Other

Document Life Cycle Best Practices

Version 2024.08.22

Abstract

This document contains both a summary of the work product process (relevant to TC Process version 22 July 2020) and some guidance on how to streamline that process. It also discusses how an OASIS Technical Committee (TC)’s Work Product progresses through the various development stages of its lifecycle.

In addition to defining some best practices, this document also defines three optional standing rules that a TC may choose to enact to simplify the process of moving documents through the various development stages. These standing rules simplify when ballots are needed, clarify when and how approvals are done, can reduce voting fatigue, and can reduce delays due to administrative processes. These standing rules can be adopted on a document-by-document basis or be adopted globally by the TC for all documents. In the latter case, a TC may consider doing this during the formation of the TC.

Scope

The best practices and standing rules included in this document can be applied to all Standards Track and Non-Standards Track Work Products of a Technical Committee. These can be
adopted by any OASIS Technical Committee on a document-by-document basis or for all documents produced by that TC.

Notices

1. Introduction
2. Concepts and Background
3. Document Stages
4. Summary and Conclusions
Appendix A – Work Product Process State Diagram
Appendix B – WD and CSD Numbering Examples
- B.1 Numbering Without Standing Rule 1
- B.2 Numbering With Standing Rule 1

1. Introduction

1.1 Motivation

Currently, most Technical Committees process documents through their lifecycle in a way that causes unnecessary delays, ballots, and administrative process. This document tries to address these issues.

1.2 Abbreviations and Acronyms

This document uses the following abbreviations and acronyms:

CN – Committee Note
CS – Committee Specification
CND – Committee Note Draft
CSD – Committee Specification Draft
FMV – Full Majority Vote
NWI – New Work Item
OBCP – OASIS Best Current Practices
SMV – Special Majority Vote
TC – Technical Committee
TR – Technical Report
TRD – Technical Report Draft
WD – Working Draft
WP – Work Product

1.3 Definitions

New Work Item – A contribution that represents a proposed new TC Work Item.

Work Item – A document that is either at the Working Draft stage or at a Work Product stage.

Working Draft – A document that has not been approved as an official Work Product of the TC.

Work Product – A document that has been officially approved by the TC as a Standards Track
or Non-Standards Track document.

2. Concepts and Background

2.1 Contributions

A contribution is a verbal or written comment, suggestion, or document that is submitted to a TC and contains either a proposed New Work Item or proposed edits, changes, additions, or suggestions to an existing Work Item (regardless of the existing Work Item’s current stage). This OBCP document focuses on contributions that create New Work Items. While TCs need to review and consider all contributions, they do not need to accept or adopt (in part or in full) the contribution.

2.2 Document Stages

All Work Items start as a contribution to a TC, and starter templates for these contributions can be requested from OASIS Admin. Once a contribution is approved by the TC, it becomes an official Standards Track Work Product or Non-Standards Track Work Product and will progress through the following stages. A contribution may go through several revisions at the Working Draft stage before it is approved as an official Work Product.

1. Working Draft
2. Standards Track Work Product stages
- a. Committee Specification Draft
- b. Committee Specification
- c. OASIS Standard
3. Non-Standards Track Work Product stages
- a. For Committee Notes
  - i. Committee Note Draft
  - ii. Committee Note
- For Technical Reports
  - i. Technical Report Draft
  - ii. Technical Report

2.3 Documents Do Not Revert To The Working Draft Stage

Once a document has been approved by the TC and advances to a Work Product, new versions of that document do not start over at the Working Draft stage. The Working Draft stage is for contributions that have not yet been approved as official Work Products. For example, when a contribution has been approved as a Committee Specification Draft, new versions of that document do not start over as Working Drafts.

3. Document Stages

3.1 Working Drafts

The OASIS TC Process does not talk about contributions or Working Drafts, as such, this section gives some guidance on what they are and how they should be understood.

A contribution may go through many revisions before it is either approved or discarded by the TC. Each revision of a contribution, including the first submission, is considered a Working Draft. Once a Working Draft is approved by the TC it becomes either a CSD, CND, CN, TRD, or TR.

Said another way, a Working Draft is a Work Item that has not yet reached a sufficient level of maturity as determined by the TC to be considered for and approved as an official Standards Track Work Product (i.e., CSD) or Non-Standards Track Work Product (i.e., CND, CN, TRD, or TR).

3.1.1 New Versions

TCs do not approve new versions of a Working Draft. Working Draft documents are developed either by the original contributor or the editors of the document and can be revised, updated, and released as often as the original contributor or editors desire. Each version of these documents can and should be uploaded to the official TC document repository in the “Working Drafts” directory.

3.1.2 Numbering

The first release and initial contribution to the TC should have a document stage version of “Working Draft 01”. For each additional version of the document, the stage version value should be incremented (e.g., 02, 03, 04, etc). Please see the OASIS Naming Directives document for more information.

3.2 Specification/Note/Technical Report Draft Documents

Once a Working Draft has been deemed sufficiently mature by the TC, the TC can approve the current version of the Working Draft as a Standards Track or Non-Standards Track Work Product (i.e., CSD, CND, CN, TRD, or TR) through a Full Majority Vote. Please see the TC Process for more information on how to perform ballots. NOTE: it is possible for documents to go directly from a WD to either a CN or TR due to them not needing a public review.

The figure below shows a document that was approved as a Work Product after several revisions as a Working Draft.

3.2.1 Updates

CSD and CND documents are developed by the TC and updates and revisions are performed by the editor(s) of the document. These documents can be revised, updated, and released as often as the TC desires.

TRD documents are developed by the author(s) with feedback from the TC and updates and revisions are performed by the author(s) and/or editor(s) of the document. These documents can be revised, updated, and released as often as the author(s) desire.

3.2.2 Numbering

The first version of a CSD, CND, and TRD needs to have a document stage version of “Committee Specification Draft 01”, “Committee Note Draft 01”, or “Technical Report Draft 01”. For each additional version of the document, the stage version value should be incremented (e.g., 02, 03, 04, etc.). Please see the OASIS Naming Directives document for more information.

3.2.3 Approvals

NOTE: the old Working Draft stage numbers are not retained once a document moves to the CSD, CND, CN, TRD, or TR stage, and new versions of a CSD, CND, and TRD do not start as Working Drafts.

The TC needs to approve each new version of a Committee Specification Draft and Committee Note Draft through a Full Majority Vote. The TC does not approve each new version of a Technical Report Draft, as Technical Report Drafts are developed by the author(s) with feedback from the TC. Please see the TC Process for more information on how to perform ballots. In regards to voting Section “1.11 TC Voting” of the TC Process says:

TCs may conduct electronic ballots. An electronic ballot may be conducted during a meeting using any tool available to the TC, including email, and the results must be recorded in the minutes. Electronic ballots outside of a meeting shall be made either by using the TC’s general mail list or the publicly archived electronic voting functionality provided by OASIS and must remain open for a minimum of 7 days.

This means that the TC may vote using the:

TC’s ballot tool
Issuing a call for objection to unanimous consent in a quorate meeting
Performing a live ballot (e.g. show of hands) in a quorate meeting
Issuing a call for objections to unanimous consent via email
Performing a ballot (email responses) via email

All non live votes require the ballot to be open for at least 7 days.

The motion, the second to the motion, and the results for each ballot must be documented per
TC Process. If a call for unanimous consent receives one or more objections, then a traditional
ballot must be used.

3.2.4 Standing Rule 1: Approving Additional CSD/CND Documents

As a standing rule, the TC may authorize the editor(s) to publish additional versions of a CSD or CND either on a regular basis or at their discretion without additional motions, calls for consent, or ballots. A Full Majority Vote is required to enact this standing rule.

NOTE: Before a Working Draft can become a CSD, CND, or a CN it must pass an actual Full Majority Vote, even if this standing rule is enacted. The same is true for a TRD, though the TC does not approve each new version of the TRD, the TC must approve it as a Work Product.

If a TC is going to enact this standing rule, the TC should do this as part of the first CSD or CND ballot, but this can be done at any time. This standing rule can be revoked at any time by the TC through a Full Majority Vote. Some TCs may enact this standing rule for all documents when the TC is formed.

With this standing rule in place and once a new CSD or CND version (after the initial CSD/CND passed a Full Majority Vote) is ready to be published, the editor(s) can ask the OASIS Admin to publish the document and publicly announce it without any additional motions, ballots, or votes.

For example, if this standing rule is enacted in a TC, then:

New CSD and CND documents should be uploaded to the official TC document
repository in the “Approved Work Products” directory by the editors, as these documents
are approved CSDs and CNDs, and they should have the suffix name of “-csd##” or
“-cnd##”. The “##” in this case is the CSD or CND number.

If the standing rule is not enacted:

New not yet approved CSD and CND documents should be uploaded to the official TC document repository in the “Working Drafts” directory by the editor(s) or chair(s) and should have a suffix name of “-pre-csd##-yyyy-mm-dd” or “-pre-cnd##-yyyy-mm-dd”. The “##” in this case is what the CSD or CND number will be once approved. For example, if CSD01 has been approved and the TC wants to approve CSD02, the document would have a suffix of “-pre-csd02-yyyy-mm-dd”.
Once the CSD or CND is approved (by a Full Majority Vote), it can be uploaded to the TC document repository in the “Approved Work Products” directory with the normal “-csd##” or “-cnd##” suffix.

3.3 Informal Document Feedback

TCs can receive feedback at any time about any Work Item they are working on. However, it is critical that all feedback from non-TC members be submitted through the public comment methods defined in the TC Process.

3.4 Public Reviews

See section “2.6 Public Review of a Committee Specification Draft” of the TC Process for more information about public reviews.

In summary, before a Committee Specification Draft can progress to a full Committee Specification, it needs to have at least one public review. The TC needs to approve starting each new public review via a Full Majority Vote. Please see the TC Process for how to perform Public Review ballots. The TC can request additional public reviews at any time through a Full Majority Vote. If a TC decides to do a public review of a CND or TRD, it may, but it must follow the same process as defined for a CSD.

3.4.1 Standing Rule 2: Approving Additional Public Reviews

As a standing rule, a TC may approve the chair(s) to open new public reviews with each CSD, CND, TRD release, on a regular basis, or at their discretion, without additional motions, calls for consent, or ballots. A Full Majority Vote is required to enact this standing rule.

NOTE: Before a CSD, CND, or TRD can go out for its first public review it must pass an actual Full Majority Vote, even if this standing rule is enacted.

If a TC is going to enact this standing rule, the TC should do this as part of the first public review, but it can be done at any time. This standing rule can be revoked at any time by the TC through a Full Majority Vote. Some TCs may enact this standing rule for all documents when the TC is formed.

3.5 Specification/Note/Report Documents

Approval of a Committee Specification requires a Special Majority Vote. The Special Majority Vote is set up and run by OASIS Admin. See section “2.7 Approval of a Committee Specification” of the TC Process for more information about approving a CS.

In summary, in addition to the requirements around public reviews, once the TC has decided that the CSD is complete and the text is sufficiently stable, the Chair(s) can request the OASIS Admin to open the Special Majority Vote. Please see the TC Process for how to perform a CS ballot.

Approval of a Committee Note and a Technical Report only requires a Full Majority Vote.

3.5.1 Numbering

The first version of a CS or CN needs to have a document stage version of “Committee Specification 01” or “Committee Note 01”. For each additional version of the document, the version value should be incremented (e.g., 02, 03, 04, etc.). Please see the OASIS Naming Directives document for more information. It is important to note that a Technical Report, once published, is not able to be versioned at the TR stage like a CS or CN.

3.5.2 Updates

TCs should avoid advancing a Committee Specification Draft or a Committee Note Draft to the next stage if immediate updates and/or changes are still needed and/or expected. Meaning, additional versions of a Committee Specification or Committee Note should be rare as these documents are considered a final deliverable.

In rare cases when the TC needs to update a Committee Specification or a Committee Note new versions of that document do not start over as Working Drafts. A TC may decide that the proposed changes warrant going back to the Committee Specification Draft or Committee Note Draft stage. This is especially true if the changes are material or they include significant breaking changes or the changes would represent a major or perhaps even a significant minor revision to the document according to semantic versioning. However, to be clear it is not required that a document go back to a previous stage.

Regardless of whether the document reverts back to the CSD stage or stays at the CS stage, each new version of a CS requires a new public review and the TC to perform a new CS ballot. Where each new version of a CN only requires a new CN ballot.

It is important to note that an update to an OASIS Standard does require starting over at the
Committee Specification Draft phase as it is considered an entirely new version.

When updating a CS or CN:

New not yet approved CS or CN documents should be uploaded to the official TC
document repository in the “Working Drafts” directory and should have a suffix name of
“-pre-cs##-yyyy-mm-dd” or “-pre-cn##-yyyy-mm-dd”.
Once this CS or CN is approved, it can be uploaded to the TC document repository in
the “Approved Work Products” directory with the normal “-cs##” or “-cn##” suffix and
then be published.

The Figure below shows an example of a Committee Specification Draft being approved as a CS (note: it does not show the approvals for public reviews).

3.6 Changes During Publication

Technical Committees (TCs) at OASIS strive to produce and publish high-quality documents and specifications. However, sometimes, during the publication process, the time after a successful ballot and before the document is published, non-material, minor, and editorial issues may be found that the TC wants to fix. These issues and problems can be resolved by the TC without doing another version and possible public review as stated in Section “2.2.4 Allowed changes” of the TC Process:

After a Work Product has been approved as a Standards Track or Non-Standards Track Work Product (for example, as a Committee Specification Draft), only non-material changes may be made during the publication process. These changes can only be made in coordination with the TC Admin and a summary of changes shall be sent to the TC mailing list. The TC may continue to make changes to the next Committee Specification Draft.

3.6.1 Standing Rule 3: Approving Editorial Changes

As a standing rule, a TC may approve the chair(s) and editor(s) and author(s) in the case of a Technical Report in coordination with OASIS Admin to also make editorial changes during the publication process without requiring approval from the TC. Editorial changes are things like formatting problems, updating the table of contents, fixing spelling errors, fixing typos, addressing grammar problems, updating links and references, etc. This does not include minor text changes or larger non-material changes, only editorial changes. It is important to note that the chair(s), the editor(s), the author(s) and the OASIS Admin must all agree that these changes are purely editorial. A Full Majority Vote is required to enact this standing rule.

If a TC is going to enact this standing rule, the TC should do this as part of the first CSD/CND/TRD or CS/CN/TR ballot for a given document, but it can be done at any time. This standing rule can be revoked at any time by the TC through a Full Majority Vote. Some TCs may enact this standing rule for all documents when the TC is formed.

4. Summary and Conclusions

This document outlines how TCs can advance a contribution through its entire lifecycle. It also clarifies that many of the ballots that are done today can be addressed through a call for unanimous consent or by enacting standing rules to pre-grant the chair(s), editor(s), or author(s) authority to release CSDs, CNDs, and TRDs and perform their public reviews either on a regular basis or at their discretion without additional motions, calls for consent, or ballots. It also clarifies how document versions are updated and shows how documents do not need to restart at the Working Draft stage. Meaning, once a document has advanced to the next stage, it does not need to go backward and start over at the Working Draft stage.

In some TCs today, a document may go through as many as 10 or more ballots before it is finally published as a final deliverable (e.g., CS 01). With these best practices and standing rules, documents could have as few as 2 ballots before they are published. For example:

The first ballot could be used to:

The first ballot could be used to:
- approve a Working Draft as CSD01
- approve the first public review, and
- approve all three standing rules that are covered in this document.
The second ballot would then be used to:
- approve the CS

This could greatly decrease voting fatigue and reduce the amount of time needed to support the
balloting process and, thus, ultimately speed up the delivery of published documents.

Appendix A – Work Product Process State Diagram

This diagram represents a simplified visual representation of how documents flow through their
lifecycle.

Appendix B – WD and CSD Numbering Examples

This appendix provides examples of in-development document numbering and storage location
as described in Section 3 with and without the use of Standing Rule 1. The examples here use the CACAO Playbook specification as an example.

B.1 Numbering Without Standing Rule 1

Development Status	Working Drafts Directory	Approved Work Products Directory
Working Draft Development	cacao-playbooks-v2.0-wd01, cacao-playbooks-v2.0-wd02, …
First CSD		cacao-playbooks-v2.0-csd01
Second CSD Development	cacao-playbooks-v2.0-pre-cs d02-yyyy-mm-dd, …
Second CSD		cacao-playbooks-v2.0-csd02

B.2 Numbering With Standing Rule 1

Development Status	Working Drafts Directory	Approved Work Products Directory
Working Draft Development	cacao-playbooks-v2.0-wd01, cacao-playbooks-v2.0-wd02, …
CSD Development		cacao-playbooks-v2.0-csd01, cacao-playbooks-v2.0-csd02, …

The Document Life Cycle for TCs – Approved 2024-08-22 Download

Business Continuity and Disaster Recovery Plan

Introduction
OASIS Open recognizes the critical importance of preparing for unexpected events that could disrupt our operations. This Business Continuity and Disaster Recovery Plan outlines our approach to responding to and recovering from incidents that pose a risk to our operations, people, and the communities we serve.

Purpose
The purpose of this plan is to provide a structured response to incidents, minimize operational disruptions, and ensure the continuity of OASIS’s mission-critical services during and after a disaster.

Scope
This plan covers all aspects of OASIS’s operations, including but not limited to our offices, data centers, staff members, third party vendors, and technology infrastructure.

Objectives

To ensure a rapid and coordinated response to incidents.
To minimize the impact of disasters on our operations and services.
To protect the safety and well-being of our staff and members.
To facilitate the recovery of critical systems and operations.
To communicate effectively with stakeholders during and after an incident.

Plan Activation
The criteria for activating the Business Continuity and Disaster Recovery Plan include, but are not limited to, natural disasters, significant IT failures, cyberattacks, and any other events that significantly impact our operations. The decision to activate the plan will be made by OASIS’s Executive Director.

Roles and Responsibilities

Executive Leadership: Overall responsibility for BCDR planning and response.
BCDR Coordinator: Leads the development, implementation, and testing of the BCDR plan.
Department Heads: Ensure department-specific continuity plans are developed and integrated with the overall BCDR plan.
IT Department: Responsible for implementing disaster recovery procedures for technology infrastructure.
Communications Team: Manages all communications with staff, members, stakeholders, and the media.

Response Procedures

Initial Response

Assess the incident and its potential impact.
Activate the BCDR plan if necessary.
Establish a command center for coordination.

Communication

Notify staff, members, and other stakeholders of the incident and provide instructions.
Keep stakeholders updated on the status of recovery efforts.

Recovery Procedures

Implement recovery strategies for critical operations and IT systems.
Monitor recovery progress and make adjustments as needed.

Recovery Priorities
Identify critical services and operations, along with their respective recovery time objectives (RTOs). Prioritize recovery efforts based on these objectives to ensure the most critical functions are restored first.

Testing and Maintenance

Conduct regular tests of the BCDR plan to ensure its effectiveness.
Review and update the plan annually or after significant organizational changes, incidents, or tests that reveal weaknesses.

Training
Provide ongoing training for OASIS staff, and as needed members, on their roles in the BCDR plan to ensure everyone is prepared to respond effectively to incidents.

Risk Assessment Policy

Introduction
OASIS Open is committed to achieving its mission while safeguarding its members, staff, assets, and reputation against potential risks. This Risk Assessment Policy outlines our approach to identifying, evaluating, and managing risks across all areas of our operations. By implementing a structured risk assessment process, we aim to minimize the potential impact of risks on our organization and ensure the continuity of our services.

Scope
This policy applies to all aspects of OASIS’s operations and activities, including but not limited to our programs, projects, events, partnerships, and use of technology. It covers all members, staff, third party vendors, board members, and any other individuals or entities involved in our organization’s operations.

Policy Objectives

To identify and categorize potential risks that could affect the organization.
To evaluate the likelihood and potential impact of identified risks.
To develop and implement strategies to manage or mitigate risks.
To create a culture of risk awareness and proactive risk management among all staff and members.
To ensure compliance with legal and regulatory obligations related to risk management.

Risk Management Process

Risk Identification
Regularly identify and document potential risks that could impact the organization, including operational, financial, strategic, reputational, and compliance risks.

Risk Assessment
Evaluate the identified risks to determine their potential impact and likelihood. Use a standardized risk matrix to categorize risks and prioritize them for management.

Risk Mitigation
Develop and implement risk mitigation strategies for high-priority risks. Strategies may include avoiding, transferring, mitigating, or accepting risks, depending on their nature and potential impact.

Monitoring and Review
Regularly monitor the effectiveness of risk mitigation strategies and review the risk assessment process to ensure it remains relevant and comprehensive. Update risk assessments and strategies as necessary, especially when new risks are identified or when organizational changes occur.

Roles and Responsibilities

Board of Directors: Oversee the risk management process and ensure that risk management practices are integrated into strategic planning.
Executive Director: Ensure the implementation of the risk assessment policy, appointment of appropriate staff to roles as necessary, and the integration of appropriate risk management into all organizational activities.
Governance Committee (when delegated by Board): Supervise, and receive and evaluate staff reporting of, the risk management process, including risk identification, assessment, and mitigation activities.
All Staff: Participate in risk identification and management activities and comply with all risk mitigation strategies and procedures.

Training and Communication
Provide ongoing training and resources to staff and members to ensure they are aware of the risk management policy, understand their roles in the risk management process, and are equipped to identify and manage risks.

Policy Review and Update
This policy will be reviewed periodically or as needed to reflect changes in the organization’s operations, risk profile, or external environment. Revisions will be made to ensure the policy remains effective and relevant.

Contact Information
For questions regarding this policy or the risk management process, please contact OASIS’s Executive Director.

Data Security User Responsibilities Policy

Introduction
OASIS Open recognizes the importance of data security in protecting our information assets and technology infrastructure. This policy outlines the responsibilities of all users of OASIS’s information systems and networks, including staff, OASIS members, third party vendors, and any other users accessing our technology resources. Adherence to these responsibilities is essential for maintaining the security and integrity of our systems and data.

Scope
This policy applies to all users who have access to OASIS’s information systems, networks, and data. It covers all forms of technology resources owned or managed by the organization.

User Responsibilities

General Conduct

Secure Authentication: Safeguard login credentials and not share them with others. Use strong, unique passwords and change them regularly.
Data Protection: Handle all data, particularly sensitive or confidential information, with care and only access data necessary for your role.
Device Security: Ensure that any personal devices used for work purposes meet the organization’s security requirements.
Software Updates: Keep all software, including operating systems and applications, up to date to protect against vulnerabilities.

Acceptable Use

Internet and Email Use: Use the organization’s internet and email services appropriately and professionally, avoiding access to inappropriate websites or the transmission of offensive material.
Prohibited Activities: Do not engage in activities that could compromise the organization’s cybersecurity, such as installing unauthorized software on the organization’s systems,, disabling security features, or participating in hacking activities.

Incident Reporting

Immediate Reporting: Report any suspected cybersecurity incidents, phishing attempts, or security vulnerabilities immediately to the designated contact point within the organization.
Cooperation: Cooperate with any investigations or requests for information related to cybersecurity incidents.

Compliance and Legal Obligations

Policy Adherence: Comply with all relevant policies, procedures, and legal obligations regarding cybersecurity and data protection.
Training Participation: Participate in cybersecurity awareness and training programs provided by the organization.

Enforcement and Sanctions
Violations of this policy may result in disciplinary action, up to and including termination of access to OASIS resources, employment or contracts, legal action, and in the case of illegal activities, referral to law enforcement authorities.

Policy Review and Update
This policy will be reviewed periodically and updated as necessary to reflect changes in technology, cybersecurity threats, and legal and regulatory requirements.

Contact Information
For questions regarding this policy or to report a security incident, please contact OASIS’s Executive Director.

OASIS Participants Code of Conduct (14 October 2022)

Table of Contents

Our Pledge
Our Standards
Scope
Enforcement
Enforcement Guidelines
1. 3. Temporary Ban
2. 4. Permanent Ban
Appeals

Our Pledge

We, as members, contributors, and leaders pledge to do our best to ensure that participating in work at OASIS Open is free of harassment for everyone, regardless of physical, personal, professional, or cultural characteristics.

We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, healthy, and productive community.

Our Standards

Examples of behavior that contributes to a positive environment for our communities include:

Demonstrating empathy and kindness toward other people
Being respectful of differing opinions, viewpoints, and experiences
Accepting the consensus of the group after making our point if the collective decision does not go our way
Giving and gracefully accepting constructive feedback
Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
Focusing on what is best not just for us as individuals, but for the overall community

Examples of unacceptable behavior include, but are not limited to:

The use of sexualized language or imagery, and sexual attention or advances of any kind
Trolling, insulting or derogatory comments, and personal or political attacks
Public or private harassment
Publishing others’ private information, such as a physical or email address, without their explicit permission
Other conduct which could reasonably be considered inappropriate in a professional setting
Disparaging an organization, its activities, its employees, or its products and services within the context of OASIS-related activities

Enforcement Responsibilities

OASIS staff are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.

OASIS staff have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. Staff may also take action to sanction behaviors that it judges to be in violation of this code of conduct, up to and including expelling individuals from a project if, in their judgment, the circumstances warrant it.

Decisions or actions by OASIS staff are subject to appeal to the OASIS Board of Directors.

Scope

This Code of Conduct generally applies to the actions of individuals. It applies both within online spaces and in public spaces when an individual is participating in or representing the project or its community. Examples include using an official project e-mail address or mailing list, posting via an official social media account or chat, participating in a project meeting, or representing the project or OASIS at an online or in-person event.

What are the boundaries of the OASIS community?

There are no hard boundaries of the community, but common places we are asked to extend guidance to are:

Official project communication channels
Events and meetups
Media and web presences
Social media

In some cases, where individual social media messages or other activities not related to a specific project are reported to the OASIS staff, we might choose to act.

Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the OASIS staff at code-of-conduct@oasis-open.org. All complaints will be reviewed and investigated promptly and fairly and in confidence and will result in a response that is deemed necessary and appropriate to the circumstances. All parties involved in an incident are obliged to maintain confidentiality with regard to the reporter and the accused. Further details of specific enforcement policies may be posted separately.

All community leaders are obligated to respect the privacy and security of the parties involved in the incident.

Enforcement Guidelines

OASIS staff will generally follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct, though they may escalate more quickly if the circumstances appear to warrant it:

1. Correction

Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.

Consequence: A private, written warning from OASIS staff providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.

2. Warning

Community Impact: A violation through a single incident or series of actions.

Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, via any OASIS-provided or maintained mechanism (ie email lists, Github, Slack, etc.) for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.

3. Temporary Ban

Community Impact: A serious violation of community standards, including sustained inappropriate behavior.

Consequence: A temporary ban from any sort of interaction or public communication with members of the community via any OASIS-provided or maintained mechanism (ie email lists, Github, Slack, etc.) for a specified period of time, not to exceed one month. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.

4. Permanent Ban

Community Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.

Consequence: A permanent ban from any sort of interaction within the community. Removal from community tools like repositories or chat groups.

Appeals

Actions taken by staff under this policy may be appealed to the OASIS Executive Director and the Board of Directors.

An appeal must be sent to the board comment list (oasis-board-comment@lists.oasis-open.org) within 30 days of the action being appealed. The Board shall hold a hearing within 45 days of receipt of the appeal. The Board shall render its decision within 30 days of the hearing. The decision of the Board shall be final.

The OASIS Board of Directors has the authority to effect such remedial action as may be necessary to remedy a complaint.

OASIS Vulnerability Handling & Disclosure Policy

This version of the OASIS Vulnerability Handling & Disclosure Policy was approved by the OASIS Board of Directors on 14 June 2023 and became effective immediately.

For details on how the policy is implemented, see the Vulnerability Handling & Disclosure Process.

Table of Contents

1. Purpose
2. Definitions
3. Procedures
3.1 Receiving a report of a possible vulnerability
3.2 Notifying OASIS staff and responsible parties
3.3 Notifying affected stakeholders
3.4 Notifying reporting organizations
3.5 Forming a vulnerability response team
3.6 Setting up a secure workspace
3.7 Addressing the vulnerability
3.8 Approving the remediation
3.9 Disclosure
3.10 Addressing vulnerability reports when there is no Responsible Party
3.11 Security Researcher Hall of Fame
3.12 Legal Obligation

1. Purpose

The OASIS Vulnerability Handling and Disclosure Policy governs how OASIS committees and staff receive and address reports of potential vulnerabilities. Vulnerability disclosure helps implementers and users of technical work assess their risk, protect their systems and data, and prioritize defensive actions. It also helps establish OASIS work product as trustworthy and legitimate in the user and developer community.

This document ensures that OASIS members understand their role in responding to reports of potential vulnerabilities or flaws and have a clear set of directions for addressing such reports. It also addresses OASIS’s role in providing neutral oversight and ensuring that records of the actions taken are maintained comparable to that done for a committee’s routine work. The policy also addresses when and how such a record should be made public.

The procedures outlined in this document may temporarily suspend other requirements of OASIS policies, most notably those for transparency and public records of proceedings.

This policy provides:

guidelines on receiving and responding to reports of potential vulnerabilities;
guidelines and procedures for assessing and addressing reported vulnerabilities.

2. Definitions

Most defined terms in this document have the meaning provided in OASIS Defined Terms. Additional definitions specific to the OASIS Intellectual Property Rights (IPR) Policy can be found in that document.

Embargo period – a period of time during which a reported vulnerability is kept confidential by OASIS and the responsible party to allow a solution to be determined and disseminated to affected stakeholders.
Executive Session – closed meetings of members of the responsible party for purposes of addressing a report of a vulnerability without making its details public.
Flaw – synonym for “vulnerability.”
Remediation – the steps taken by a responsible party to assess, address, and propagate a fix to a reported vulnerability or the steps to be taken by stakeholders to implement the fix.
Responsible Party – An individual or set of individuals who ensure that the report is investigated and addressed. The Responsible Party is the person(s) in a position to make sure a response team is formed and gets the resources it needs. Generally, in the case of an OASIS Technical Committee, the Responsible Party consists of the TC Administrator, as well as the full TC led by the chair(s) of that Technical Committee. In the case of an OASIS Open Project, the Responsible Party consists of the Project Governing Board
Stakeholders – parties whose work product may be adversely affected by the vulnerability but who are not directly responsible for fixing it (for example, a vendor whose product implements an OASIS Standard), other members of a Technical Committee beyond the Responsible Party and the response team or the public in general.
Vulnerability – any element in a specification or technical implementation that could allow an implementation to be exploited in ways that violate its proper intended use.
Vulnerability response team or response team – people appointed by the full membership of the responsible party to remediate the flaw. May include non-OASIS members under conditions described in the following sections.

3. Procedures

3.1 Receiving a report of a possible vulnerability

OASIS members and staff have an obligation to receive, record, and act on any report or claim of a vulnerability in any OASIS work product or deliverable that is brought to their attention, whether the flaw seems feasible or not.

OASIS will provide the OASIS Vulnerability Disclosure Process and make it accessible from the OASIS home page, and provide SEO terms to make it easily discoverable via internet search.

An OASIS member or staff may receive a report of a vulnerability in a variety of ways: through the OASIS Vulnerability Disclosure Process, through communications to or within the TC, or through personal, private communications (i.e. by email or phone). Regardless of how a report is received, the recipient must act on it.

If it is not provided in the initial disclosure, the recipient of the report should attempt to collect:

The name, version, and a link to the standard, specification, site, package, or code module;
If possible, the recipient’s assessment of the vulnerability severity (low/medium/high);
Description of the vulnerability, including how it was found and if it can be exploited;
In the case of a vulnerability discovered in a standard or specification, any known implementations of the standard or specification that the vulnerability has been discovered on;
Steps to reproduce, if relevant and available;
The reporters contact information (name and email), unless the reporter requests to remain anonymous.

The recipient must acknowledge receipt of the information from the reporter within 72 hours. See the Vulnerability Disclosure Process for detailed instructions.

3.2 Notifying OASIS staff and responsible parties

The recipient of a vulnerability report must notify the responsible parties for the affected specification or technical work. In the event a report is not received via the OASIS Vulnerability Disclosure Process, the recipient must either enter the report via the Disclosure Process themselves, ask the reporting party to do so, or promptly notify a member of the OASIS staff so that they can add the report. Staff will coordinate with the recipient and responsible parties on the steps needed to respond.

If the recipient is not a member of a responsible party or does not expect to be directly engaged in remediation, OASIS staff will take over working with the responsible party. The recipient must keep the report confidential but otherwise shall have no further obligations regarding the reported vulnerability.

Details of the vulnerability must not be communicated via any means that could be publicly visible (for example, by an email to a committee mailing list).

The responsible party can be notified, in a regular or specially-called meeting, or via other secure communications channels accessible only by members of the responsible party and OASIS staff.

Disclosures of vulnerabilities are not to be made public, for example in meeting minutes. If the responsible party is notified in a meeting, the meeting may be organized and held in Executive Session so that the topic and discussion are kept confidential. OASIS staff must be invited to such a meeting, and minutes must be taken although they will not be required to be published on the committee mailing list as is normally required by section 1.7 of the OASIS Committee Operations Process. The minutes must note that work was taken in Executive Session.

OASIS staff will report regularly to the Executive Director and the OASIS Board of Directors that vulnerabilities have been reported. Details may be provided in a meeting of the Board but must not be shared via any means that could be publicly visible.

3.3 Notifying affected stakeholders

As part of its evaluation of the vulnerability report, the responsible party shall decide when and how to notify affected stakeholders. Depending on the potential severity of a flaw or the scale of implementations, the responsible party may choose to alert stakeholders immediately or may choose to wait until steps to remediate have been defined. The responsible party shall make reasonable efforts to locate and notify stakeholders, however neither OASIS nor the responsible party guarantee that all stakeholders can be located and contacted.

If notification of the vulnerability includes steps for implementing a fix, the responsible party may provide an embargo period before making the report public to enable affected stakeholders to implement the fix. Neither OASIS nor the responsible party shall have any obligation to confirm that all stakeholders have implemented the fix before making the reported vulnerability public.

The decision on when and how to notify stakeholders shall rest with the Responsible Party except for the reporting provision in section 3.9. However the OASIS Executive Director or Board of Directors may direct OASIS staff to report the vulnerability publicly if, in their opinion, continued secrecy presents an unacceptable risk of damage to affected stakeholders or to the reputation and standing of OASIS. OASIS staff may review and require changes to any written communication regarding the vulnerability and its remediation prior to its being sent.

3.4 Notifying reporting organizations

As part of its evaluation of the vulnerability report, the responsible party shall decide if, when, and how to notify vulnerability databases such as the NIST National Vulnerability Database (https://nvd.nist.gov/), MITRE’s Common Vulnerabilities and Exposures (CVE® ) (https://cve.mitre.org/), or Carnegie Mellon University Software Engineering Institute’s CERT/CC Vulnerability Notes Database (https://www.kb.cert.org/vuls/). Consideration should be given to notifying relevant industry and global reporting organizations. OASIS staff will assist in the decision on request.

3.5 Forming a vulnerability response team

The responsible party shall consult with members of the committee as a whole in order to decide who shall assess the reported vulnerability to determine whether it agrees that a flaw exists.

The responsible party may request additional information, such as proof of concept code, before reaching a conclusion. If the responsible party does not agree that the vulnerability exists or believe that it poses no clear risk to stakeholders, the party shall notify OASIS staff and prepare a response to the reporter. The response shall contain an explanation of the reasons the party disagrees with the report and include a statement of how to appeal the decision to OASIS staff following the same procedures described in section 3.2 Appeals in the OASIS TC Process. The party shall store a copy of the response in its archives but no further action will be required.

If the responsible party agrees that the flaw exists, it shall notify OASIS that remedial action is needed and form a vulnerability response team made up of members deemed to have the expertise and interest to identify, analyze, correct and document the fix to the flaw.

The responsible party may invite outside experts, including the reporter of the flaw, to assist in addressing the vulnerability if it deems such expertise necessary. The party must notify OASIS staff of their request. OASIS shall offer to such invited expert a temporary, no-cost membership in OASIS for the duration of the remedial work. The invited expert shall be required to sign the OASIS Membership Agreement and take whatever actions are necessary to become a Member of the responsible party (e.g. join an OASIS Technical Committee). If the expert declines to take these actions, they shall not be allowed to participate directly in the remedial work although they may offer input and feedback via approved OASIS feedback channels.

3.6 Setting up a secure workspace

Unless the vulnerability is determined by the responsible party to be minor and quickly resolved, OASIS shall set up a secure, private team workspace. The workspace will provide all the functions of the responsible party’s regular set of collaborative tools but it will only be visible only to the members of the team and OASIS staff supporting the work. The workspace shall be visible to members of the responsible party unless such visibility cannot be provided without exposing the contents to the public.

Team members shall follow the normally applicable OASIS processes while working in the secure workspace (e.g. meeting minutes, ballots). Team members should maintain appropriate professionalism while working in the private workspace and expect that any or all of its records could become public in the future.

3.7 Addressing the vulnerability

The vulnerability response team shall work together using the secure workspace collaboration tools to identify and document changes needed to fix the affected work product(s). One member of the team shall be assigned the duty of liaison to the full committee and the responsible party and shall provide regular, verbal updates on the work.

If the response team needs copies of documentation or code for its work, OASIS shall create private copies of the resources for the use of the team. These resources shall only be accessible and visible to the team during the remediation. Changes to these resources to be applied to the existing work of the TC shall be merged back once the report of the vulnerability has been made public.

The response team shall be responsible for communicating with other stakeholders as needed, for example to communicate how to address the flaw in their implementations. The response team shall take reasonable care to keep such communications private, however neither the response team, the responsible party, nor OASIS guarantee privacy.

3.8 Approving the remediation

When the response team deems its work to be finished, it shall prepare a final report that includes the fix(es) that address the vulnerability, and present the report to the full committee and the Responsible Party. The full committee shall determine how to incorporate the fix(es) into the committee’s work products. Approval requires the appropriate level of vote for the OASIS work product the vulnerability is being reported against. For example, a vulnerability fix for an issue discovered in a Committee Specification, requires a Special Majority Vote, while a vulnerability fix for an issue discovered in a Committee Specification Draft requires a Full Majority Vote.

Once the response team’s final report is presented to the committee, its role is ended.

Merging any proposed changes into work products developed by the committee shall proceed under the normal procedures followed by the party (e.g. working drafts of Technical Committee specifications).

3.9 Disclosure

In addition to the requirements of section 3.3 and 3.4 above, OASIS staff shall, after a maximum of 90 days, make information about the vulnerability publicly accessible, unless instructed not to do so by the Executive Director or the OASIS Board of Directors or external legal authority. If permitted, the disclosure may happen sooner on appeal from any member(s) of the responsible party, stakeholder, or in response to a legitimate legal demand.

OASIS may, at its discretion, issue a press release or provide other information on the vulnerability. However, OASIS shall not be required to make any formal public announcement or release of information regarding the vulnerability.

3.10 Addressing vulnerability reports when there is no Responsible Party

In the event that the party responsible for the work affected by the vulnerability report is closed or otherwise unavailable to respond, and no other group has taken responsibility for maintenance of the work, it shall be the responsibility of OASIS staff to determine how best to respond.

Staff shall have the responsibility to identify experts who can evaluate and address the flaw. OASIS shall make best efforts to assemble a response team and address the vulnerability however OASIS shall not guarantee that it can remediate the flaw.

3.11 Security Researcher Hall of Fame

Following the processes outlined in section 3.9, OASIS will create a Security Researcher Hall of Fame page, or optionally, attach it as an addendum on the page containing the OASIS Vulnerability Disclosure Process. Any researchers who submit first-of-a-kind vulnerabilities for which the processes outlined in sections 3.6, 3.7, 3.8, and 3.9 are executed, should be listed on this page if they desire.

OASIS reserves full and final judgment on which researchers may be listed on the Hall of Fame. Researchers may be added and removed from the Hall of Fame at any time on the sole discretion of OASIS.

3.12 Legal Obligation

OASIS commits to not pursue or support any legal action related to vulnerabilities disclosed according to the OASIS Vulnerability Disclosure Process, recognizing that OASIS can not make commitments on behalf of its membership.

OASIS Vulnerability Handling & Disclosure Process

This version of the OASIS Vulnerability Handling & Disclosure Process was approved by the OASIS Board of Directors on 14 June 2023 and became effective immediately.

This process implements the policies described in the Vulnerability Handling & Disclosure Policy.

Table of Contents

Process
Researcher Requirements
OASIS Obligations
Scope
Out of Scope

Process

Vulnerability reports should be reported to vulnerabilities@oasis-open.org. In the report, we request that you include:

The name, version, and a link to the standard, specification, site, package, or code module;
If possible, your assessment of the vulnerability severity (low/medium/high) using an industry standard mechanism such as CVSS v3;
Description of the vulnerability, including how it was found and if it can be exploited;
Steps to reproduce, if available;
If possible, any suggested suggestions, fixes, and/or patches;
How you would like to be credited (name, url or email) if this issue is accepted, or if you would prefer to remain anonymous.

Please send one plain-text email for each vulnerability you are reporting. We ask that you not submit your report using PDFs, HTML, word processor files, etc. as digital media can provide their own security concerns.

By submitting any vulnerability report to OASIS, you hereby grant to OASIS and all OASIS members a perpetual, irrevocable, non-exclusive, transferable, sub-licensable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit, distribute, and incorporate your submission or any parts thereof into standards, products, services, or test systems, without any further obligations or notices to you beyond those described in this document or in the OASIS Vulnerability Handling & Disclosure Policy.

Researcher Requirements

We require that all researchers:

Make every effort to avoid privacy violations, disruption or degradation of service to OASIS systems, and destruction of data during all security testing;
Perform research only within the various scopes set out below;
Use the identified communication channels to report vulnerability information to us;
Maintain confidentiality of any vulnerability you’ve discovered for 45 days, or until OASIS indicates that the vulnerability has been resolved. After 45 days, if OASIS has been unable or unwilling to provide a vulnerability disclosure timeline, the contents of the Report may be publicly disclosed by the Finder. We believe transparency is in the public’s best interest in these extreme cases

OASIS Obligations

If you follow these guidelines when reporting an issue to us, we commit to follow the OASIS Vulnerability Handling & Disclosure Policy. This policy includes but is not limited to:

Confirm receipt of your report within 72 hours;
Recognizing that OASIS can not make commitments on behalf of its membership, not pursue or support any legal action related to your research;
Work with you, relevant OASIS members, and, as appropriate, outside experts to understand and resolve the issue quickly if applicable, following the OASIS Vulnerability Handling & Disclosure Policy;
If applicable and desired, to recognize your contribution if you are the first to report the issue.

Scope

The scope of works covered by this process shall be any work on any OASIS-managed platform, including but not limited to:

The website https://oasis-open.org and all sub-properties;
OASIS Standards and Committee Specifications published at https://docs.oasis-open.org/ and https://docs.oasis-open-projects.org;
OASIS TC Work published at https://github.com/oasis-tcs;
OASIS Open Repositories published at https://github.com/oasis-open;
OASIS Open Projects published at https://oasis-open-projects.org/projects/.

Where projects already have vulnerability reporting policies or processes already in place, we encourage you to use those and consider this OASIS-wide process as a backup option.

The following test types are excluded from scope:

Any attempt to modify or destroy data;
Findings derived primarily from social engineering (e.g. phishing);
Findings from applications or systems not listed in the ‘Scope’ section;
Network level Denial of Service (DoS/DDoS) vulnerabilities or any other attempt to interrupt or degrade the services OASIS offers to its members, including impacting the ability for end users to use the service;
Any attempts to access a user’s account or private data;
Anything not permitted by applicable law, unless permitted by this document.

Out Of Scope

Implementations of OASIS standards and OASIS Committee Specifications that are not included in the Scope section above, regardless of their nature, including but not limited to commercial, freely available, or open source implementations. In these cases, the report should be made to the entity or organization who produces the product or implementation;
Any services hosted by third-party providers (which will be promptly submitted by OASIS staff to the contracted provider);
Anything else not explicitly named in the Scope section above.

Code of Conduct Incident Reporting and Response Process

Overview of the Code of Conduct workflow for OASIS staff when receiving and responding to an incident report.

Table of Contents

Incident reporting and response process
Incident Reports
Incident report workflow
Incident response workflow
1. Deciding on a Course of Action
2. Taking Actions and Communicating our Recommendations

Incident reporting and response process

This document outlines the workflow for OASIS staff when receiving and responding to an incident report falling under the Code of Conduct. As each report is unique, the process is described at a high level.

Incident Reports

What is an incident report?

An incident report or complaint is a description of an event, interaction, or public statement submitted to OASIS staff, which the reporter feels violates the Code of Conduct.

Who can submit a report?

OASIS accepts reports from anyone who interacts in an OASIS activity (OP, TC, etc.) with the project community, contributor or otherwise. This includes, but is not limited to, the following:

Contributors and maintainers
Members of the community Slack instance
Attendees and vendors at community events

Reports can be written or spoken and may be brought to any OASIS staff. OASIS must have a report to take action. At times, we may encourage community members to contact us if an incident is ongoing and we have not been contacted.

Where do private incident reports happen?

Incident reports may be made directly to any OASIS staff or sent to code-of-conduct@oasis-open.org.

How is the privacy of a report protected?

All incident-related discussions happen in private spaces between incident reporters and OASIS staff. Staff maintain the confidentiality of incidents to the extent permitted by law.

Where incidents relate to unintentionally or non-consensually publicly-visible content or messages, we may, or may request others to, delete that content to help preserve the privacy of involved parties.

Why does this process exist?

The reporting process exists to provide the community with mechanisms to keep people safe, and to ensure that poor behavior, regardless of who the initiator is, is not accepted.

OASIS staff have the authority and responsibility to address harms as needed and appropriate to restore community safety after any incident(s).

Incident report workflow

Initial triage

OASIS staff will respond to all reports in a timely manner, usually within a few days.

When an incident report is received, it is reviewed for severity. The initial member(s) review the report and determine severity and urgency. If necessary, we may alert other members and call for an urgent meeting, but in most cases, we discuss asynchronously and develop a response plan.

Recusal

Before beginning an investigation on an incident, staff members can recuse themselves from addressing the incident if they feel a relationship with someone involved may hinder their impartiality or create a perception of impropriety with respect to individuals involved in the reported incident.

Building a plan

The staff will privately discuss the incident report and may or may not decide that we need more information prior to determining whether to take any action.

We consider the following at this stage:

Do we need clarification from the reporter beyond the initial report?
Do we need clarification from other individuals who may have been involved in, or witnesses to, the incident?
Is there a public record of the incident which we can review, such as a chat log or video recording?
Are there any privacy or safety considerations that we must take into account? For example, if we reach out to an individual named in the report, could this jeopardize the safety of the reporter or other individuals?

Reaching out to involved parties

It is our intention to put as little emotional labor on those who have been harmed as possible, and to protect the safety (both physical and emotional) of all community members. We labor to be supportive and non-judgmental and to make the reporting process as safe and low anxiety as possible.

In all instances these clarifying discussions are confidential.

Clarifying discussions typically take the form of email, Slack DM, or Zoom meeting 1:1 between a staff member selected during our triaging of an incident report and the individual from whom clarification is sought. Staff may seek to include an observer/scribe agreed by both parties.

Incident response workflow

Deciding on a Course of Action

We do not act recklessly, and in deciding on a course of action, we work as a team to include diverse perspectives, support the immediate safety needs of our community members, and support the long-term health of this community.

Our decisions on a course of action are informed by the following goals:

Continuously working towards a community that is a safe and professional space in which individuals from any background can do their best work, authentically and free from harassment
Preferring non-punitive punishments when possible
Prioritizing the safety of individuals to support the overall health of the community
Prioritizing education and coaching for those involved, when possible
Prioritizing the protection of contributing members of a project over external parties. This does not mean that we protect people with a higher number of commits or more seniority in the project, however.

In general, the committee strives for unanimous consensus before taking an action.

For example, we may choose to do nothing, to issue a private warning, to offer coaching, to recommend organizational changes, or to ban someone from a community platform.

Taking Actions and Communicating our Recommendations

When we have decided on a course of action, we do the following:

We clearly communicate our decision to those who need to hear it, without violating the confidentiality of those who requested it during an investigative process (if one was undertaken).
If and only if it is needed, we may engage with OASIS leadership or outside counsel if necessary.

In rare cases, we might find it necessary to issue a public statement, either jointly or separately.

OASIS Participants Code of Conduct

The OASIS Board of Directors approved this revised Code of Conduct on 14 June 2023 (https://www.oasis-open.org/wp-content/uploads/2023/08/OASIS-Board-of-Directors-Quarterly-Meeting-Minutes-2023-06-14-Public.pdf)

The original Code of Conduct as approved 14 October 2022 can be found at https://www.oasis-open.org/policies-guidelines/oasis-participants-code-of-conduct/oasis-participants-code-of-conduct-14-october-2022/

Table of Contents

Our Pledge
Our Standards
Scope
Enforcement
Enforcement Guidelines
1. 3. Temporary Ban
2. 4. Permanent Ban
Appeals

Our Pledge

We, as members, contributors, and leaders of OASIS Open pledge, act and interact in ways that contribute to an open, welcoming, diverse, inclusive, healthy, and productive community.

We pledge to do our best to ensure that participating in work at OASIS Open is free of harassment for everyone, regardless of physical, personal, professional, or cultural characteristics or disagreements about technical or policy matters.

Our Standards

Examples of behavior that contributes to a positive environment for our communities include:

Being respectful of differing opinions, viewpoints, and experiences
Accepting the consensus of the group after making our point if the collective decision does not go our way
Giving and gracefully accepting constructive feedback
Demonstrating empathy and kindness toward other people
Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
Focusing on what is best not just for us as individuals, but for the overall community

Examples of unacceptable behavior include, but are not limited to:

Personal (ad hominem) attacks that emphasize the speaker rather than the message
Refusal to allow orderly statements of opposing points of view, within the reasonable time boundaries of group meetings or shared communication channels
The use of sexualized language or imagery, and sexual attention or advances of any kind
Trolling, insulting or derogatory comments
Public or private harassment
Publishing others’ private information without their explicit permission
Other conduct which could reasonably be considered inappropriate in a professional setting
Disparaging an organization, its activities, its employees, or its products and services within the context of OASIS-related activities
Promoting specific commercial or competitive solutions or products, to the exclusion of others. OASIS committees, boards and groups are intended to promote interoperability among multiple, independent implementations and services. In addition to members’ obligations under the OASIS Antitrust Guidelines, it is out of order for OASIS activities to express preferences for an exclusive or pre-emptive single solution, or to preferentially host or endorse a specific solution’s promotional statements. Any testing activities must be inclusive, based only on objective, functional criteria, without reference to a single product.

Enforcement Responsibilities

The chairs and conveners of OASIS committees, boards and groups are empowered to run their meetings, according to our applicable process rules, and to make reasonable agenda and speaking order decisions to facilitate those meetings. However, those chairs and conveners should seek assistance from OASIS staff when significant or repetitive inappropriate behaviors as described in this Code are encountered.

Decisions or actions by OASIS staff are subject to appeal to the OASIS Board of Directors.

Scope

What are the boundaries of the OASIS community?

There are no hard boundaries of the community, but common places we are asked to extend guidance to are:

Official project communication channels
Events and meetups
Media and web presences
Social media

In some cases, where individual social media messages or other activities not related to a specific project are reported to the OASIS staff as violating this Code, we might choose to act.

Enforcement

All community leaders are obligated to respect the privacy and security of the parties involved in the incident.

Enforcement Guidelines

1. Correction

Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.

2. Warning

Community Impact: A violation through a single incident or series of actions.

3. Temporary Ban

Community Impact: A serious violation of community standards, including sustained inappropriate behavior.

4. Permanent Ban

Consequence: A permanent ban from any sort of interaction within the community. Removal from community tools like repositories or chat groups.

Appeals

Actions taken by staff under this policy may be appealed to the OASIS Executive Director and the Board of Directors.

The OASIS Board of Directors has the authority to effect such remedial action as may be necessary to remedy a complaint.

OASIS Committee Operations Process (22 July 2020)

This version of the OASIS Committee Operations Process was approved by the OASIS Board of Directors on 22 July 2020 and became effective 01 December 2020. The change was announced in https://lists.oasis-open.org/archives/members/202011/msg00011.html

The previous version, approved 22 May 2018 and effective immediately, can be found at https://www.oasis-open.org/policies-guidelines/oasis-committee-operations-process/oasis-committee-operations-process-2018-05-22/.

Table of Contents

1. Committees
1.1 Purpose of Committees
1.2 Committee Formation
1.3 Committee Membership and Participation
1.3.1 Technical Committees
1.3.2 Open Projects and Project Governing Board
1.3.3 Member Sections
1.4 Chairs
1.5 Committee Visibility and Transparency
1.5.1 Mail Lists
1.5.2 Web Pages
1.5.3 Announcements
1.6 Operations
1.7 Meetings
1.8 Voting
1.9 Closing a Committee

1. Committees

1.1 Purpose of Committees

Work at OASIS is done primarily through its committees. An OASIS committee is a group of Eligible Persons comprised of at least Minimum Membership, formed and conducted according to the provisions of this Committee Process, any other applicable policy document such as the OASIS TC Process for Technical Committees, the OASIS Open Project Rules, the OASIS Member Section Policy, or Roberts Rules of Order Newly Revised.

Each current version of the OASIS Committee Process applies to previously established committees upon its adoption.

Participation in the work of committees is open to any interested person subject to any specific requirements for the type of committee.

Defined terms in this document have the meaning provided in OASIS Defined Terms. Other OASIS policies may also apply depending on the type of committee. The complete set of OASIS policy documents can be found at https://www.oasis-open.org/policies-guidelines.

1.2 Committee Formation

The detailed requirements for starting a committee vary depending on the type of committee. In general, however, beginning a committee requires:

1.2.1 At least Minimum Membership of Eligible Persons committed to participating in the work,

1.2.2 A charter or equivalent founding document submitted to OASIS describing what the committee intends to do and other conditions pertinent to its operation, and

1.2.3 A sequence of steps followed by OASIS staff to publicize the committee, encourage others to join and participate, and set up its required infrastructure support.

For the specific requirements to start an OASIS Technical Committee, see the OASIS TC Process Section 1.2 TC Formation. For the specific requirements to start an OASIS Open Project, see the OASIS Open Project Rules. For the specific requirements to start an OASIS Member Section, see section 4 Creating a Member Section in the Member Section Policy.

1.3 Committee Membership and Participation

The work of a committee is conducted by Members who voluntarily contribute in one or more defined roles. The rules for joining the committee, the specific activities members can perform, the commitments they make, and requirements they must fulfill in order to participate vary depending on the type of committee. The roles for each type of committee are summarized in this section.

A committee Member is considered to have resigned from a committee upon sending notice of their resignation to the committees general email list. For some committees, formal resignation may have bearing upon ongoing commitments the member may have made upon joining the committee.

Persons who lose Eligible Person status shall have their committee membership terminated. Persons who lose Eligible Person status for reasons including, but not limited to, change of employment shall have up to 14 days of membership as an OASIS Individual Member in which to re-establish eligibility and continue participating in the committee. A Member shall lose membership on the 15th day after losing Eligible Person status if it is not re-established.

Termination of membership in an OASIS committee shall automatically end all rights and privileges of participation including any voting rights in that committee.

1.3.1 Technical Committees

Membership, participation requirements, voting rights and other aspects of participating in an OASIS Technical Committee (TC) are explained in the OASIS TC Process beginning at section Section 1.4 TC Membership and Participation.

TCs operate with four types of role: Observer, Member, Voting Member, or Persistent Non-Voting Members. The following table summarizes these roles.

	Observer	Member	Persistent Non-Voting Member	Voting Member
Can attend meetings	YES	YES	YES	YES
Can participate in meetings	NO	YES	YES	YES
Receives email from TC list	YES	YES	YES	YES
Can send email to TC list	NO	YES	YES	YES
Can contribute documents, etc.	NO	YES	YES	YES
Can use JIRA, Wiki, etc.	NO	YES	YES	YES
Can gain voting rights	NO	YES	NO (must first become a Member)	N/A
Can lose voting rights	NO	NO	NO	YES
Has voting rights	NO	NO	NO	YES
Counts towards quorum	NO	NO	NO	YES
Can make & second motions	NO	NO	NO	YES
Is publicly listed on TC roster, minutes, etc	NO	YES	YES	YES
Is obligated by TC IPR Mode	NO	YES	YES	YES

1.3.2 Open Projects and Project Governing Board

Membership, participation requirements, voting rights and other aspects of participating in an OASIS Open Project and its Project Governing Board (PGB) are explained in the OASIS Open Project Rules beginning at Section 4 Participants and Contributors.

Open Projects operate with five types of role: Participant, Contributor, Maintainer, PGB Member, and Chair. The following table summarizes these roles.

	Participant	Contributor	Maintainer	Project Governing Board (PGB)	Chair
Functions
May provide comments and bug reports	YES	YES	YES	YES	YES
May submit pull requests	NO	YES	YES	YES	YES
Respond to pull requests, etc.	NO	NO	YES	NO	NO
Appoint and supervise Maintainer(s)	NO	NO	NO	YES	N/A
Authorize creation of repositories	NO	NO	NO	YES	N/A
Approve releases	NO	NO	NO	YES	N/A
Approve submissions of qualifying releases for Project Specification approvals (as defined below)	NO	NO	NO	YES	N/A
Approve external submissions of its OASIS Standards (if any) to de jure standards bodies	NO	NO	NO	YES	N/A
Elect Chair	NO	NO	NO	YES	N/A
Call and preside over any meetings	NO	NO	NO	NO	YES
Requirements
Must be OASIS Member	NO	NO	NO	YES	YES
Must sign Contributor License Agreement (CLA)	NO	YES	YES	YES	YES

1.3.3 Member Sections

An OASIS Member Section is a group within the consortium that advances the interests of a specific community or technology. The rules governing the formation, structure, and activities of a Member Section are explained in the Member Section Policy.

1.4 Chairs

Each committee must have a Chair or two co-Chairs. Only members of the committee are eligible to be Chair or co-Chair. A Chair is initially elected at the first meeting of a committee. The Chair is elected by Full Majority Vote of the committee. If a committee does not have a Chair then all activities, with the exception of the selection of a new Chair, are suspended. If a committee does not have a Chair for 120 days, the OASIS TC Administrator may close the committee.

The responsibilities of a Chair are as described in Roberts Rules of Order Newly Revised save for any specific responsibilities detailed in OASIS policy and rules documents.

The responsibilities of the Chair of a committee may be discharged by no more than two co-Chairs. The committee may vote at any time to elect a co-Chair, if only one Chair is seated, or to leave a second seat vacant. In the event that the Chair position is so shared each co-Chair is equally responsible for the Chair duties and responsibilities. Throughout this Committee Process, whenever a notification to the Chair is required, it must be made to both co-Chairs.

A committee Chair may be removed by action of the Board of Directors. A TC Chair may be removed at any time by a Special Majority Vote of the TC. A PGB Chair may be removed at any time by a Full Majority Vote of the PGB. In the event that a committee has co-Chairs, each may be removed individually or both may be removed by a single action.

A vacancy in chairing a committee shall be deemed to exist when (i) the Chair or one or both co-Chairs has been removed, (ii) the Chair or one or both co-Chairs has resigned the position, or (iii) the Chair or one or both co-Chairs ceases to be a member of the committee. Vacancies in chairing a committee shall be filled by election from the committee Members.

Every two years a Committee must re-appoint its chair(s). A call for candidates must be requested through the committee’s general email list inviting candidacy to be posted to that list. Committee members have 7 days after being notified to propose themselves as a candidate. All Committee members are eligible to apply including current and past chairs; no term limits apply. After the 7 Days candidacy period, if seats are contested, a ballot must be run to select the chair(s).

If no candidates come forward the work of the Committee must stop until a chair can be found.

For TCs, the timing of the process to re-appoint chairs should coincide with the TC Vitality check (Section 1.10) such that every four years the TC Charter and its chairs are reviewed.

Any provisions in the rules and policies applicable to a specific type of committee (such as Leaves of Absence for TCs) shall apply to the Chair or co-Chair of the committee in the same manner as they do to other committee members.

1.5 Committee Visibility and Transparency

The official copies of all resources of a committee and any associated subcommittees, including web pages, documents, email lists and any other records of discussions, must be located only on facilities designated by OASIS. Committees may not conduct official business or technical discussions, store documents, or host web pages on servers or systems not designated by OASIS. All web pages, documents, ballot results and email archives of all committees and subcommittees shall be publicly visible.

1.5.1 Mail Lists

Each committee shall be provided upon formation with a general discussion email list and a means to collect public comments.

All committee email lists shall be archived for the duration of the corporation, and all committee email archives shall be publicly visible.

For committees that hold meetings, the minutes of each meeting including a record of all decisions made shall be posted to that committee’s general email list.

The purpose of the committee’s public comment facility is to receive comments from the public. Comments shall be publicly archived.

1.5.2 Web Pages

OASIS shall provide each committee with a publicly accessible web page. The committee may keep the following information current on its web page: the committee name, charter, any standing rules and other adopted procedures, meeting schedules, anticipated deliverables and delivery dates, lists of members, the name and email address of the Chair or co-Chairs as well as other positions such as secretaries, editors, maintainers, etc., any subcommittees, links to the various works of the committee, and links to any IPR declarations made to the committee.

1.5.3 Announcements

OASIS shall maintain a publicly archived list for announcements from OASIS regarding its committees. Any Eligible Person shall be able to subscribe to this list. Every important change in committee status shall be posted to the announcement list. Such changes shall include but not be limited to: committee or project formation; committee charter revisions; start of public reviews; approval of work products such as Committee Specifications and Project Specifications; submission of specifications as a Candidate OASIS Standard; and approval or rejection of a proposed OASIS Standard.

1.6 Operations

Except where otherwise indicated by the rules and policies applicable to a specific type of committee, the operation of committees shall be governed by Robert’s Rules of Order Newly Revised, insofar as such rules are not inconsistent with or in conflict with this Committee Process, the OASIS Bylaws, other Board-approved policies, or with provisions of law. The duration of a committee shall be considered a single session. Formal actions of committees shall be governed by the same rules regardless of the language in which the work is taking place.

Standing rules may be adopted, amended, or rescinded by Full Majority Vote of a committee. The committee may not adopt standing rules or other Resolutions related to IPR, quorum requirements, membership, voting, participation, or that otherwise conflict with or supersede any OASIS Board-approved policy. Standing rules, and any amendments to them, must be communicated to the OASIS TC Administrator or Open Project Administrator as applicable, who may rescind them if they are in conflict with OASIS policy, and, in order to be enforceable, must be posted on the committee’s web page.

1.7 Meetings

Committee meetings must be properly called and scheduled in advance using the OASIS collaborative tools. Meetings scheduled or conducted in such a manner as to exclude the participation of any Member are subject to appeal. Meetings may be conducted face-to-face or via telephone conference or other electronic media that allow participation of all Members of the committee. In order to enable the openness of committee proceedings, meetings should be scheduled and conducted so as to permit the presence of as many participants as is logistically feasible. Meeting minutes must be recorded and posted to the committee’s general email list.

Individual attendance must be recorded in the meeting minutes. Without a Quorum present discussions may take place at a meeting but no Resolutions may be approved; those present may act as a “Committee of the Whole” as defined in Robert’s Rules of Order Newly Revised, and make a report to the entire committee. However, the foregoing rule does not prohibit the discussion of and initiation of calls for consensus addressed to committee members asynchronously. For committees that maintain voting rights, meetings without Quorum shall still count towards attendance for purposes of Members gaining, maintaining, or losing voting rights.

1.8 Voting

When a committee uses a vote as part of their Resolution or decision making process, all votes require a Simple Majority Vote to pass except as noted elsewhere in this document or in the rules applicable to the type of committee. Any votes requiring a Special Majority Vote for approval must be conducted by the OASIS TC Administrator.

Some types of committees require members to obtain voting rights before being eligible to vote on ballots. The rules governing obtaining and maintaining voting rights are described in the relevant rules document for those types of committees. Committees may not adopt rules governing voting or voting rights or the rights of members that conflict with or supersede any OASIS Board-approved policy.

For committees using voting rights, a Member must have voting rights at the time a ballot is opened in order to vote on that ballot. Proxies shall not be allowed in committee voting.

Committees may conduct electronic ballots. An electronic ballot may be conducted during a meeting using any tool available to the TC including email and the results must be recorded in the minutes. Electronic ballots outside of a meeting shall be made either by using the committee’s general mail list or the publicly archived electronic voting functionality provided by OASIS and must remain open for a minimum of 7 days. Eligible voters must be able to change their vote up until the end of the voting period.

1.9 Closing a Committee

Unless otherwise provided in the rules and policies applicable to a specific type of committee, a committee may be closed by Full Majority Vote of that committee, by Resolution of the OASIS Board of Directors, or by the OASIS TC Administrator, OP Administrator, or Member Section Administrator as applicable.

The relevant Administrator may close a committee that is unable to fill its Chair position for 120 days.

Unless otherwise provided in the rules and policies applicable to a specific type of committee, the relevant Administrator may close a committee whose membership falls below the Minimum Membership necessary or that fails to show activity or progress towards achieving its purpose for an extended period of time.

Open Project Rules (25 January 2022)

This version of the OASIS Open Project (OP) Rules was approved by the OASIS Board of Directors on 25 January 2022 and became effective immediately. The change was announced to OASIS members on 03 February 2022 in https://lists.oasis-open.org/archives/members/202202/msg00000.html

Table of Contents

1. Purpose of Open Projects

An OASIS Open Project (or Project) is a program hosted by OASIS for the development of code, specifications and other artifacts under open source licenses, under one or more of the Applicable Licenses listed in Section 15, and selected by the Project as specified below. OASIS Open Projects are conducted according to the provisions of these Rules. The OASIS Committee Operations Process provides general provisions concerning the operation of all committees that may apply to the work of a Project Governing Board (PGB). Certain defined terms used in this document have the meaning provided in the OASIS Defined Terms.

Any person or entity, whether or not an OASIS member, may participate in or contribute to a Project, as provided by these rules. Contributions, and the acceptance or merger of contributions into the Project’s work, are managed primarily through one or more open source Project Repositories (as defined in Section 8).

Projects operate under the administrative and process rules described in this document, and are administered by the OASIS Open Project Administrator designated by OASIS.

2. Project Formation

2.1 OASIS Open Projects are initiated by one or more organizations committed to being Project Sponsors and (optionally) persons who intend to make technical contributions to the Project. Any group of at least one or more Project Sponsors whose aggregate project sponsorship dues equal or exceed the minimum threshold established by a resolution of the OASIS Board of Directors, plus one or more named Contributors, may initiate a Project by submitting to the Open Project Administrator a Charter prepared using the Open Project Charter Template maintained and made available by the Open Project Administrator. Additional membership requirements apply to some approval activities as noted below. The Charter shall be written in English and provided to OASIS in electronic form as plain text. The name proposed for the Project shall be subject to approval by the Open Project Administrator for purposes of confirming infringement and appropriate use issues. If the proposed name includes a reference to an OASIS Technical Committee (TC) or specification title, or the name of another Open Project, then the approval of any open OASIS TC or Open Project who uses that name or has authored that specification is required in advance. No information other than that requested in the template may be included in the proposal. Any documents referenced in the proposal shall be publicly available.

The Charter must include a brief statement of purpose and a scope of work for the Project. The scope of work serves as a limit on the approval of Project Standards Track Work Products. The statement of purpose is only informative, not normative. The Charter also must state the number of Project Repositories initially requested to support the Project, and the Applicable License to be applied to each requested repository.

2.2 The Open Project Administrator shall reply in writing with its approval or other disposition of the proposal described above. OASIS shall post a public notice of each approved Project to its announced public mailing list.

2.3 After formation, the Charter of an Open Project may be amended only as provided in Section 5.6.

3. Roles of Parties in the Project

The work of a Project and its administration are conducted by parties who voluntarily contribute in one or more of the following defined roles: Contributor, Maintainer, Project Governing Board (PGB), Technical Steering Committee (TSC), and Chair. A detailed and definitive description of those roles follows in Sections 4, 5, 6 ,and 7 below. A table summarizing those roles can be found in the OASIS Committee Operations Process.

4. Contributors

4.1 Any person (whether or not an OASIS member) may participate in a Project as a Contributor by providing comments or bug reports to a Project Repository, subject to the licensing rules in Sections 14, 15 and 16 below.

4.2 Any person (whether or not an OASIS member) may agree to a Contributor License Agreement (CLA), as provided in the licensing rules below, as a prerequisite for acceptance of their pull requests or other substantive contributions. If a person who signs and submits an individual CLA indicates that they represent an entity, then that individual CLA will only be deemed effective if that entity has signed and submitted an entity CLA. The Project Governing Board and Maintainers shall only act on pull requests or other substantive contributions made by project Contributors who are listed in the OASIS system as having agreed to the relevant CLA. The Project shall maintain a record of all Contributors who have made contributions to a Project.

5. Project Governing Board and Project Sponsors

5.1 Overall guidance for the Project is provided by its Project Governing Board (or PGB). The PGB is composed of one voting member from each Project Sponsor who elects to appoint a PGB member, and at least one voting at-large expert representative from the community of contributors, elected or appointed by the Technical Steering Committee (TSC). The PGB may create additional PGB member seats for expert representatives to be elected by the TSC or appointed by the PGB.

A list of PGB members shall be maintained and posted at the general information web page designated by OASIS for the Project. Certain actions taken by the PGB require affirmative action by Project Approval Minimum Membership, as defined below.

5.2 PGB members must:

(a) have signed and submitted an individual CLA, and if appointed by an entity, that entity must have signed and submitted an entity CLA naming that project; and
(b) either (i) represent an organization that has paid the appropriate Backer dues for that Open Project or (ii) has been appointed or elected as an expert representative as provided above.

5.3 Project Approval Minimum Membership, where it explicitly is required for the PGB’s approval of an action under these rules, means at least two Project Sponsors seated on the PGB.

5.4 The PGB shall:

(a) select one or two Chairs and may replace and remove Chairs as provided in Section 7
(b) ensure there are one or more Maintainers for any Project Repository
(c) consult with the Maintainer(s) on technical decisions as described below
(d) establish and consult with its Technical Steering Committees (TSC)
(e) approve any Draft Project Specifications, Project Specifications, candidates for OASIS Standards or external submissions from the Project, as provided in Sections 12 and 13

Decisions by the PGB shall be made in a manner consistent with the requirements of Section 10.

5.5 Status as a PGB member who represents an organization accrues to the organizational Project Sponsor, and is transferable by that Project Sponsor from person to person, as evidenced by a notice in writing from its Primary Representative to the OASIS Open Project Administrator. A Project Sponsor may resign from PGB membership at any time, by notifying the Open Project Administrator and the PGB Chair(s) in writing.

5.6 The PGB may amend the Charter after the Project’s formation in the following manner:

(a) An amendment to the binding scope of work may only be made for the purpose of removing ambiguity or for narrowing the scope of work, and requires a Special Majority Vote of the PGB. Such an amendment may also at the PGB’s option update the statement of purpose, list of planned deliverables and/or list of repositories and licenses.
(b) Any amendment to other elements of the Charter may be made by a Full Majority Vote of the PGB, so long as and any additions to the list of deliverables are within the scope of
work.
(c) In any case, any amended Charter must comply with the requirements of Section 2.1, and shall not take effect until approved by the PGB and announced by the Open Project Administrator.

6. Technical Steering Committees

The PGB shall form a Technical Steering Committee (or TSC) by a resolution of the PGB. A Project’s TSC members shall be composed of the persons, selected in the manner, and chaired by such person as is provided by that resolution. The PGB must create and publish process documentation, outlining the requirements for joining and voting in the project’s TSC. The TSC shall have the duties to advise the PGB and such others as are specified by the PGB, so long as consistent with these Rules and OASIS policies. The following activities may not be delegated by the PGB, although it may consult with the TSC regarding them at the PGB’s option: election or termination of PGB Chairs, approval of any Releases, Group Releases, Project Specification Drafts, Project Specifications, and approval of candidates for OASIS Standards or external submissions.

TSC members must have signed and submitted an individual CLA, and if appointed by an entity, that entity must have signed and submitted an entity CLA. A list of TSC members shall be maintained and posted at the general information web page designated by OASIS for the Project. An individual may resign from TSC membership at any time, by notifying the Open Project Administrator and the Chair(s) in writing.

7. Project Chairs and Maintainers

7.1 The PGB shall select one or two of its members as Chairs by a Full Majority Vote, to coordinate and manage Project decision-making and logistics. The PGB may remove a Chair at any time by a Full Majority Vote. The Chair(s) of the Project shall:

(a) be responsible for the coordination and polling of any decisions of the PGB
(b) convene and make arrangements for any desired virtual or physical face-to-face meetings of the PGB and/or Contributors
(c) assist and support the Maintainer(s) as appropriate
(d) be responsible as the Project’s principal point of contact with OASIS staff and resources as needed
(e) manage or provide for the management of communications with Contributors, any liaisons and the public as may be desirable in support of the Project’s goals.

If a PGB does not have at least one Chair then all PGB activities, with the exception of the selection of a new Chair, are suspended. If a PGB does not have a Chair for 180 days, the Open Project Administrator may declare the PGB closed. After closure of the PGB, the Project may no longer take actions that require the approval of the PGB.

7.2 The PGB shall ensure that there are one or more Maintainers to serve as the principal editor(s) of the Project’s technical work managed within its Project Repositories. Maintainers shall exercise editorial responsibility over the contents of the Project’s repositories, including by:

(a) evaluating and responding to pull requests
(b) designating main or recommended branches of each repository
(c) designating deprecated branches or contributions.

Maintainers should act to carry out the technical consensus of the TSC, Contributors, and PGB, and may be removed by the PGB at any time, after notice to the Maintainer and the TSC, for failure to perform their functions as determined by the PGB. No contributed information or pull requests may be deleted from any Project Repository, due to the open nature of the Applicable Licenses and the Archival Permanence rules in Section 9.2. The appointment of a Maintainer survives the closure of the PGB, and thereafter the remaining Maintainer(s) or the Open Projects Administrator may appoint additional or replacement Maintainers.

8. Repositories and Project Tools

8.1 OASIS will support official repositories for each Project (Project Repositories) using tools selected by staff that are clearly marked as a distinct resource. The repositories listed in the Project’s Charter will be opened by OASIS staff in connection with the Project’s launch. Subject to the requirements of this Section 8, subsequent Project Repositories may be opened by (a) a decision of the PGB, or (b) if the PGB elects to adopt a Standing Rule that permits it, then a TSC or a designated maintainer may also do so. However, adding new Applicable Licenses requires PGB approval: any Project Repository that applies an Applicable License (as provided in Section 15.1) that is already not in use in other Repositories of that Project must first be approved by a Special Majority Vote of the PGB.

8.2 Each Project Repository will serve as a distinct open source project, including issue tracking, comment facilities, and such other facilities as are normally available by default.

8.3 The Project’s official Project Tools include the Project’s Repositories and these additional tools: A principal web page for each Project, which may be the home resource page of the Project’s first Project Repository, and optionally, one or more mailing lists for administration of the Project. Subscription to such lists, which shall be subject to the OASIS Mailing List Guidelines, shall be open to anyone.

9. Visibility and Archival Permanence

9.1 Visibility. Contributions, comments, decisions, records of decisions and all other resources of the Project, including web pages, documents, mailing lists and any other records of discussions, must be located only on the Project Tools designated or authorized by OASIS. Projects may not conduct official business or technical discussions, store documents, or host web pages on servers or systems not designated by OASIS. All Project Tools shall be publicly visible, and all threaded and mail list discussions shall be publicly archived.

9.2 Archival Permanence. OASIS warrants that it will not inhibit open and free access to all of the material contributed to each Project Repository, as open and freely available resources. This warranty is perpetual and will not be revoked by OASIS or its successors or assigns; however, neither OASIS nor its assigns shall be obligated to:

(a) perpetually maintain its own existence, nor
(b) provide for the perpetual existence of a website or other public means of accessing such material, nor
(c) maintain any material which it is legally required to remove from publication.

Some contributed material may be treated as superseded or deprecated by Maintainers or by version control methods, as provided in these rules, but neither Maintainers nor any other party shall delete content. The original form of each contribution shall continue to be available for review, and use according to its licensure, through appropriate version control or document management methodologies.

9.3 Repository Lifecycle. Once a Project Repository has been created, it will remain open as a resource for public use and reference, and continuing repository contributions or comments, regardless of closure of the Project, under the Archival Permanence rule above, with such remaining Maintainers as may have been appointed.

9.4 Announcements. The Open Project Administrator shall create a publicly archived, subscribable list for announcements and public notices from OASIS regarding Open Projects. Every important change in Project status shall be posted to that list, including Project formation; opening of a new Project Repository; Releases; Group Releases; Draft Project Specifications; Project Specifications; Candidate OASIS Standards; and proposed external submissions.

10. Project Governance: Decisions and Meetings

10.1 Decisions by the PGB regarding the matters allocated to them by these rules normally should be made after reasonable notice to and consultation with the Project’s Contributors, and should be made by consensus except in cases where a specific majority vote is required by these rules. The Chair(s) of the Project are responsible for conducting and administrating the decision processes of the PGB and the Project, consistent with these rules.

10.2 Meetings of the PGB and any TSC must be properly called by the Chair(s) and scheduled in advance using the OASIS collaborative communication Project Tools. Meetings may be conducted face-to-face or via telephone conference or other electronic media that allow participation of all PGB members. In order to enable the openness of proceedings, meetings also should be scheduled and conducted to permit the presence of as many Contributors as is logistically feasible. A note of each meeting’s outcomes must be posted to a publicly accessible location provided by OASIS. Meetings or decisions scheduled or conducted so as to exclude the participation of any PGB member or Contributor are subject to appeal to the Open Project Administrator.

10.3 Electronic ballots of the PGB, when required by these rules, must be conducted on facilities provided or approved by OASIS, and must remain open for a minimum period for seven days. The Chair(s) may specify a longer voting period for a particular electronic ballot. Eligible voters may change their vote up until the end of the voting period.

11. Progression of Project Work

11.1 In addition to making available the contributions provided by Contributors, via their Project Repositories, Projects may designate specific portions of their output as official Releases, Group Releases, Project Specification Drafts or Project Specifications, and nominate them for further advancement, on the terms set forth in Sections 11, 12, 13 and 14.

12.2 Where the PGB or a consensus among the Contributors indicates that a specific set of contributions should be formally considered as a Release, Group Release, Draft Project Specification or Project Specification, then in preparation for that consideration, the Maintainers shall arrange the relevant material in the relevant Project Repository or repositories so that the set can be accessed and referenced as a distinct branch (a Designated Branch).

12. Releases and Group Releases

12.1 Releases. The PGB may act to approve a Designated Branch as an official Release of the Project, after giving notice to all Contributors via the Project Tools at least fourteen days prior to initiating a PGB vote or consensus call. Such approval decisions are subject to the process, notice and transparency provisions of these rules. Any product of the Project that is composed from contributions to the Project Repositories, of any nature, is eligible for approval as a Release of the Project.

12.2 Group Releases. When desirable to aggregate outputs, the PGB may act to approve any set of the Project’s Releases or subsets of Releases as an official Group Release of the Project, after giving notice to all Contributors via the Project Tools at least fourteen days prior to initiating a PGB vote or consensus call. Such approval decisions are subject to the process, notice and transparency provisions of these rules. Group Releases may include multiple Releases that bear different Applicable Licenses. Aggregate contributions by Maintainers or others which are prepared as potential Project Specifications should instead be approved as Project Specification Drafts, as provided below.

12.3 Licensing. Releases and Group Releases bear only the license rights and covenants provided for each of the contributions included there, as evidenced by the relevant repositories’ Applicable License(s) and the CLAs.

13. Project Specifications

13.1 In order to progress a Release or Group Release by the Project as a Project Specification Draft (or PSD) or a Project Specification (or PS), the PGB and the contents of the release(s) must satisfy the additional criteria of this Section.

13.2 In order to be advanced through the approval process, a proposed Project Specification must conform to the Project Specification template provided by the Open Project Administrator, which includes methods for indicating the relevant Designated Branches and Applicable Licenses. Proposed Project Specification Drafts also should conform to that template, to the extent possible.

13.3 Project Specification Drafts. A PGB having at least Project Approval Minimum Membership may act to approve any set of contributions to the Project, including from its Releases or Group Releases, as an official Project Specification Draft, after giving notice to all Contributors via the Project Tools at least fourteen days prior to initiating a PGB vote or consensus call. Such approval decisions are subject to the process, notice and transparency provisions of these rules.

13.4 Project Specifications. A PGB having at least Project Approval Minimum Membership may act to approve any Project Specification Draft as a Project Specification, by satisfying each of the following requirements:

(a) Written notice of that nomination must be given by the PGB to all those involved with the Project and the Open Project Administrator at least fourteen days prior to initiating a ballot. The ballot must be conducted by a Special Majority Vote of the PGB. The approval decision is subject to the process, notice and transparency rules set forth in these rules and the content requirements noted below.
(b) Any machine-executable instructions in a specific computer language (code) that are included in the Project Specification must be composed only of one or more Releases or Group Releases bearing Implementer-Class Licenses.
(c) Any guidance, descriptions, processes, models for the behavior of a system or service, or other content that is not machine-executable, and is included in the Project Specification, must be composed only of contributions (which may include Releases or Group Releases) previously made to a Project Repository.
(d) The proposed Project Specification will be subject to review and confirmation of conformance by the Open Project Administrator before the approval ballot is opened.

13.5 Upon successful conclusion of the Special Majority Vote, the Open Project Administrator must give public written notice thereof, which constitutes approval, and thereafter will publish the Project Specification to the OASIS Library.

13.6 Licensing. Project Specifications bear the license rights and covenants provided for each contribution included there, as evidenced by the relevant repositories’ Applicable License(s) and the CLAs, as well as the Specification NonAssertion Covenant. Project Specifications may bear more than one Applicable License, when composed from Releases or Group Releases from multiple Project Repositories that have different Applicable Licenses.

13.7 Implementations of all kinds are welcome (partial or complete; prototype, proof-of-concept, example, model, or reference implementations), provided that PGBs may not designate any single implementation of a Project Specification as exclusive or privileged.

14. OASIS Standard Approval and External Submissions

Project Specifications are eligible for and may be submitted for approval as OASIS Standards, under the following conditions:

(a) After three Statements of Use referencing the PS have been presented to the PGB, a PGB having at least Project Approval Minimum Membership may approve the PS as a candidate for OASIS Standard in the same manner, and subject to the same requirements, as apply to Committee Specifications as provided in Section 3.8 Approval of an OASIS Standard of the OASIS TC Process. Procedural requirements applicable to TCs in that rule apply to the PGB for this purpose, including the Special Majority Vote required to nominate a Project Specification for OASIS Standard. However, a candidate for OASIS Standard submitted by an Open Project shall be subject to the distinct licensing terms in these rules, and not the licensing terms in the OASIS IPR Policy for TCs.
(b) Upon a successful conclusion of that PGB vote and all other requirements, the OASIS TC Administrator shall proceed with public review and a call for consent as provided in Sections 3.8.2 and 3.8.3 of the OASIS TC Process. An OASIS Standard submitted by an Open Project and approved as provided above is eligible for further external submissions as provided in and subject to the requirements in the OASIS Liaison Policy. The PGB must have at least Project Approval Minimum Membership at the time of any such action or approval; the other procedural requirements applicable to TCs in that policy apply to the PGB for this purpose.

15. Repository and Specification Licenses

15.1 Applicable Licenses; Copyright Implementation Licenses. Each Project Repository will be subject to a declared Applicable License, selected from the list of licenses in this section. Each Contributor agrees in the CLA to grant the Applicable License designated for a repository to all contributions donated to that repository by posting it or requesting its inclusion in that repository, and to all Releases issued from that repository.

Anyone may offer comments to any Project Repository, on the terms of the foregoing licenses, as evidenced in the manner noted below. Anyone will be entitled to make use of the contents of a Project Repository, according to the terms of its Applicable License.

15.2 When requesting the creation of a Project Repository, the PGB must select that repository’s Applicable License from among the following list:

(a) Implementer-Class Licenses: Apache License v2.0; Eclipse Public License v1.0; Eclipse Public License 2.0; BSD-3-Clause License; CC-0; CC-BY 2.0; CC-BY 4.0; MIT License.
(b) Other available licenses: Community Data License Agreement v2.

Other widely-used free and open source licenses may be added to this list after review and acceptance by OASIS and amendment of these rules.

15.3 Special Covenants for Project Specifications. In addition to the Applicable License for each Project Repository, each Contributor also agrees in the CLA to provide the additional covenants in this Section 15.3, as non-assertion covenants in favor of certain Project Specifications (collectively the Specification NonAssertion Covenant):

Contributor Covenant for Specifications. As a Contributor, you irrevocably covenant that you will not assert any patent claims licensable by you that are necessarily infringed by an implementation of your contribution to the extent that contribution is included in a Project Specification approved by the Open Project to which you made the contribution, against OASIS or any other parties who the Applicable License benefits, for making, having made, using, marketing, importing, offering to sell, selling, and otherwise distributing works that Implement or Derive From your contribution.

PGB Covenant for Specifications. For any Project Repository whose Applicable License is an Implementer-Class License, if you (or your representative) are a member of that Open Project’s Governing Board, you irrevocably covenant that you will not assert any patent claims licensable by you that are necessarily infringed by an implementation of a Project Specification approved by that Open Project within the scope of work of its Charter in effect at the time such deliverable was approved, and any Maintenance Deliverable approved for it, against OASIS or any other parties who the Applicable License benefits, for making, having made, using, marketing, importing, offering to sell, selling, and otherwise distributing works that Implement or Derive From that Project Specification and are compliant with all normative portions thereof. If you withdraw from the PGB, then this obligation continues to apply, but only with respect to those Project Specification Drafts approved more than 7 calendar days prior to your withdrawal, and to any Maintenance Deliverables approved for those specifications thereafter.

Scope of Implementations Benefited. As used in this covenant, works that “Implement or Derive From” a contribution or specification include:

(a) specifications to the extent derived from code
(b) independent code implementations of a specification
(c) independent code implementations of a specification to the extent the specification is derived from code.

For purposes of this definition, “specifications” include documentation, data flows, data formats, application programming interfaces and process descriptions.

Withdrawal from Covenant. Your Specification NonAssertion Covenant may be suspended or revoked by you with respect to any person who alleges in writing or files a suit asserting that your Contribution, or the work to which you have contributed, constitutes direct or contributory patent infringement.

16. Trademarks

In order to incorporate a trademark or service mark into a Project, including its use in the name of an OASIS Open Project or any Release, or its inclusion in the body of such work, that mark must be:

(a) owned by OASIS; or
(b) otherwise as approved by the OASIS Board of Directors.

No person may use an OASIS trademark or service mark in connection with an Open Project, a Release or otherwise, except in compliance with the Applicable License for a Release or otherwise according to such license and usage guidelines as OASIS may from time to time require.

17. CLAs and License Notices

17.1 A Contributor License Agreement (or CLA) shall bind each donor of a repository contribution, issue or comment of any kind to the repository’s Applicable License. All Contributions to Project Repositories shall be subject to an Individual CLA, in the form of Appendix A-1 to these rules, by which all persons making those Contributions are bound. Where Contributions are made by or on behalf of an organization, the responsible individual will designate that organization in their Individual CLA, and that organization will be asked to provide an Entity CLA, in the form of Appendix A-2 to these rules. If that Entity CLA is not obtained, OASIS and the Project must decline contributions from that individual.

Project Sponsors who appoint a member to the PGB must provide an Entity CLA, and the persons appointed by them as PGB members must provide an Individual CLA in order to serve.

Members of OASIS who provide an Entity CLA must provide the signature (or assent) of their OASIS Primary Representative. Individuals who represent an organization also are required by the Individual CLA to obtain an Entity CLA for that organization.

17.2 While some nominal write-access privileges (such as adding issues and comments) may be granted automatically to the public by the Project Tools, only persons who have signed the CLA will be permitted to submit content other than comments or suggestions for Non-Material Changes.

17.3. Each person making a Project Repository contribution must be bound to the terms of the Individual CLA, by obtaining their signature (which may be an equivalent electronic assent) in a manner appropriate to the tools employed to implement that repository; and those signatures shall be recorded and maintained in an auditable manner. Organizational Entity CLA signatures must also be obtained, recorded and maintained in a similar manner.

17.4. Notices of the Applicable License applicable to each Project Repository shall be conspicuously visible both from each repository’s contribution channels (for potential submitters of material) and its home resource pages (for potential readers and users).

17.5 Each Repository and its contribution facility shall be conspicuously marked with the following Call for Patent Disclosure:

[OASIS requests that any party contact the OASIS Open Project Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of an OASIS Project Specification; and that any such claimant provide an indication of its willingness to grant a Specification Non-Assertion Covenant with respect to such patent claims, or otherwise to negotiate patent licenses free of charge with other parties on a non-discriminatory basis on reasonable terms and conditions.]

[OASIS may include such claims on its website, but disclaims any obligation to do so. OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in an OASIS Project Specification, or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights.]

18. Appeals and Application of Rules

The appeals process provided in Section 4.2 of the OASIS TC Process also shall apply to the actions of the OASIS Open Project Administrator, which may be appealed as provided therein.

Changes to these rules shall apply to previously-established Open Projects upon their adoption. However, OASIS may not change the terms of any signed CLA once it has been delivered to OASIS; if a change is required a new CLA must be executed.

Appendix A-1: Individual CLA

OASIS Open Projects: Individual Contributor License Agreement (CLA)

The text and links to file i-CLAs for Open Projects are available at https://www.oasis-open.org/open-projects/cla/oasis-open-projects-individual-contributor-license-agreement-i-cla/ .

Appendix A-2: Entity CLA

OASIS Open Projects: Entity Contributor License Agreement (CLA)

The text and link to file an e-CLA for an Open Project is available at https://www.oasis-open.org/open-projects/cla/entity-cla-20210630/.

Open Repository Guidelines and Procedures (27 April 2015)

The Open Repository Guidelines and Procedures were approved by the OASIS Board of Directors on 27 April 2015 and became effective on announcement on 21 September 2015 in https://lists.oasis-open.org/archives/members/201509/msg00003.html

Table of Contents

Overview OASIS TC Open Repositories are a distinct class of information and sharing portals (for example, a GitHub project), that can be set up to support and complement the work of an OASIS Technical Committee (“TC”). These repositories add the strengths of open source development to OASIS’ existing stable and well-recognized governance process.

1. REPOSITORY DEFINITION

An OASIS TC Open Repository (“TC Open Repository”) is a distinct facility operated by OASIS for collection of voluntarily contributed information relevant to the work of a specific TC, under the rules set forth in these procedures. TC Open Repositories may reside on third-party server resources. See REPOSITORY TOOLS below.

2. REPOSITORIES ARE INITIATED BY OASIS TCs

Any Eligible OASIS TC may create one or more TC Open Repositories at its election, by a simple majority vote of its membership, conducted in the same manner as is used to approve other administrative matters consistent with the OASIS TC Process (an “Administrative Vote”). TC Open Repositories may only be created by, and in connection with the work of, Eligible OASIS TCs.

An “Eligible OASIS TC” is a currently-active OASIS TC that is operating under the Non-Assertion, RF on Limited Terms, or RF on RAND IPR Mode as defined by the OASIS IPR Policy.

3. REPOSITORIES ARE SEPARATE FROM A TC’S SPECIFICATION WORK

TC Open Repositories created by a TC are separate and distinct resources from the TC’s specification work. Specification work, sometimes described as the TC’s work product, is governed by the OASIS TC Process, and available under the licensing terms of the OASIS IPR Policy. In contrast, TC Open Repository contents are governed by these rules, and available under an open source license as provided here. Because different licenses apply, there is no guarantee that the licensure of specific material in a TC Open Repository will be compatible with the licensing requirements of an implementation of a TC’s specification.

No TC member shall have any obligation to join, contribute to, or reference, any TC Open Repository. Members of an OASIS TC incur no other licensing or disclosure obligations by reason of any TC Open Repository, unless that member explicitly contributes to it under these rules. See REPOSITORY LICENSES AND LICENSING RULES below.

TC Open Repository contributions (“repo contributions”) and contents are not automatically also contributed to the TC’s Work Product as specification “Contributions” as defined in the OASIS IPR Policy. TC members may choose to use any contents of an Open repository in TC specification development, by taking the separate, additional step of offering that material as their own “Contributions” to the TC’s Work Product under the OASIS IPR Policy. Each member is responsible for determining the suitability of their own contributions.

4. REPOSITORY LICENSES AND LICENSING RULES

Each TC Open Repository will be subject to a declared “Applicable License,” selected from the list of licenses at the end of this section. The Applicable License for a repository will apply to all repo contributions donated to the repository, by posting it or requesting its inclusion in that repository. Anyone, whether an OASIS member or TC member or not, may contribute into a TC Open Repository, subject to the Applicable License, as evidenced in the manner noted in LICENSE TOOLS AND NOTICES below. Anyone (including but not limited to the TC that created it) will be entitled to make use of the contents of a TC Open Repository, according to the terms of its Applicable License.

The TC creating a TC Open Repository will select its Applicable License from among the following list: BSD-3-Clause License (which shall apply if the TC makes no license selection in its approval action); Apache License v 2.0; CC-BY 2.0; CC-BY 4.0; Eclipse Public License v 1.0. (OASIS periodically will review other widely-used free and open source licenses for inclusion in this list by amending these procedures.)

5. PURPOSE STATEMENT AND CONTENTS

Each TC Open Repository should have a purpose statement, indicating its intended contents or topic, declared by the TC that creates it, as part of its approval action. If the TC’s approval action specifies no purpose statement, then the purpose shall be any kind of information including examples, code, implementation details, bug reports, and actual, model or dummy content that may relate to the Work Products to be produced by that TC as defined in its charter.

6. ARCHIVAL PERMANENCE

OASIS warrants that it will not inhibit open and free access to all of the material contributed to each TC Open Repository, as open and freely-available resources. This warranty is perpetual and will not be revoked by OASIS or its successors or assigns; however, neither OASIS nor its assigns shall be obligated to: (a) perpetually maintain its own existence; nor (b) provide for the perpetual existence of a website or other public means of accessing such material; nor (c) maintain any material which it is legally required to remove from publication. Some contributed material may be treated as superseded by Maintainers or by version control methods. See REPOSITORY MANAGEMENT below. However, Maintainers shall not delete content; the original form of each repo contribution shall continue to be available for review, through appropriate version control or document management methodologies.

7. REPOSITORY MANAGEMENT

When a TC creates a TC Open Repository, it shall designate one or two TC members to act as its initial “Maintainer(s)”, by an Administrative Vote, to organize the material in that repository. Maintainers may exercise editorial organization of the contents of their TC Open Repository, including by classifying it, evaluating and responding to pull requests, designating main or recommended branches, and designating deprecated branches or material. However, no contributed information may be deleted from any TC Open Repository, due to the open nature of Applicable Licenses and the ARCHIVAL PERMANENCE rule. In cooperation with the community, the Maintainer(s) and the TC may select additional or successor Maintainer(s) to share responsibilities for the repository. See REPOSITORY LIFECYCLE below.

8. REPOSITORY TOOLS

OASIS will create and support TC Open Repositories using web resource tools, selected and configured by staff, that are clearly marked as a distinct resource, and under different Internet subdomains, from the Work Product of a TC conducted under the OASIS IPR Policy and TC Process. OASIS initially will create TC Open Repositories as either distinct GitHub projects, or distinct Subversion repositories. (OASIS periodically will review other widely-used tools, either hosted by OASIS or from appropriate and commercially-neutral third parties, for inclusion in this list of available platforms, by amending these procedures.)

9. LICENSE TOOLS AND NOTICES

Each TC Open Repository shall be subject to a Contributor License Agreement (“CLA”) by which all persons making repo contributions into it are bound. The CLA shall bind each donor of a repo contribution to the repository’s Applicable License and such other consistent terms as OASIS may require as a publisher to assure its availability. While certain nominal write-access privileges (such as adding issues and comments) may be granted automatically to the public by the tools, only persons who have signed the CLA will be permitted to contribute substantive content. Each person making a repo contribution must be bound to the terms of the CLA, by obtaining their signature (which may be an equivalent electronic assent) in a manner appropriate to the web resources tools employed to implement that repository; and those signatures shall be recorded and maintained in an auditable manner. Notices of the Applicable License or an appropriate link shall be conspicuously visible both from each repository’s contribution channels (for potential contributors of material) and resource pages (for potential readers and users). See the OASIS TC Open Repositories FAQ for details about the form and location of the notices.

10. REPOSITORY LIFECYCLE

Once a TC Open Repository has been created by an Eligible OASIS TC, it will remain open as a resource for public use and reference, and continuing contributions, after the OASIS TC is closed, under the ARCHIVAL PERMANENCE rule above, with such remaining Maintainers as may have been appointed. A TC may, if it so elects, designate a successor Eligible OASIS TC, by an Administrative Vote at any time prior to its closure, to assume its remaining responsibilities to its TC Open Repository.

No results with the selected filters