OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: XSPA Profile of XACML for Healthcare v1.0 Submitted for OASIS Standard Approval Ballot

OASIS Members:

The OASIS eXtensible Access Control Markup Language (XACML) Technical  
Committee has submitted the following specification, which is an  
approved Committee Specification, to be considered as an OASIS Standard:

Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of  
XACML v2.0 for Healthcare Version 1.0

The text of the TC submission is appended.

You now have until 15 October to familiarize yourself with the  
submission and provide input to your organization's voting  

On 16 October, a Call For Vote will be issued to all Voting  
Representatives of OASIS member organizations. They will have until  
the last day of October, inclusive, to cast their ballots on whether  
this Committee Specification should be approved as an OASIS Standard  
or not.

Members who wish to discuss this ballot may do so through member-discuss@lists.oasis-open.org 

In accordance with the OASIS Technical Committee Process, this  
Committee Specification has already completed the necessary 60-day  
public review period as noted in the submission below.

The normative TC Process for approval of Committee Specifications as  
OASIS Standards is found at

Any statements related to the IPR of this specification are posted at:

Your participation in the review and balloting process is greatly  


Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
twitter: fiberartisan #oasisopen
phone: 1.603.232.9090

(a) Links to the approved Committee Specification in the TC’s document  
repository, and any appropriate supplemental documentation for the  
specification, both of which must be written using the OASIS  
templates. The specification may not have been changed between its  
approval as a Committee Specification and its submission to OASIS for  
consideration as an OASIS Standard, except for the changes on the  
title page and running footer noting the approval status and date.

Editable Source:

(b) The editable version of all files that are part of the Committee  

(c) Certification by the TC that all schema and XML instances included  
in the specification, whether by inclusion or reference, including  
fragments of such, are well formed, and that all expressions are valid;

The required certification was made by the TC and is documented in the  
XACML minutes of 08-27-2009:

(d) A clear English-language summary of the specification;

This profile describes a Cross-enterprise Security and Privacy  
Authorization (XSPA) framework using the XACML core standard and  
specific attributes to satisfy requirements pertaining to information- 
centric security and privacy within the healthcare community.

(e) A statement regarding the relationship of this specification to  
similar work of other OASIS TCs or other standards developing  

The Cross-Enterprise Security and Privacy Authorization (XSPA) Profile  
of XACML v2.0 for Healthcare Version 1.0 is related to the work of the  
OASIS XSPA TC.  The profile has been demonstrated by members of the  
XSPA TC along with the work of the SSTC, specifically the Cross- 
Enterprise Security and Privacy Authorization (XSPA) Profile of  
Security Assertion Markup Language (SAML) for Healthcare Version 1.0,  
at the Healthcare Information and Management Systems Society (HIMSS)  
2009 conference.  The XSPA profile is consistent with the TP 20  
“Access Control Transaction Package” recognized by the Healthcare  
Information Technology Standards Panel (HITSP).

(f) The Statements of Use presented above;

Three Statements of Use from OASIS members successfully using or  
implementing the Cross-Enterprise Security and Privacy Authorization  
(XSPA) Profile of Security Assertion Markup Language (XACML) for  
Healthcare Version 1.0:
Sun Microsystems:
Red Hat:

(g) The beginning and ending dates of the public review(s), a pointer  
to the announcement of the public review(s), and a pointer to an  
account of each of the comments/issues raised during the public review  
period(s), along with its resolution;

The XSPA profile of XACML has gone through 60 day public review (12  
Jan - 13 Mar 2009), announced in:

A link to the public comments and resolution is consolidated in a  
spreadsheet at the bottom of the e-mail message below:

(h) An account of and results of the voting to approve the  
specification as a Committee Specification, including the date of the  
ballot and a pointer to the ballot;

The ballot to make the profile a Committee Specification was approved  
by special majority on 24 August 2009.  A pointer to the result of the  
ballot is below:

(i) An account of or pointer to votes and comments received in any  
earlier attempts to standardize substantially the same specification,  
together with the originating TC’s response to each comment

There were no earlier attempts to standardize substantially the same  
specification other than those described above.

(j) A pointer to the publicly visible comments archive for the  
originating TC;


(k) A pointer to any minority reports delivered by one or more Members  
who did not vote in favor of approving the Committee Specification,  
which report may include statements regarding why the member voted  
against the specification or that the member believes that Substantive  
Changes were made which have not gone through public review; or  
certification by the Chair that no minority reports exist.

There were no negative votes cast on the final ballot and no minority  
reports were submitted during the process.

Hal Lockhart
Bill Parducci
Co-Chairs XACML TC

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]