Paul Knight, Author at OASIS Open

Invitation to comment on CACAO Security Playbooks v1.1

OASIS and the OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC are pleased to announce that CACAO Security Playbooks v1.1 is now available for public review and comment. This 15-day review is the second public review for Version 1.1 of this specification.

About the specification draft

To defend against threat actors and their tactics, techniques, and procedures, organizations need to identify, create, document, and test detection, investigation, prevention, mitigation, and remediation steps. These steps, when grouped together, form a cyber security playbook that can be used to protect organizational systems, networks, data, and users.

This specification defines the schema and taxonomy for cybersecurity playbooks and how cybersecurity playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions.

The documents and related files are available here:

CACAO Security Playbooks Version 1.1
Committee Specification Draft 02
01 March 2022

Editable source (Authoritative):
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd02/security-playbooks-v1.1-csd02.docx
HTML:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd02/security-playbooks-v1.1-csd02.html
PDF:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd02/security-playbooks-v1.1-csd02.pdf
PDF marked with changes since previous public review:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd02/security-playbooks-v1.1-csd02-DIFF.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd02/security-playbooks-v1.1-csd02.zip

How to Provide Feedback

OASIS and the CACAO TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 10 March 2022 at 00:00 UTC and ends 24 March 2022 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility, which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cacao).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/cacao-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the CACAO TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/cacao/

Additional information related to this public review, including a complete publication and review history, can be found in the public review metadata document [3].

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] https://www.oasis-open.org/committees/cacao/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr/#Non-Assertion-Mode
Non-Assertion Mode

[3] Public review metadata document:
https://docs.oasis-open.org/cacao/security-playbooks/v1.1/csd02/security-playbooks-v1.1-csd02-public-review-metadata.html

OSLC Tracked Resource Set v3.0 Project Specification 01 approved by the OSLC Open Project

OASIS is pleased to announce that OSLC Tracked Resource Set Version 3.0 from the Open Services for Lifecycle Collaboration Open Project [1] has been approved as an OASIS Project Specification.

Managing change and configuration in a complex systems development lifecycle is very difficult, especially in heterogeneous environments that include homegrown tools, open source projects, and commercial tools from different vendors. The OSLC initiative applies World Wide Web and Linked Data principles to enable interoperation of change, configuration, and asset management processes across a product’s entire application and product lifecycle.

The Tracked Resource Set protocol allows a server to expose a set of resources in a way that allows clients to discover that set of resources, to track additions to and removals from the set, and to track state changes to the resources in the set. The protocol does not assume that clients will dereference the resources, but they could do so. The protocol is suitable for dealing with sets containing a large number of resources, as well as highly active resource sets that undergo continual change. The protocol is HTTP-based and follows RESTful principles.

This Project Specification is an OASIS deliverable, completed and approved by the OP’s Project Governing Board and fully ready for testing and implementation. The applicable open source licenses can be found in the project’s administrative repository at https://github.com/oslc-op/oslc-admin/blob/master/LICENSE.md.

The specification and related files are available at:

OSLC Tracked Resource Set Version 3.0
Project Specification 01
07 February 2022

– OSLC Tracked Resource Set Version 3.0. Part 1: Specification
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/tracked-resource-set.html
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/tracked-resource-set.pdf

– OSLC Tracked Resource Set Version 3.0. Part 2: Vocabulary
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/tracked-resource-set-vocab.html
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/tracked-resource-set-vocab.pdf

– OSLC Tracked Resource Set Version 3.0. Part 3: Constraints
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/tracked-resource-set-shapes.html
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/tracked-resource-set-shapes.pdf

– OSLC Tracked Resource Set RDF Vocabulary definitions file:
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/trs-vocab.ttl

– OSLC Tracked Resource Set Resource Shape Constraints definitions file:
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/trs-shapes.ttl

Distribution ZIP file

For your convenience, OASIS provides a complete package of the specification and related files in a ZIP distribution file. You can download the ZIP file at:
https://docs.oasis-open-projects.org/oslc-op/trs/v3.0/ps01/trs-v3.0-ps01.zip

Members of the OSLC OP Project Governing Board approved this specification by Special Majority Votes [2] as required by the Open Project rules [3].

Our congratulations to the participants and contributors in the Open Services for Lifecycle Collaboration Open Project on their achieving this milestone.

Additional references

[1] Open Services for Lifecycle Collaboration Open Project
https://open-services.net/

[2] Approval ballot:
– https://lists.oasis-open-projects.org/g/oslc-op-pgb/message/220

[3] https://www.oasis-open.org/policies-guidelines/open-projects-process/

XACML v3.0 Dynamic Attribute Authority v1.0 approved as a Committee Specification

OASIS is pleased to announce the approval and publication of a new Committee Specification by the members of the eXtensible Access Control Markup Language (XACML) TC [1]:

XACML v3.0 Dynamic Attribute Authority Version 1.0
Committee Specification 01
25 January 2022

Overview

This specification defines a new XACML system component, the Dynamic Attribute Authority, which augments the request context of an XACML authorization request with additional attributes and attribute values that are generated on demand according to a set of rules. The rules are expressed as XACML policies, use obligations to specify the additional attributes and values, and are processed in the normal manner of a Policy Decision Point. This means that a Dynamic Attribute Authority can be readily constructed from existing XACML system components.

A primary use case for the Dynamic Attribute Authority is role enablement, where the dynamic attribute in question is the subject role.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The documents and related files are available here:

Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/cs01/xacml-3.0-dyn-attr-v1.0-cs01.docx

HTML:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/cs01/xacml-3.0-dyn-attr-v1.0-cs01.html

PDF:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/cs01/xacml-3.0-dyn-attr-v1.0-cs01.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/cs01/xacml-3.0-dyn-attr-v1.0-cs01.zip

Members of the eXtensible Access Control Markup Language (XACML) TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] eXtensible Access Control Markup Language (XACML) TC
https://www.oasis-open.org/committees/xacml/

[2] Details of public review:
– https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01-public-review-metadata.html

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3683

OData Extension for Temporal Data v4.0 from OData TC approved as a Committee Specification

OASIS is pleased to announce that OData Extension for Temporal Data Version 4.0 from the OASIS Open Data Protocol (OData) TC [1] has been approved as an OASIS Committee Specification.

This specification defines how to represent and interact with time-dependent data using the Open Data Protocol (OData). It defines semantics and a representation for temporal data, including operations for querying and modifying temporal data along with vocabulary terms to annotate which data depends on time, and how.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The documents and related files are available here:

OData Extension for Temporal Data Version 4.0
Committee Specification 01
25 January 2022

Editable source (Authoritative):
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/cs01/odata-temporal-ext-v4.0-cs01.docx
HTML:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/cs01/odata-temporal-ext-v4.0-cs01.html
PDF:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/cs01/odata-temporal-ext-v4.0-cs01.pdf
PDF marked with changes since previous public review:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/cs01/odata-temporal-ext-v4.0-cs01-DIFF.pdf

OData Temporal ABNF Construction Rules Version 4.0:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/cs01/abnf/odata-temporal-abnf.txt
OData Temporal ABNF Test Cases:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/cs01/abnf/odata-temporal-testcases.yaml
OData Temporal Vocabulary:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/cs01/vocabularies/Org.OData.Temporal.V1.xml

For your convenience, OASIS provides a complete package of the specification document and any related files in a ZIP distribution file. You can download the ZIP file at:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/cs01/odata-temporal-ext-v4.0-cs01.zip

Members of the OData TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references:

[1] OASIS Open Data Protocol (OData) TC
https://www.oasis-open.org/committees/odata/

[2] Public reviews:
– Public review metadata record:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/odata-temporal-ext-v4.0-csd03-public-review-metadata.html
– Most recent comment resolution log:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/odata-temporal-ext-v4.0-csd03-comment-resolution-log.xlsx

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3684

Universal Business Language (UBL) TC publishes JSON representations for UBL 2.1, UBL 2.2, and UBL 2.3

We are pleased to announce the publication of three Committee Notes providing JSON alternative representations of the XML documents included in the Universal Business Language (UBL) OASIS Standards – UBL 2.1, UBL 2.2, and UBL 2.3. These Committee Notes were developed by the members of the OASIS Universal Business Language (UBL) TC [1].

“UBL 2.1 JSON Alternative Representation Version 2.0” supplements the OASIS Universal Business Language version 2.1 release with an alternative expression of the UBL sample XML documents in JSON syntax, and two JSON schema expressions of all 65 XSD schemas in conformance to the OASIS Business Document Naming and Design Rules Version 1.1.

“UBL 2.2 JSON Alternative Representation Version 1.0” supplements the UBL 2.2 release with an alternative expression of the UBL sample XML documents in JSON syntax, and two JSON schema expressions of all of its 81 XSD schemas.

“UBL 2.3 JSON Alternative Representation Version 1.0” supplements UBL 2.3 with an alternative expression of the UBL sample XML documents in JSON syntax, and two JSON schema expressions of all of its 91 XSD schemas.

The documents and related files are available here:

UBL 2.1 JSON Alternative Representation Version 2.0
Committee Note 01
01 December 2021

UBL 2.2 JSON Alternative Representation Version 1.0
Committee Note 01
01 December 2021

UBL 2.3 JSON Alternative Representation Version 1.0
Committee Note 01
01 December 2021

Members of the UBL TC approved these Committee Notes by a Full Majority vote on 01 December 2021, as documented in the TC minutes [2].

Our congratulations to all the members of the TC.

Additional references

[1] OASIS Universal Business Language (UBL) TC
https://www.oasis-open.org/committees/ubl/

[2] Approval
https://lists.oasis-open.org/archives/ubl/202112/msg00001.html

Event Terms List v1.0 published by Emergency Management TC

OASIS is pleased to announce publication of “Event Terms List Version 1.0,” a Committee Note from the members of the OASIS Emergency Management TC [1].

The variety of practices employed regarding “event” types in Common Alerting Protocol (CAP) messages makes it difficult to compare messages from different sources. The problem has been presented as an interoperability issue where some consumers of CAP struggle to compare differences in language and meaning of the terms used in the <event> element in CAP.

The <event> element is the focus for this Committee Note, as it is the only required element in CAP directly associated with the subject event for a CAP message. Aligning practices surrounding this element, as opposed to other possible candidate elements, is the choice adopted in this work product for addressing this interoperability concern.

The Committee Note is available here:

Event Terms List Version 1.0
Committee Note 02
12 October 2021

Editable source (Authoritative):
https://docs.oasis-open.org/emergency/etl/v1.0/cn02/etl-v1.0-cn02.docx
HTML:
https://docs.oasis-open.org/emergency/etl/v1.0/cn02/etl-v1.0-cn02.html
PDF:
https://docs.oasis-open.org/emergency/etl/v1.0/cn02/etl-v1.0-cn02.pdf

For your convenience, OASIS provides a complete ZIP package of the Committee Note that you can download here:
https://docs.oasis-open.org/emergency/etl/v1.0/cn02/etl-v1.0-cn02.zip

Members of the Emergency Management TC approved this Committee Note by a Full Majority ballot [2].

Our congratulations to all the members of the TC.

Additional references

[1] OASIS Emergency Management TC
https://www.oasis-open.org/committees/emergency/

[2] Approval
https://www.oasis-open.org/committees/ballot.php?id=3667

Invitation to comment on OData Extension for Temporal Data v4.0

OASIS and the OASIS Open Data Protocol (OData) TC are pleased to announce that OData Extension for Temporal Data Version 4.0 is now available for public review and comment. This is its third public review.

The documents and related files are available here:

OData Extension for Temporal Data Version 4.0
Committee Specification Draft 03
02 December 2021

Editable source (Authoritative):
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/odata-temporal-ext-v4.0-csd03.docx
HTML:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/odata-temporal-ext-v4.0-csd03.html
PDF:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/odata-temporal-ext-v4.0-csd03.pdf
PDF marked with changes since previous public review:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/odata-temporal-ext-v4.0-csd03-DIFF.pdf

OData Temporal ABNF Construction Rules Version 4.0:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/abnf/odata-temporal-abnf.txt
OData Temporal ABNF Test Cases:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/abnf/odata-temporal-testcases.yaml
OData Temporal Vocabulary:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/vocabularies/Org.OData.Temporal.V1.xml

A public review metadata record documenting this and any previous public reviews is available at:
https://docs.oasis-open.org/odata/odata-temporal-ext/v4.0/csd03/odata-temporal-ext-v4.0-csd03-public-review-metadata.html.

How to Provide Feedback

OASIS and the OASIS Open Data Protocol (OData) TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts 10 December 2021 at 00:00 UTC and ends 24 December 2021 at 23:59 UTC, with the expected arrival of St. Nicholas in London.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=odata).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/odata-comment/

Additional information about the specification and the OData TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/odata/

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] https://www.oasis-open.org/committees/odata/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr/#RF-on-RAND-Mode
RF on RAND Terms Mode

Specification for Transfer of OpenC2 Messages via HTTPS v1.1 from OpenC2 TC approved as a Committee Specification

OASIS is pleased to announce that Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1 from the OASIS Open Command and Control (OpenC2) TC [1] has been approved as an OASIS Committee Specification.

Open Command and Control (OpenC2) is a concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. HTTP over TLS is a widely deployed transfer protocol that provides an authenticated, ordered, lossless delivery of uniquely-identified messages. This document specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages. A Testing conformance target is provided to support interoperability testing without security mechanisms.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1
Committee Specification 01
30 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.md
HTML:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.html
PDF:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.zip

Members of the OpenC2 TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Open Command and Control (OpenC2) TC
https://www.oasis-open.org/committees/openc2/

[2] Public review and comment resolution timeline:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01-public-review-metadata.html
– Most recent comment resolution log:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3672

Invitation to comment on XACML v3.0 Dynamic Attribute Authority v1.0

OASIS and the OASIS eXtensible Access Control Markup Language (XACML) TC are pleased to announce that XACML v3.0 Dynamic Attribute Authority Version 1.0 is now available for public review and comment. This is the first public review of this draft specification.

A primary use case for the Dynamic Attribute Authority is role enablement, where the dynamic attribute in question is the subject role.

The documents and related files are available here:

XACML v3.0 Dynamic Attribute Authority Version 1.0
Committee Specification Draft 01
11 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01.docx

HTML:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01.html

PDF:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01.zip

A public review metadata record documenting this public review is available at:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01-public-review-metadata.html

How to Provide Feedback

OASIS and the XACML TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 02 December 2021 at 00:00 UTC and ends 31 December 2021 at 23:59 UTC.

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/xacml-comment/

Additional information about the specification and the XACML TC can be found at the TC’s public home page:

https://www.oasis-open.org/committees/xacml/

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] https://www.oasis-open.org/committees/xacml/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr/#RF-on-Limited-Mode
RF on Limited Terms Mode

Specification for Transfer of OpenC2 Messages via MQTT v1.0 from OpenC2 TC approved as a Committee Specification

OASIS is pleased to announce that Specification for Transfer of OpenC2 Messages via MQTT Version 1.0 from the OASIS Open Command and Control (OpenC2) TC [1] has been approved as an OASIS Committee Specification.

Open Command and Control (OpenC2) is a concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. Message Queuing Telemetry Transport (MQTT) is a widely-used publish / subscribe (pub/sub) transfer protocol. This specification describes the use of MQTT Version 5.0 as a transfer mechanism for OpenC2 messages.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Specification for Transfer of OpenC2 Messages via MQTT Version 1.0
Committee Specification 01
19 November 2021

Editable source:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01.md (Authoritative)
HTML:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01.pdf

Details of non-material changes since the previous public review are redlined in:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01-DIFF.pdf

Distribution ZIP file

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Open Command and Control (OpenC2) TC
https://www.oasis-open.org/committees/openc2/

[2] Public review and comment resolution timeline:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04-public-review-metadata.html
– Most recent comment resolution log:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04-comment-resolution-log.pdf

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3668

Common Security Advisory Framework v2.0 from CSAF TC approved as a Committee Specification

OASIS is pleased to announce that Common Security Advisory Framework Version 2.0 from the OASIS Common Security Advisory Framework (CSAF) TC [1] has been approved as an OASIS Committee Specification.

The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON. CSAF v2.0 is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Common Security Advisory Framework Version 2.0
Committee Specification 01
12 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.md
HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html
PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.pdf
JSON schemas:
Aggregator: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/aggregator_json_schema.json
CSAF: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/csaf_json_schema.json
Provider: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/provider_json_schema.json

Distribution ZIP file

Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/

[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-comment-resolution-log.md

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3666

AS4 Interoperability Profile for Four-Corner Networks v1.0 from BDXR TC approved as a Committee Specification

OASIS is pleased to announce that AS4 Interoperability Profile for Four-Corner Networks Version 1.0 from the OASIS Business Document Exchange (BDXR) TC [1] has been approved as an OASIS Committee Specification.

This specification defines an interoperability profile of the AS4 Profile of ebMS 3.0 for use in four-corner networks. In a 4-corner network, entities are exchanging business documents through intermediary gateway services (sometimes called Access Points).

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

AS4 Interoperability Profile for Four-Corner Networks Version 1.0
Committee Specification 01
12 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/cs01/bdx-as4-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/cs01/bdx-as4-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/cs01/bdx-as4-v1.0-cs01.pdf

Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/cs01/bdx-as4-v1.0-cs01.zip

Members of the BDXR TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Business Document Exchange (BDXR) TC
https://www.oasis -open.org/committees/bdxr/

[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3665

No results with the selected filters

Invitation to comment on CACAO Security Playbooks v1.1

About the specification draft

How to Provide Feedback

Additional references

OSLC Tracked Resource Set v3.0 Project Specification 01 approved by the OSLC Open Project

Distribution ZIP file

Additional references

XACML v3.0 Dynamic Attribute Authority v1.0 approved as a Committee Specification

Overview

Additional references

OData Extension for Temporal Data v4.0 from OData TC approved as a Committee Specification

Additional references:

Universal Business Language (UBL) TC publishes JSON representations for UBL 2.1, UBL 2.2, and UBL 2.3

Additional references

Event Terms List v1.0 published by Emergency Management TC

Additional references

Invitation to comment on OData Extension for Temporal Data v4.0

How to Provide Feedback

Additional references

Specification for Transfer of OpenC2 Messages via HTTPS v1.1 from OpenC2 TC approved as a Committee Specification

Distribution ZIP file

Additional references

Invitation to comment on XACML v3.0 Dynamic Attribute Authority v1.0

How to Provide Feedback

Additional references

Specification for Transfer of OpenC2 Messages via MQTT v1.0 from OpenC2 TC approved as a Committee Specification

Distribution ZIP file

Additional references

Common Security Advisory Framework v2.0 from CSAF TC approved as a Committee Specification

Distribution ZIP file

Additional references

AS4 Interoperability Profile for Four-Corner Networks v1.0 from BDXR TC approved as a Committee Specification

The work of OASIS is supported by organizations from around the world. Members include: