OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: CTI TC Adoption and Interoperability SCs

All, (in response to Rich's post below)

I agree with everything Rich is stating here and also support Carol's suggestions on separate Outreach & Interoperability SCs. Regarding outreach and general engagement we need most, if not all, TC members acting as individual evangelists to continue driving standards adoption vs. empowering one or a small group of individuals to act as spokespersons. Rich had very solid specific suggestions on this SC.

In that same regard to interoperability, to answer Rich's question, I'd suggest that an "Interoperability" SC develop a step-by-step benchmark verification approach that could be performed by any TC member. That approach would not overly burden any particular SC member(s) nor put any particular member(s) in an entitled position. It would require a certainly level of open accountability, but I believe it could just as easily be managed.

In reference to my last post and the work we currently perform to validate standards implementation, I have more specific ideas on how a benchmark approach could be done, but will save until after the SCs are formed (unless the group is interested in hearing them now).


From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Struse, Richard <Richard.Struse@HQ.DHS.GOV>
Sent: Monday, July 6, 2015 7:20 AM
To: cti@lists.oasis-open.org
Subject: [cti] CTI TC Adoption and Interoperability SCs



Building on Carol’s email from last week (attached), I wanted to restart the discussion relating to a couple of additional subcommittees within the CTI TC.  There has been a lot of great discussion around outreach/engagement/adoption and, to a lesser extent, interoperability.  I thought it might make sense to take a step back and look at all of these issues so that we might best allocate our scarce resources to the most pressing tasks at hand.  In addition, I want to make sure that we take full advantage of the services and resources that the professional staff of OASIS provides – one of the many benefits of having a full-time team in support of our activities.


On the outreach/engagement/adoption front, I believe the principal goal should be the empowerment of all TC members to be effective communicators of the work being done by the CTI TC without necessarily straying over the line into speaking on behalf of the CTI TC as a whole.  That can be accomplished in a number of ways including the development of whitepapers, briefing slides, “slick sheets” and other materials that, once approved by the CTI TC can be used by any organization that wants to convey the who, what, when, where and why of STIX/TAXII/CybOX.  Another valuable service of such a group would be to identify engagement opportunities such as conferences, other standards activities, workshops, etc. and bring these to the attention of the CTI TC to maximize the likelihood that our message is being conveyed wherever and whenever it is appropriate.  Finally, I could imagine that this group might identify real and/or perceived barriers to adoption (both technical and non-technical) and propose specific strategies to the TC to help overcome these barriers.  All of these activities would need to be coordinated with Carol and the OASIS marketing team to ensure consistency of message.  As Carol mentioned in her email, these activities could be accomplished in either a formal subcommittee of CTI TC members or a group that could include non-CTI TC members.


While adoption is critically important, it is moot unless we have an ecosystem of interoperable solutions.  This is a significant undertaking in its own right and should be separate and distinct from any adoption group or subcommittee in my opinion.  Carol gave us some great pointers to other TC’s within OASIS and I encourage everyone to peruse those.  I think that there is strong consensus in the community that a robust mechanism to determine, report and promote interoperability is urgently needed.  As such, an interoperability subcommittee might focus on defining what interoperability means for both data – STIX and CybOX and protocols – TAXII, both at the technical and at the process level.  The subcommittee would need to work closely with the STIX, TAXII and CybOX subcommittees to ensure that each of those efforts is delivering specifications that support and advance interoperability.  Additional activities that an interoperability subcommittee might take on in support of this include the creation of interoperability testing plans, the creation of test data sets, the use of STIX profiles to aid interoperability, the organizing of interop events and the definition of standardized approaches to documenting interoperability claims.  One big question I have is would the interoperability subcommittee actually verify claims of interoperability or would it simply provide the benchmarks that other organizations could employ to conduct such interoperability tests? 


This TC has a lot of new members that undoubtedly have experiences both within and outside OASIS that would be valuable to add to the discussion – please pipe up!   I’m looking forward to hearing everyone’s thoughts on these important topics.






Richard J. Struse


Chief Advanced Technology Officer

National Cybersecurity and Communications Integration Center (NCCIC) and

Stakeholder Engagement and Cyber Infrastructure Resiliency (SECIR)

Cyber Security & Communications

U.S. Department of Homeland Security

e-mail:  Richard.Struse@dhs.gov
Phone:  202-527-2361


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]