OASIS CSAF TC,
As supplement to the memo from Chet Ensign [5] on "useful OASIS resources for your TC", this memo sends a reminder to the CSAF TC Members and Observers that OASIS provides two separate support offerings for the use of public GitHub repositories. Both are initiated by a TC request.
These two support offerings include these, as described below.:
(A) OASIS Open Repositories [ and]
(B) GitHub Repositories for TC Members Chartered work
The CSAF Inaugural Meeting slideset from Omar Santos [6], together with minutes from the first meeting [7], and Action Item [8], reference transition of the input "CVRF" specifications to a repository of type "B" -- "Create Github repository for standards track work", sub "Selection of Version Control System and Seeding with Contribution"
So OASIS Staff expects a request [4.c] in due time for the creation of an appropriate GitHub Repository for TC Members' Chartered work.
At the same, the CSAF TC members could determine to create a separate OASIS Open Repository -- one or more -- which would support open-source licensed deliverables that supplement specification development with running code -- proof-of-concept, reference implementation(s)... and thus promote adoption of the core CSAF specification(s). The open source licenses used by OASIS Open Repositories are especially well-suited to software, and the participation model allows for anyone (OASIS member or not) to contribute to development of the code or related assets. Participation in OASIS Open Repository projects is free.
Comparison: OASIS Open Repositories versus GitHub Repositories for TC Members Chartered work
A. OASIS Open Repositories
- with examples [1] and references [3]
a) anyone (OASIS member or not) may fully participate, including TC Members
b) input licensing governed by Individual Contribution License Agreement
c) outbound licensing governed by FOSS (open source) license: BSD-3-Clause, Apache, CC-BY, Eclipse
d) development practices and process governed by Open Repository Guidelines and Procedures
e) provides no direct support for public feedback to the TC itself
f) assets developed in the repository may be contributed to TC (Work Products) by a TC Member
B. GitHub Repositories for TC Members Chartered work
- with examples [2] and references [4]
a) substantive contributions expected only from TC member participants
b) input licensing governed by OASIS policies and agreements: IPR Policy, IPR Mode, Copyright
c) outbound licensing governed by OASIS policies for TCs
d) development practices and process governed by OASIS TC Process
e) supports public feedback to the TC, similar to the TC comment list, via Issues, Comments, Conversations
f) assets developed in the repository are automatically/inherently part of official TC work
Please feel free to direct any questions to me or to Chet Ensign
- Robin Cover
========================================================================
[1] OASIS Open Repositories: Examples
========================================================================
dita-lightweight
"Schema files, tools and documentation related to the Lightweight DITA Subcommittee"
dita-rng-converter.
"Providing cross-platform tools for generating DITA-conforming DTD- and XSD-format versions of RELAX NG DITA grammars: document type shells, vocabulary modules, and constraint modules. It makes it as easy as possible to develop and maintain DITA grammars by allowing use of RELAX NG syntax.
tosca-test-assertions
"Manages TOSCA Simple Profile in YAML templates and definitions that can be used to test TOSCA compliance using metadata (primarily the OASIS Test Assertion Markup Language) that describes the test and the expected behavior of the TOSCA tool or orchestrator"
legaldocml-akomantoso
"Schema files, examples, exemplificative implementations and libraries, and documentation related to the LegalDocML TC and Akoma Ntoso schema"
cti-stix2-json-schemas
"Non-normative schemas and examples for STIX 2"
cti-documentation
"GitHub Pages site for STIX, CybOX, and TAXII"
cti-stix-validator
"Validator for STIX 2.0 JSON normative requirements and best practices"
cti-pattern-validator
"Validate patterns used to express CybOX content in STIX Indicators"
cti-stix-visualization
"Lightweight visualization for STIX 2.0 objects and relationships"
cti-cybox3-json-schemas
"Non-normative schemas and examples for CybOX 3"
cti-marking-prototype
"Prototype for processing granular data markings in STIX"
cti-stix-elevator
"Convert STIX 1.2 XML to STIX 2.0 JSON"
cti-pattern-matcher
"Match STIX content against STIX patterns"
========================================================================
[2] GitHub Repositories for TC Members Chartered Work: examples
========================================================================
"Tools for producing API descriptions for OData services that adhere to the OpenAPI Specification"
"Standard vocabularies for annotating OData services"
"Object Model for XLIFF Versions 2.0 and higher"
"JSON serialization of the XLIFF Abstract Object Model"
"Official repository for the source files for the written DITA specification "
"Supporting version control for Work Product artifacts developed by members of the TC, including prose specification editing and UML diagrams generated by plantUML"
=========================================
[3] OASIS Open Repositories: References
========================================
OASIS Open Repositories: Overview
FAQ Document
Licenses
Guidelines
Individual CLA Form
===============================================================
[4] GitHub Repositories for TC Members' Chartered Work: References
===============================================================
OASIS TCs: GitHub Repositories for TC Members' Chartered Work
TC GitHub Repository: Documentation
c) TC GitHub Repository Request Form
============
Notes
============
[6] Omar Santos: Slideset
OASIS Common Security Advisory Framework (CSAF) Technical Committee Inaugural Call
Slide #2: Transition of Current CVRF Docs to GitHub
Slide #8: Transition of Current CVRF Docs to GitHub
- CVRF v1.1 Schema [ ]
ICASI PR: ICASI Transfers Development of Security Open Standard to OASIS
[7] Action Item
"Groups - Action Item "Create Github repository for standards track work" added
"Omar suggested that the previous work from the CVRF 1.1 spec be moved into a Github repository, there were also no objections and Richard Struse also voiced his recommendation to use Github"
[8] Minutes: OASIS Common Security Advisory Framework (CSAF) TC Inaugural Meeting #1
Nov 16, 2016
Acting chair: Omar
11. Selection of Version Control System and Seeding with Contribution
--
Robin Cover
OASIS, Director of Information Services