OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

members message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Member Review of Proposed Submission of OASIS STIXâ v.2.1 and TAXIIâ v.2.1 to ITU-T Study Group 17 - ends 07 August


The members of the OASIS OASIS Cyber Threat Intelligence (CTI) TC [1] have requested that OASIS submit the following OASIS Standards:

1. STIXâ Version 2.1
OASIS Standard
25 January 2021

2. TAXIIâ Version 2.1
OASIS Standard
10 June 2021

to ITU-T Study Group 17 [2] for approval as proposed International Standards, updating ISO's approval of prior versions of those standards as ISO 15000:2004, parts 1-4. Â

The OASIS Liaison Policy [3] requires that management approve or reject the TC's request as meeting the policy's requirements. If it is accepted, the policy requires that this request be posted for member review for 30 days, for comment on the proposed terms, before transmitting it to ITU-T.

The specifications each were approved as OASIS Standards, and are available as described here:

1. OASIS STIXâ Version 2.1 (approved June 2021):
http://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html

2. OASIS TAXIIâ Version 2.1 (approved June 2021):
http://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html

The Request of the TCs meets all applicable criteria of the Liaison Policy, with one exception noted below, and is available here:
https://www.oasis-open.org/committees/download.php/70056/Request_to_advance_STIX2_1.docx

The exception relates to OASIS' IPR Policy, which generally prohibits any inclusion of third-party trademarks in a final standard. The STIX and TAXII standards do include a reservation of trademark rights [4] by the contributor of the original drafts, US DHS. OASIS did approve prior final versions of STIX and TAXII, with those reservations, by consenting to a waiver of that trademark rule, on the basis that the negotiated restrictions should not interfere with typical open standards usage, and noting that the licensor is not a competitive commercial entity, but rather has an interest in broad deployment. A similar waiver by the OASIS Board will be required, likely by the end of this review period, to submit the current versions, for the same reason, so this proposal is contingent on that Board waiver. OASIS has asked the original contributor to re-evaluate whether a continuing trademark restriction is necessary, as it may impede permission-less open source development, and will report any developments at the end of this review period.

Member Review Period:

The member public review starts 09 July 2022 at 00:00 GMT and ends 07 August 2022 at 23:59 GMT.

This is an open invitation to OASIS members to comment on the proposed terms of submission, described in the Request and above. Comments may be submitted by any OASIS member by directing them to the oasis-member-discuss@lists.oasis-open.org mailing list. Members should not need to subscribe to the list, as each member should be able to use it automatically. If you have a problem posting to it, let us know. Please direct any other questions to project-admin@lists.oasis-open.org.

Comments submitted to that list are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/oasis-member-discuss/

========== Additional references:

[1] OASIS CTI TC
https://www.oasis-open.org/committees/cti

[2] ÂITU-T Study Group 17
https://www.itu.int/en/ITU-T/studygroups/2022-2024/17/Pages/default.aspx

[3] ÂOASIS Liaison Policy:
https://www.oasis-open.org/policies-guidelines/liaison#submitwork

[4] ÂIPR reservations against STIX and TAXII:
https://www.oasis-open.org/committees/cti/ipr.php

--

ChetÂEnsign

Chief Technical Community Steward

OASIS Open

ÂÂÂ
+1 201-341-1393
chet.ensign@oasis-open.org
www.oasis-open.org


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]