Subject: XSPA Profile of WS-Trust for Healthcare v1.0 Submitted for OASIS Standard Approval Ballot
OASIS Members: The OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) TC has submitted the following specification, which is an approved Committee Specification, to be considered as an OASIS Standard: Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of WS-Trust for Healthcare The text of the TC submission is appended. You now have until 15 October 2010 to familiarize yourself with the submission and provide input to your organization's voting representative. On 16 October, a Call For Vote will be issued to all Voting Representatives of OASIS member organizations. They will have until the last day of October, inclusive, to cast their ballots on whether this Committee Specification should be approved as an OASIS Standard or not. Members who wish to discuss this ballot may do so through email@example.com. In accordance with the OASIS Technical Committee Process, this Committee Specification has already completed the necessary 60-day public review period as noted in the submission below. The normative TC Process for approval of Committee Specifications as OASIS Standards is found at http://www.oasis-open.org/committees/process-2009-07-30.php#OASISstandard Any statements related to the IPR of this specification are posted at: http://www.oasis-open.org/committees/xspa/ipr.php Your participation in the review and balloting process is greatly appreciated. Mary Mary P McRae Director, Standards Development Technical Committee Administrator OASIS: Advancing open standards for the information society email: firstname.lastname@example.org web: www.oasis-open.org twitter: @fiberartisan #oasisopen phone: 1.603.232.9090 ----- (a) Links to the approved Committee Specification in the TC’s document repository, and any appropriate supplemental documentation for the specification, both of which must be written using the OASIS templates. http://docs.oasis-open.org/xspa/ws-trust-v1.0/xspa-ws-trust-profile-cs-01.html http://docs.oasis-open.org/xspa/ws-trust-v1.0/xspa-ws-trust-profile-cs-01.doc http://docs.oasis-open.org/xspa/ws-trust-v1.0/xspa-ws-trust-profile-cs-01.pdf (b) The editable version of all files that are part of the Committee Specification; http://docs.oasis-open.org/xspa/ws-trust-v1.0/xspa-ws-trust-profile-cs-01.doc (c) Certification by the TC that all schema and XML instances included in the specification, whether by inclusion orreference, including fragments of such, are well formed, and that all expressions are valid; Certification appears in the August 5, 2010 minutes of the XSPA TC at: http://www.oasis-open.org/apps/org/workgroup/xspa/email/archives/201008/msg00020.html Wherein the minutes state: TC commented that the XML was well-formed and consistent with that used in the RSA 2010 InterOp of the profile. (d) A clear English-language summary of the specification; This specification describes a framework that provides access control interoperability useful in the healthcare environment. Interoperability is achieved using WS-Trust secure token request/response elements to carry common semantics and vocabularies in exchanges specified below. (e) A statement regarding the relationship of this specification to similar work of other OASIS TCs or other standards developing organizations; This specification uses the OASIS Standard, “WS-Trust, Version 1.3” (March 2007). The work was done in collaboration with the WS-SX TC where the work began as a work item before it was moved to the XSPA TC. The specification is consistent with the OASIS Standards, “Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare Version v1.0” (November2009) and “Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version v1.0” (November2009). (f) The Statements of Use presented above; IBM: http://lists.oasis-open.org/archives/xspa/201008/msg00006.html Oracle http://lists.oasis-open.org/archives/xspa/201008/msg00015.html Jericho Systems Corporation: http://lists.oasis-open.org/archives/xspa/201008/msg00007.html (g) The beginning and ending dates of the public review(s), a pointer to the announcement of the public review(s), and a pointer to an account of each of the comments/issues raised during the public review period(s), along with its resolution; The beginning and ending dates of the public review were: 27 April 2010 to 26 June 2010 http://lists.oasis-open.org/archives/xspa/201004/msg00015.html Link to Comment Resolution Log of all comments is at: http://lists.oasis-open.org/archives/xspa/201007/msg00004.html (h) An account of and results of the voting to approve the specification as a Committee Specification, including the date of the ballot and a pointer to the ballot; The result of the voting on the ballot to approve the specification as a Committee Specification (closing 2 September 2010) was: Five in favor, one abstention, and no negative votes. http://www.oasis-open.org/committees/ballot.php?id=1934 (i) An account of or pointer to votes and comments received in any earlier attempts to standardize substantially the same specification, together with the originating TC’s response to each comment; There has not been any earlier attempt to standardize substantially the same specification. (j) A pointer to the publicly visible comments archive for the originating TC; http://lists.oasis-open.org/archives/xspa-comment/ (k) A pointer to any minority reports delivered by one or more Members who did not vote in favor of approving the Committee Specification, which report may include statements regarding why the member voted against the specification or that the member believes that Substantive Changes were made which have not gone through public review; or certification by the Chair that no minority reports exist. As co-chair I certify that no minority reports exist.