Fwd: [xspa-comment] Cross-Enterprise Security and Privacy Authorization

Subject: Fwd: [xspa-comment] Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of SAML v2.0 for Healthcare v2.0 from XSPA TC approved as a Committee Specification

Members of the Emergency Management TC, I just wanted to make sure you all saw this announcement in case it is relevant to any of the use cases you are dealing with.Â

Best,Â

/chetÂ

---------- Forwarded message ---------
From: Paul Knight <paul.knight@oasis-open.org>
Date: Thu, May 16, 2019 at 11:05 AM
Subject: [xspa-comment] Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of SAML v2.0 for Healthcare v2.0 from XSPA TC approved as a Committee Specification
To: <tc-announce@lists.oasis-open.org>, <members@lists.oasis-open.org>, <xspa@lists.oasis-open.org>, <xspa-comment@lists.oasis-open.org>, <security-services@lists.oasis-open.org>

OASIS Members and other interested parties,

OASIS is pleased to announce that Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of SAML v2.0 for Healthcare Version 2.0 from the OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) TC [1] has been approved as an OASIS Committee Specification.

The XSPA profile defines a set of SAML attributes and corresponding vocabularies for healthcare information exchange applications.

The core use-cases are the cross-enterprise exchange of protected data objects from a Service Provider (SP) to a Service Consumer (SC). In the scenarios, the request includes SAML attribute assertions that vouch for the identity of the requesting Principal and other attributes that are consequential in making the access control decision at the SPâs side.

In addition to the main use-cases, the attributes' name and values can be used in some other scenarios, such as including SAML Assertions to vouch for some of SPâs organizational attributes, or carrying the identity attributes of the signer of a data object.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of SAML v2.0 for Healthcare Version 2.0

Committee Specification 01

23 April 2019

Editable source (Authoritative):

https://docs.oasis-open.org/xspa/saml-xspa/v2.0/cs01/saml-xspa-v2.0-cs01.docx

HTML:

https://docs.oasis-open.org/xspa/saml-xspa/v2.0/cs01/saml-xspa-v2.0-cs01.html

PDF:

https://docs.oasis-open.org/xspa/saml-xspa/v2.0/cs01/saml-xspa-v2.0-cs01.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

https://docs.oasis-open.org/xspa/saml-xspa/v2.0/cs01/saml-xspa-v2.0-cs01.zip

Members of the XSPA TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:

[1] OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) TC

https://www.oasis-open.org/committees/xspa/

[2] Public reviews:

- 30-day public review, 29 April 2014:

https://lists.oasis-open.org/archives/members/201404/msg00010.html

- Comment resolution log:

https://docs.oasis-open.org/xspa/saml-xspa/v2.0/csprd01/saml-xspa-v2.0-csprd01-comment-resolution-log.xls

- 15-day public review, 27 March 2017:

https://lists.oasis-open.org/archives/xspa/201703/msg00006.html

- Comment resolution log:

https://docs.oasis-open.org/xspa/saml-xspa/v2.0/csprd02/saml-xspa-v2.0-csprd02-comment-resolution-log.txt