Hello and happy new year Thomas! (and TC experts)
- On track record:
- ISO via various committees has ebXML (7 parts and revisions over 15 years) and XLIFF.
- ISO/IEC JTC_1 via PAS direct submission has AMQP, MQTT, OData (2 revs), and UBL (update underway), and in part ODF (see below)
- ISO/IEC JTC_1 through its committees structure has ODF (3 revs, update underway) and PMRM (in review).
- ITU through its SG17 has CAP (2 revs), SAML, XACML (2 revs), and STIX/TAXII (in review). ÂÂ
- There are a few more cooking, not announced yet;Â and there are some isolated cases of submissions elsewhere, such as when we shared/split standards with IEC, W3C, CEN, the UN, and others.
- Our Liaison Policy governs external submissions. We take the submitting TC's or OP's preferences into account, though there can be other concerns, like IPR fit (do the licenses adequately match the recipient host), receptivity (versus 'NIH' syndrome), and willingness to accept our published work without changes.
- In the case of CSAF, we're committed our best-known threat intelligence submissions to ITU-T. Subject to confirming their positive reception this Spring, a submission to its SG 17 might make the most sense. Our colleague Duncan Sparrell is acting as liaison to ITU for purposes of shepherding the STIX/TAXII submission, so he might be able to share more about CSAF's likely reception there.
- You asked about joint submissions. We've never seen it done successfully. Tthere are protocols for doing so, in annexes to the ITU-T and JTC_1 rules, but I am unaware of them being used in practice in our domain, and likely are more suitable to in-house development than approval of externally submitted works.
Cordially Jamie