OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

openc2 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] [openc2] FYI OpenC2 in OASIS Tutorial at ITU SG17


I will be at that meeting as well.  I presented at the last ITU SG17 meeting on CTI and where are things are going with regards to security standards outside of the ITU and the ITU has since made a formal request to OASIS to adopt / wrap STIX and TAXII in ITU standards. 

However, per Chet, OASIS does not allow this until a standard has reached the level of an actual "OASIS Standard". A CS (Committee Specification) level is not sufficient.  So for STIX and TAXII that are both at a CS level for 2.0, this is a problem.  We are looking to see if we can move those, of the soon to be released 2.1 versions to a full OASIS standard.

Lets talk off list about getting together in Geneva to talk, I have lots I would like to talk with you about.


From: openc2@lists.oasis-open.org <openc2@lists.oasis-open.org> on behalf of duncan sfractal.com <duncan@sfractal.com>
Sent: Tuesday, January 8, 2019 3:05:33 PM
To: TC OpenC2
Subject: [EXT] [openc2] FYI OpenC2 in OASIS Tutorial at ITU SG17

The International Telecommunications Union (ITU) is the United Nations agency charged with, among other things, standardizing telecommunications interfaces. They are divided into “Study Groups” (SG) which are a collection of “questions” in a given area where a “question” is roughly analogous to an OASIS TC. SG17 is the security SG and it next meets in Geneva, Switzerland 21-Jan to 30-Jan. I am a member of the US delegation and I will be attending a portion of the meeting in Geneva.


One of the mandates to the ITU is to leverage (and not duplicate) the work done in other Standards Development Organizations (SDO’s). For example SG17 adopted Cybox and STIX from CTI (albeit they are still on STIX 1). I volunteered to give a tutorial on OASIS to SG17 and it is scheduled for 8:30-9:20AM local time in Geneva on Thurs Jan 24.


In my tutorial, besides speaking on OASIS in general and on the fact that CTI has moved to STIX2 so maybe ITU should also, I’ll talk about OpenC2 for 2-3 slides. I haven’t made them yet and I will circulate a link to them to this list once I make them (probably at last instant). I’d appreciate any pointers to existing slides and/or anyone who wants to help draft. And I’d appreciate any help on the other OASIS topics (eg STIX2, SARIF, CSAF, KMIP, ….) as well.


Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]