Current PAS mentor and information on ISO submission process as well as encouragement

["Stefan Hagen" <stefan@hagen.link>]

Dear TC nembers,

I forward the below encouragement and information about the ISO submission process 

to the list as input to our ongoing discussions.

All the best,

Stefan

----- Original message -----

From: David Filip <jtc1@davidf.org>

To: Stefan Hagen <stefan@hagen.link>, Norbert Bensalem <norbert_bensalem@fr.ibm.com>

Cc: "Schmidt, Thomas" <thomas.schmidt@bsi.bund.de>, "Omar Santos (osantos)" <osantos@cisco.com>

Subject: Re: Assessing possible submission of OASIS Standard CSAF v2.0 to ISO

Date: Wednesday, January 25, 2023 07:04

Hi Stefan, I am including Norbert Bensalem, who is actually the PAS mentor for OASIS

I am a PAS mentor too but OASIS is not my account, as PAS mentor. I am also ISO/IEC JTC 1/SC 38 [cloud computing] liaison to OASIS (this is how Ralf [Handl, OASIS OData TC Co-Chair] knows me, as I've been shuttling info between OASIS OData and JTC 1/SC 38), but that's not relevant for your envisaged transposition that would have to happen either as a PAS transposition at the JTC 1 level (recommended) or as a fast track at ISO/IEC JTC 1/SC 27 [privacy and security]. Even if you do transpose on the JTC 1 level and not the SC 27 level, you'd need to keep them informed as apparently CSAF would fall in their scope.

I think that CSAF is a great match with ISO/IEC JTC 1 and the PAS transposition process reasonably friendly and lightweight, but I Iet Norbert guide you 

Cheers dF

On Tue, Jan 24, 2023 at 11:13 PM Stefan Hagen <stefan@hagen.link> wrote:

Hello,

assuming you are the current liaison from ISO JTC1 to OASIS I am writing to you to kindly ask for some guidance.

I got this email address of yours from Ralf Handl (Co-chair of the OASIS OData TC) who kindly supported me.

In the OASIS Common Security Advisory Framework (CSAF) Technical Committee we currently assess,

where we best request submission of the OASIS Standard CSAF v2.0[1] from OASIS to ISO or ITU.

As we have members working with ITU already for many years there is an imbalance of information wealth

on how the actual submission works in ITU compared to ISO.

With this mail and the hopefully resulting responses I like to level the information to empower the

members of the committee to take the best decision.

One important question for us to find answers to is, to have an impression on what support

from our TC is expected during submission and voting phase in ISO.

Years ago as secretary of the OData TC I supported the OData submission to ISO and followed the

progress until the acceptance as ISO Standard(s).

I think at that time, the then co-chair of OData Ram Jeyaraman worked with people in JTC1 committee

at that time to shepherd the submission through.

Can you maybe shortly sketch how in your experience such collaboration looks like?

That would be much appreciated!

[1]: http://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html

Thanks a lot in advance and all the best,

Stefan

Written as Co-Editor of OASIS Standard CSAF v2.0 and member of the OASIS CAF TC.

Stefan Hagen, Emmetten, Nidwalden, Switzerland.

orcid: https://orcid.org/0000-0003-4206-892X

read: https://stefan-hagen.website

write: stefan@hagen.link

--

-dF