OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: CTI TC Adoption and Interoperability SCs



Building on Carol’s email from last week (attached), I wanted to restart the discussion relating to a couple of additional subcommittees within the CTI TC.  There has been a lot of great discussion around outreach/engagement/adoption and, to a lesser extent, interoperability.  I thought it might make sense to take a step back and look at all of these issues so that we might best allocate our scarce resources to the most pressing tasks at hand.  In addition, I want to make sure that we take full advantage of the services and resources that the professional staff of OASIS provides – one of the many benefits of having a full-time team in support of our activities.


On the outreach/engagement/adoption front, I believe the principal goal should be the empowerment of all TC members to be effective communicators of the work being done by the CTI TC without necessarily straying over the line into speaking on behalf of the CTI TC as a whole.  That can be accomplished in a number of ways including the development of whitepapers, briefing slides, “slick sheets” and other materials that, once approved by the CTI TC can be used by any organization that wants to convey the who, what, when, where and why of STIX/TAXII/CybOX.  Another valuable service of such a group would be to identify engagement opportunities such as conferences, other standards activities, workshops, etc. and bring these to the attention of the CTI TC to maximize the likelihood that our message is being conveyed wherever and whenever it is appropriate.  Finally, I could imagine that this group might identify real and/or perceived barriers to adoption (both technical and non-technical) and propose specific strategies to the TC to help overcome these barriers.  All of these activities would need to be coordinated with Carol and the OASIS marketing team to ensure consistency of message.  As Carol mentioned in her email, these activities could be accomplished in either a formal subcommittee of CTI TC members or a group that could include non-CTI TC members.


While adoption is critically important, it is moot unless we have an ecosystem of interoperable solutions.  This is a significant undertaking in its own right and should be separate and distinct from any adoption group or subcommittee in my opinion.  Carol gave us some great pointers to other TC’s within OASIS and I encourage everyone to peruse those.  I think that there is strong consensus in the community that a robust mechanism to determine, report and promote interoperability is urgently needed.  As such, an interoperability subcommittee might focus on defining what interoperability means for both data – STIX and CybOX and protocols – TAXII, both at the technical and at the process level.  The subcommittee would need to work closely with the STIX, TAXII and CybOX subcommittees to ensure that each of those efforts is delivering specifications that support and advance interoperability.  Additional activities that an interoperability subcommittee might take on in support of this include the creation of interoperability testing plans, the creation of test data sets, the use of STIX profiles to aid interoperability, the organizing of interop events and the definition of standardized approaches to documenting interoperability claims.  One big question I have is would the interoperability subcommittee actually verify claims of interoperability or would it simply provide the benchmarks that other organizations could employ to conduct such interoperability tests? 


This TC has a lot of new members that undoubtedly have experiences both within and outside OASIS that would be valuable to add to the discussion – please pipe up!   I’m looking forward to hearing everyone’s thoughts on these important topics.






Richard J. Struse


Chief Advanced Technology Officer

National Cybersecurity and Communications Integration Center (NCCIC) and

Stakeholder Engagement and Cyber Infrastructure Resiliency (SECIR)

Cyber Security & Communications

U.S. Department of Homeland Security

e-mail:  Richard.Struse@dhs.gov
Phone:  202-527-2361


--- Begin Message ---
As you discuss the possible creation of a CTI Outreach Subcommittee, let me offer a few insights into your options and what other TCs have done along these lines.

First, note that members of a SC must also be members of the main TC. If your SC is focused on interoperability, compliance, and adoption issues, then it's safe to assume the SC members will be technical and engaged in the TC. If the SC also wants to be involved in promoting adoption (via creating educational materials, planning events, coordinating conference presentations, etc.), then you may need to involve people with marketing responsibilities (and budgets); those people would not likely find value in being part of the main TC.

Other TCs have addressed outreach in a variety of ways:

The KMIP TC has an Interoperability SC that focuses on testing and verification activities including Interop demos and plugfests.

The DITA TC has a separate Adoption TC that produces white papers, webinars, instructional videos, and a community web site.

The CMIS TC has an associated Marketing Group (not a SC) that engages in communications and marketing activities to promote adoption. The Marketing Group brings together people who have direct responsibility for their organization's outreach activities including press and/or analyst relations, social media engagement, conference and expo participation, branding, training, etc. I work closely with this group, under the OASIS Media Relations Guidelines, as does Jane Harnad, the OASIS Events Manager.

Looking over the CTI Outreach thread, it seems you may be trying to accomplish too many things in one group. Your goals might be better served by a SC for Interoperability/Compliance and a separate marketing group that focuses on promotion, education, events, etc. The two groups could work closely with one another, with the main TC, and with OASIS support staff. Work produced (slide decks, white papers, etc.) could be submitted to the main TC for approval before publication.

My recommendation: draft bullets for the activities you intend to tackle in "Outreach" and what type of expertise is needed for each. A review of that list may clarify how and who should accomplish what. I'm happy to help.


Carol Geyer
Senior Director, OASIS

--- End Message ---

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]