-cs02.html
PDF:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs02/sam-tss-v1.0-cs02.pdf
Non-material changes between CS01 and this CS02 are marked in:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs02/sam-tss-v1.0-cs02-DIFF.pdf

Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/sam/sam-tss/v1.0/cs02/sam-tss-v1.0-cs02.zip

Members of the SAM TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references:

[1] OASIS Security Algorithms and Methods (SAM) TC
https://www.oasis-open.org/committees/sam/

[2] Public review:
* 30-day public review, 02 June 2021:
https://lists.oasis-open.org/archives/members/202106/msg00002.html
https://lists.oasis-open.org/archives/members/202106/msg00003.html
– Review metadata:
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01-public-review-metadata.html
– Comment resolution log:
https://docs.oasis-open.org/sam/sam-tss/v1.0/csd01/sam-tss-v1.0-csd01-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3639

JSON Abstract Data Notation v1.0 from OpenC2 TC approved as a Committee Specification

OASIS is pleased to announce that Specification for JSON Abstract Data Notation Version 1.0 from the OASIS Open Command and Control (OpenC2) TC [1] has been approved as an OASIS Committee Specification.

JSON Abstract Data Notation (JADN) is an information modeling language. It has several purposes including defining data structures, validating data instances, informing user interfaces working with structured data, and facilitating protocol internationalization. JADN specifications consist of two parts: abstract type definitions that are independent of data format, and serialization rules that define how to represent type instances using specific data formats. A JADN schema is itself a structured information object that can be serialized and transferred between applications, documented in multiple formats such as text-based interface definition languages, property tables or diagrams, and translated into concrete schemas used to validate specific data formats.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Specification for JSON Abstract Data Notation Version 1.0
Committee Specification 01
17 August 2021

Editable source:
https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.md (Authoritative)
HTML:
https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.pdf

Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.zip

Members of the OpenC2 TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Open Command and Control (OpenC2) TC
https://www.oasis-open.org/committees/openc2/

[2] Public review and comment resolution timeline:
https://docs.oasis-open.org/openc2/jadn/v1.0/csd02/jadn-v1.0-csd02-public-review-metadata.html
– Most recent comment resolution log:
https://docs.oasis-open.org/openc2/jadn/v1.0/csd02/jadn-v1.0-csd02-comment-resolution-log.pdf

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3638

Invitation to comment on Common Security Advisory Framework v2.0

OASIS and the OASIS Common Security Advisory Framework (CSAF) TC are pleased to announce that Common Security Advisory Framework Version 2.0 is now available for public review and comment.

The Common Security Advisory Framework (CSAF) Version 2.0 is the definitive reference for the CSAF language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.

The OASIS CSAF Technical Committee is chartered to make a major revision to the widely-adopted Common Vulnerability Reporting Framework (CVRF) specification, originally developed by the Industry Consortium for Advancement of Security on the Internet (ICASI). ICASI has contributed CVRF to the TC. The revision is being developed under the name Common Security Advisory Framework (CSAF). TC deliverables are designed to standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.

The documents and related files are available here:

Common Security Advisory Framework Version 2.0
Committee Specification Draft 01
05 August 2021

Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01.md

HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01.html

PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01.pdf

JSON schemas:
Aggregator JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/schemas/aggregator_json_schema.json
CSAF JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/schemas/csaf_json_schema.json
Provider JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/schemas/provider_json_schema.json

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01.zip

A public review announcement metadata record [3] is published along with the specification files.

How to Provide Feedback

OASIS and the CSAF TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 14 August 2021 at 00:00 UTC and ends 12 September 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=csaf).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/csaf-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the CSAF TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/csaf/

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/csaf/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode

[3] Public review announcement metadata:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-public-review-metadata.html

No results with the selected filters