Invitation to comment on KMIP Specification v2.0 and KMIP Profiles v2.0 – ends May 25th

OASIS and the OASIS Key Management Interoperability Protocol (KMIP) TC are pleased to announce that two KMIP specifications are now available for public review and comment.

Key Management Interoperability Protocol Specification Version 2.0
Committee Specification Draft 02 / Public Review Draft 01
11 April 2019

Key Management Interoperability Protocol Profiles Version 2.0
Committee Specification Draft 02 / Public Review Draft 01
11 April 2019

What is KMIP and why is it important?

The Key Management Interoperability Protocol (KMIP) is a single, comprehensive protocol for communication between clients that request any of a wide range of encryption keys and servers that store and manage those keys. By replacing redundant, incompatible key management protocols, KMIP provides better data security while at the same time reducing expenditures on multiple products.

The KMIP Specification v2.0 is intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification.

KMIP Profiles v2.0 specifies conformance clauses that define the use of objects, attributes, operations, message elements and authentication methods within specific contexts of KMIP server and client interaction.

The documents and related files are available here:

Key Management Interoperability Protocol Specification Version 2.0
Editable source (Authoritative):
https://docs.oasis-open.org/kmip/kmip-spec/v2.0/csprd01/kmip-spec-v2.0-csprd01.docx
HTML:
https://docs.oasis-open.org/kmip/kmip-spec/v2.0/csprd01/kmip-spec-v2.0-csprd01.html
PDF:
https://docs.oasis-open.org/kmip/kmip-spec/v2.0/csprd01/kmip-spec-v2.0-csprd01.pdf
For your convenience, OASIS provides a complete package of the prose document and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/kmip/kmip-spec/v2.0/csprd01/kmip-spec-v2.0-csprd01.zip

Key Management Interoperability Protocol Profiles Version 2.0
Editable source (Authoritative):
https://docs.oasis-open.org/kmip/kmip-profiles/v2.0/csprd01/kmip-profiles-v2.0-csprd01.docx
HTML:
https://docs.oasis-open.org/kmip/kmip-profiles/v2.0/csprd01/kmip-profiles-v2.0-csprd01.html
PDF:
https://docs.oasis-open.org/kmip/kmip-profiles/v2.0/csprd01/kmip-profiles-v2.0-csprd01.pdf
Test cases:
https://docs.oasis-open.org/kmip/kmip-profiles/v2.0/csprd01/test-cases/
ZIP file:
https://docs.oasis-open.org/kmip/kmip-profiles/v2.0/csprd01/kmip-profiles-v2.0-csprd01.zip

How to Provide Feedback

OASIS and the KMIP TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts 26 April 2019 at 00:00 UTC and ends 25 May 2019 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=kmip)

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/kmip-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specifications, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specifications and the KMIP TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/kmip/

========== Additional references:
[1] https://www.oasis-open.org/policies-guidelines/ipr
[2] http://www.oasis-open.org/committees/kmip/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-RAND-Mode
RF on RAND Mode

Virtual I/O Device (VIRTIO) Version 1.1 from VIRTIO TC approved as a Committee Specification

OASIS is pleased to announce that Virtual I/O Device (VIRTIO) Version 1.1 from the OASIS Virtual I/O Device (VIRTIO) TC [1] has been approved as an OASIS Committee Specification.

This document describes the specifications of the “virtio” family of devices. These devices are found in virtual environments, yet by design they look like physical devices to the guest within the virtual machine – and this document treats them as such. This similarity allows the guest to use standard drivers and discovery mechanisms. The purpose of virtio and this specification is that virtual environments and guests should have a straightforward, efficient, standard and extensible mechanism for virtual devices, rather than boutique per-environment or per-OS mechanisms.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Virtual I/O Device (VIRTIO) Version 1.1
Committee Specification 01
11 April 2019

Editable source (Authoritative):
https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/tex/
HTML:
https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.html
PDF:
https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.pdf
Example driver listing:
https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/listings/

Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.zip

Members of the VIRTIO TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:
[1] OASIS Virtual I/O Device (VIRTIO) TC
https://www.oasis-open.org/committees/virtio/

[2] Public review:
* 30-day public review, 22 January 2019:
https://lists.oasis-open.org/archives/members/201901/msg00006.html
– Comment resolution log:
https://docs.oasis-open.org/virtio/virtio/v1.1/csprd01/virtio-v1.1-csprd01-comment-resolution-log.xls

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3380

Invitation to Comment on three Open Command and Control (OpenC2) Specifications – ends April 27th

OASIS and the Open Command and Control (OpenC2) TC are pleased to announce that three specifications in the OpenC2 suite are now available for public review and comment. This is the second public review for these specifications:
– Open Command and Control (OpenC2) Language Specification Version 1.0
– Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0
– Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0

OpenC2 is a suite of specifications to achieve command and control of cyber defense functions. These specifications include the OpenC2 Language Specification, Actuator Profiles, and Transfer Specifications. The OpenC2 Language Specification and Actuator Profile(s) focus on the standard at the producer and consumer of the command and response while the transfer specifications focus on the protocols for their exchange.

– The OpenC2 Language Specification provides the semantics for the essential elements of the language, the structure for commands and responses, and the schema that defines the proper syntax for the language elements that represents the command or response.
– OpenC2 Actuator Profiles specify the subset of the OpenC2 language relevant in the context of specific actuator functions. Cyber defense components may implement multiple actuator profiles. Actuator profiles extend the language by defining specifiers that identify the actuator to the required level of precision and may define command arguments for those actuator functions. “OpenC2 Profile for Stateless Packet Filtering” is the first OpenC2 Actuator Profile.
– OpenC2 Transfer Specifications utilize existing protocols and standards to implement OpenC2 in specific environments. These standards are used for communications and security functions beyond the scope of the OpenC2 language, such as message transfer encoding, authentication, and end-to-end transport of OpenC2 messages. “Transfer of OpenC2 Messages via HTTPS” is the first OpenC2 Transfer Specification.

Each specification would best be reviewed in the context of the overall suite of companion specifications.

The documents and related files are available here:

Open Command and Control (OpenC2) Language Specification Version 1.0
Committee Specification Draft 08 / Public Review Draft 02
04 April 2019

Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.md
HTML:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.html
PDF:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.pdf
Complete ZIP package of specification documents and related files:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.zip
******

Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0
Committee Specification Draft 05 / Public Review Draft 02
04 April 2019

Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.md
HTML:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.html
PDF:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.pdf
Complete ZIP package of specification documents and related files:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.zip
******

Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0
Committee Specification Draft 04 / Public Review Draft 02
04 April 2019

Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.md
HTML:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.html
PDF:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.pdf
Complete ZIP package of specification documents and any related files:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.zip

How to Provide Feedback

The TC requests reviewers reference their comments to the page and nearest line numbers in the PDF versions.

OASIS and the OpenC2 TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public reviews start 13 April at 00:00 UTC and ends 27 April 2019 at 23:59 UTC.

These specifications were previously submitted for public review, and the resolutions of all comments are included in log files [1]. This 15-day review is limited in scope to changes made from the previous review. Changes are also highlighted in red-lined PDF files [2].

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=openc2).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/openc2-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [3] applicable especially [4] to the work of this Technical Committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specifications and the OpenC2 TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/openc2/

========== Additional references:
[1] Previous public review:
– 30-day public review, 09 November 2018:
https://lists.oasis-open.org/archives/openc2/201811/msg00005.html
– Comment resolution logs:
OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd01/oc2ls-v1.0-csprd01-comment-resolution-log.pdf
OpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd01/oc2slpf-v1.0-csprd01-comment-resolution-log.pdf
Transfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd01/open-impl-https-v1.0-csprd01-comment-resolution-log.pdf

[2] Red-lined PDF versions:
OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02-DIFF.pdf
OpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02-DIFF.pdf
Transfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02-DIFF.pdf

[3] https://www.oasis-open.org/policies-guidelines/ipr

[4] https://www.oasis-open.org/committees/openc2/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

Invitation to comment on #XACML REST Profile v1.1 and JSON Profile of XACML 3.0 v1.1 – ends 05 June 2019

OASIS and the OASIS eXtensible Access Control Markup Language (XACML) TC [1] are pleased to announce that XACML REST Profile Version 1.1 and JSON Profile of XACML 3.0 Version 1.1 have been approved as Candidate OASIS Standards (COS) [2]. The two COS now enter a 60-day public review period in preparation for member ballots to consider their approval as OASIS Standards.

XACML is an OASIS Standard which describes both a policy language and an access control decision request/response language (both defined in XML). The policy language is used to describe general access control requirements, and has standard extension points for defining new functions, data types, combining logic, etc. The request/response language lets you form a query to ask whether or not a given action should be allowed, and interpret the result. XACML v3.0 is an international standard (ITU-T X.1144), approved by the International Telecommunications Union – Telecommunication Standardization Sector (ITU-T).

The REST Profile specification defines a profile for the use of XACML in a RESTful architecture.

The JSON Profile proposes a standardized interface between a policy enforcement point and a policy decision point using JSON, leveraging the decision request and response structure specified in the core XACML standard.

XACML REST Profile Version 1.1 was approved as a Committee Specification on 05 December 2018. The TC received 3 Statements of Use from ViewDS Identity Solutions, Axiomatics AB, and Siemens AG [3].

JSON Profile of XACML 3.0 Version 1.1 was approved as a Committee Specification on 05 December 2018. The TC received 3 Statements of Use from ViewDS Identity Solutions, Axiomatics AB, and Siemens AG [4].

The candidate specifications and related files are available here:

XACML REST Profile Version 1.1
Candidate OASIS Standard 01
28 March 2019

Editable source: (Authoritative)
https://docs.oasis-open.org/xacml/xacml-rest/v1.1/cos01/xacml-rest-v1.1-cos01.doc
HTML:
https://docs.oasis-open.org/xacml/xacml-rest/v1.1/cos01/xacml-rest-v1.1-cos01.html
PDF:
https://docs.oasis-open.org/xacml/xacml-rest/v1.1/cos01/xacml-rest-v1.1-cos01.pdf
ZIP: (complete package of the specification documents and any related files)
https://docs.oasis-open.org/xacml/xacml-rest/v1.1/cos01/xacml-rest-v1.1-cos01.zip

JSON Profile of XACML 3.0 Version 1.1
Candidate OASIS Standard 01
28 March 2019

Editable source: (Authoritative)
https://docs.oasis-open.org/xacml/xacml-json-http/v1.1/cos01/xacml-json-http-v1.1-cos01.doc
HTML:
https://docs.oasis-open.org/xacml/xacml-json-http/v1.1/cos01/xacml-json-http-v1.1-cos01.html
PDF:
https://docs.oasis-open.org/xacml/xacml-json-http/v1.1/cos01/xacml-json-http-v1.1-cos01.pdf
ZIP:
https://docs.oasis-open.org/xacml/xacml-json-http/v1.1/cos01/xacml-json-http-v1.1-cos01.zip

Public Review Period:
The 60-day public review starts 06 April 2019 at 00:00 UTC and ends 05 June 2019 at 23:59 UTC.

This is an open invitation to comment. OASIS solicits feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility as explained in the instructions located via the button labeled “Send A Comment” at the top of the TC public home page [1], or directly at:
https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=xacml

Comments submitted by TC non-members for these works and for other work of this TC are publicly archived and can be viewed at:
http://lists.oasis-open.org/archives/xacml-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of XACML REST Profile v1.1 and JSON Profile of XACML 3.0 v1.1, we call your attention to the OASIS IPR Policy [5] applicable especially [6] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

==============

[1] OASIS eXtensible Access Control Markup Language (XACML) TC
https://www.oasis-open.org/committees/xacml/

[2] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3356

[3] Statements of Use for XACML REST Profile Version 1.1
ViewDS Identity Solutions:
https://lists.oasis-open.org/archives/xacml/201902/msg00001.html
Axiomatics AB:
https://lists.oasis-open.org/archives/xacml/201902/msg00010.html
Siemens AG:
https://lists.oasis-open.org/archives/xacml/201902/msg00012.html

[4] Statements of Use for JSON Profile of XACML 3.0 Version 1.1
ViewDS Identity Solutions:
https://lists.oasis-open.org/archives/xacml/201902/msg00000.html
Axiomatics AB:
https://lists.oasis-open.org/archives/xacml/201902/msg00011.html
Siemens AG:
https://lists.oasis-open.org/archives/xacml/201902/msg00012.html

[5] http://www.oasis-open.org/policies-guidelines/ipr

[6] http://www.oasis-open.org/committees/xacml/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-Limited-Mode
RF on Limited Terms Mode

Invitation to comment on Digital Signature Service Metadata Version 1.0 – ends May 3rd

OASIS and the OASIS Digital Signature Services eXtended (DSS-X) TC are pleased to announce that Digital Signature Service Metadata Version 1.0 is now available for public review and comment.

The Digital Signature Services (DSS) specification defines JSON and XML structures and discovery mechanisms for metadata related to digital signature services.

The documents and related files are available here:

Digital Signature Service Metadata Version 1.0
Committee Specification Draft 01 / Public Review Draft 01
27 March 2019

Editable source: (Authoritative)
https://docs.oasis-open.org/dss-x/dss-md/v1.0/csprd01/dss-md-v1.0-csprd01.docx
HTML:
https://docs.oasis-open.org/dss-x/dss-md/v1.0/csprd01/dss-md-v1.0-csprd01.html
PDF:
https://docs.oasis-open.org/dss-x/dss-md/v1.0/csprd01/dss-md-v1.0-csprd01.pdf
JSON and XML schemas:
https://docs.oasis-open.org/dss-x/dss-md/v1.0/csprd01/schema/

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/dss-x/dss-md/v1.0/csprd01/dss-md-v1.0-csprd01.zip

How to Provide Feedback

OASIS and the OASIS Digital Signature Services eXtended (DSS-X) TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts April 4, 2019 at 00:00 UTC and ends May 3 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=dss-x).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/dss-x-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this Technical Committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the DSS-X TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/dss-x/

========== Additional references:

[1] http://www.oasis-open.org/who/intellectualproperty.php

[2] http://www.oasis-open.org/committees/dss-x/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-Limited-Mode
RF on Limited Terms Mode

No results with the selected filters