The opening of the membership-wide XSPA ballots were
announced today (attached). I will put the announcements on the agenda
for tomorrow’s XSPA meeting and ask for support from member organization
outside the sponsoring SANL and XACML TCs.
David Staggs, JD, CISSP (SAIC)
Veterans Health Administration
Chief Health Informatics Office
Emerging Health Technologies
Office: 858 433 1473
Date: October 1,
2009 8:56:26 PM EDT
Subject: [security-services] XSPA Profile of SAML for Healthcare v1.0 Submitted
for OASIS Standard Approval Ballot
OASIS Members:
The OASIS Security Services (SAML) Technical Committee has
submitted
the following specification, which is an approved
Committee
Specification, to be considered as an OASIS Standard:
Cross-Enterprise Security and Privacy Authorization (XSPA)
Profile of
Security Assertion Markup Language (SAML) for
Healthcare Version 1.0
The text of the TC submission is appended.
You now have until 15 October to familiarize yourself with the
submission and provide input to your
organization's voting
representative.
On 16 October, a Call For Vote will be issued to all Voting
Representatives of OASIS member organizations.
They will have until
the last day of October, inclusive, to cast their
ballots on whether
this Committee Specification should be approved as
an OASIS Standard
or not.
Members who wish to discuss this ballot may do so through member-discuss@lists.oasis-open.org
.
In accordance with the OASIS Technical Committee Process, this
Committee Specification has already completed the
necessary 60-day
public review period as noted in the submission
below.
The normative TC Process for approval of Committee
Specifications as
OASIS Standards is found at
http://www.oasis-open.org/committees/process-2009-07-30.php#OASISstandard
Any statements related to the IPR of this specification are
posted at:
http://www.oasis-open.org/committees/security/ipr.php
Your participation in the review and balloting process is
greatly
appreciated.
Mary
Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the
information society
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
twitter: fiberartisan #oasisopen
phone: 1.603.232.9090
(a) Links to the approved Committee Specification in the TC’s
document
repository, and any appropriate supplemental
documentation for the
specification, both of which must be written using
the OASIS
templates. The specification may not have been
changed between its
approval as a Committee Specification and its
submission to OASIS for
consideration as an OASIS Standard, except for the
changes on the
title page and running footer noting the approval
status and date.
Editable Source:
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.doc
HTML:
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.html
PDF:
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.pdf
(b) The editable version of all files that are part of the
Committee
Specification;
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.doc
(c) Certification by the TC that all schema and XML instances
included
in the specification, whether by inclusion or
reference, including
fragments of such, are well formed, and that all
expressions are valid;
The required certification was made by the TC and
is documented in the
SSTC minutes of 08-25-2009:
http://lists.oasis-open.org/archives/security-services/200908/msg00083.html
(d) A clear English-language summary of the specification;
This profile describes a Cross-enterprise Security and Privacy
Authorization (XSPA) framework using the SAML core
standard and
specific attributes to satisfy requirements
pertaining to information-
centric security and privacy within the healthcare
community.
(e) A statement regarding the relationship of this
specification to
similar work of other OASIS TCs or other standards
developing
organizations;
The Cross-Enterprise Security and Privacy Authorization (XSPA)
Profile
of Security Assertion Markup Language (SAML) for
Healthcare Version
1.0 is related to the work of the OASIS XSPA TC.
The profile has been
demonstrated by members of the XSPA TC along with
the work of the
XACML TC, specifically the Cross-Enterprise
Security and Privacy
Authorization (XSPA) Profile of XACML v2.0 for
Healthcare Version 1.0,
at the Healthcare Information and Management
Systems Society (HIMSS)
2009 conference. The XSPA profile is
consistent with the TP 20
“Access Control Transaction Package” recognized by
the Healthcare
Information Technology Standards Panel (HITSP).
(f) The Statements of Use presented above;
Three Statements of Use from OASIS members
successfully using or
implementing the Cross-Enterprise Security and
Privacy Authorization
(XSPA) Profile of Security Assertion Markup
Language (SAML) for
Healthcare Version 1.0:
Jericho Systems
http://lists.oasis-open.org/archives/security-services/200908/msg00032.html
Red Hat:
http://lists.oasis-open.org/archives/security-services/200908/msg00031.html
Sun Microsystems:
http://lists.oasis-open.org/archives/security-services/200908/msg00035.html
(g) The beginning and ending dates of the public review(s), a
pointer
to the announcement of the public review(s), and a
pointer to an
account of each of the comments/issues raised
during the public review
period(s), along with its resolution;
The XSPA profile of SAML has gone through 60 day public review
(12 Jan
- 13 Mar), announced in:
http://lists.oasis-open.org/archives/tc-announce/200901/msg00011.html
A link to the public comments and resolution is consolidated
in a
spreadsheet at the bottom of the e-mail message
below:
http://lists.oasis-open.org/archives/security-services/200905/msg00021.html
Changes due to the comments made in the first review resulted
in a
shortened 15-day review (15 Jun - 30 Jun)
announced in:
http://lists.oasis-open.org/archives/tc-announce/200906/msg00006.html
Comments made during this review were consolidated in a
spreadsheet at
the bottom of the e-mail message below and
resulted in no changes:
http://lists.oasis-open.org/archives/security-services/200907/msg00020.html
(h) An account of and results of the voting to approve the
specification as a Committee Specification,
including the date of the
ballot and a pointer to the ballot;
The ballot to make the profile a Committee
Specification was approved
by special majority on 24 August 2009. A
pointer to the result of the
ballot is below:
http://www.oasis-open.org/committees/ballot.php?id=1757
(i) An account of or pointer to votes and comments received in
any
earlier attempts to standardize substantially the
same specification,
together with the originating TC’s response to
each comment;
There were no earlier attempts to standardize substantially
the same
specification.
(j) A pointer to the publicly visible comments archive for the
originating TC;
http://lists.oasis-open.org/archives/security-services-comment/
(k) A pointer to any minority reports delivered by one or more
Members
who did not vote in favor of approving the
Committee Specification,
which report may include statements regarding why
the member voted
against the specification or that the member
believes that Substantive
Changes were made which have not gone through
public review; or
certification by the Chair that no minority
reports exist.
There were no negative votes cast on the final ballot and no
minority
reports were submitted during the process.
Hal Lockhart
Thomas Hardjono
Co-Chairs Security Services TC
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave
the OASIS TC that
generates this mail. Follow this link to all
your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
Date: October 1,
2009 8:44:37 PM EDT
Subject: [xacml] XSPA Profile of XACML for Healthcare v1.0 Submitted for OASIS
Standard Approval Ballot
OASIS Members:
The OASIS eXtensible Access Control Markup Language (XACML)
Technical
Committee has submitted the following
specification, which is an
approved Committee Specification, to be considered
as an OASIS Standard:
Cross-Enterprise Security and Privacy Authorization (XSPA)
Profile of
XACML v2.0 for Healthcare Version 1.0
The text of the TC submission is appended.
You now have until 15 October to familiarize yourself with the
submission and provide input to your
organization's voting
representative.
On 16 October, a Call For Vote will be issued to all Voting
Representatives of OASIS member organizations.
They will have until
the last day of October, inclusive, to cast their
ballots on whether
this Committee Specification should be approved as
an OASIS Standard
or not.
Members who wish to discuss this ballot may do so through member-discuss@lists.oasis-open.org
.
In accordance with the OASIS Technical Committee Process, this
Committee Specification has already completed the
necessary 60-day
public review period as noted in the submission
below.
The normative TC Process for approval of Committee
Specifications as
OASIS Standards is found at
http://www.oasis-open.org/committees/process-2009-07-30.php#OASISstandard
Any statements related to the IPR of this specification are
posted at:
http://www.oasis-open.org/committees/xacml/ipr.php
Your participation in the review and balloting process is
greatly
appreciated.
Mary
Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the information
society
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
twitter: fiberartisan #oasisopen
phone: 1.603.232.9090
(a) Links to the approved Committee Specification in the TC’s
document
repository, and any appropriate supplemental
documentation for the
specification, both of which must be written using
the OASIS
templates. The specification may not have been
changed between its
approval as a Committee Specification and its
submission to OASIS for
consideration as an OASIS Standard, except for the
changes on the
title page and running footer noting the approval
status and date.
Editable Source:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.doc
PDF:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.pdf
HTML:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.html
(b) The editable version of all files that are part of the
Committee
Specification;
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.doc
(c) Certification by the TC that all schema and XML instances
included
in the specification, whether by inclusion or
reference, including
fragments of such, are well formed, and that all
expressions are valid;
The required certification was made by the TC and is
documented in the
XACML minutes of 08-27-2009:
http://lists.oasis-open.org/archives/xacml/200908/msg00019.html
(d) A clear English-language summary of the specification;
This profile describes a Cross-enterprise Security and Privacy
Authorization (XSPA) framework using the XACML
core standard and
specific attributes to satisfy requirements
pertaining to information-
centric security and privacy within the healthcare
community.
(e) A statement regarding the relationship of this specification
to
similar work of other OASIS TCs or other standards
developing
organizations;
The Cross-Enterprise Security and Privacy Authorization (XSPA)
Profile
of XACML v2.0 for Healthcare Version 1.0 is
related to the work of the
OASIS XSPA TC. The profile has been
demonstrated by members of the
XSPA TC along with the work of the SSTC,
specifically the Cross-
Enterprise
Security and Privacy Authorization (XSPA) Profile of
Security Assertion Markup Language (SAML) for
Healthcare Version 1.0,
at the Healthcare Information and Management
Systems Society (HIMSS)
2009 conference. The XSPA profile is
consistent with the TP 20
“Access Control Transaction Package” recognized by
the Healthcare
Information Technology Standards Panel (HITSP).
(f) The Statements of Use presented above;
Three Statements of Use from OASIS members successfully using
or
implementing the Cross-Enterprise Security and
Privacy Authorization
(XSPA) Profile of Security Assertion Markup
Language (XACML) for
Healthcare Version 1.0:
Sun Microsystems:
http://lists.oasis-open.org/archives/xacml/200908/msg00012.html
SAIC:
http://lists.oasis-open.org/archives/xacml/200908/msg00011.html
Red Hat:
http://lists.oasis-open.org/archives/xacml/200908/msg00010.html
(g) The beginning and ending dates of the public review(s), a
pointer
to the announcement of the public review(s), and a
pointer to an
account of each of the comments/issues raised
during the public review
period(s), along with its resolution;
The XSPA profile of XACML has gone through 60 day public
review (12
Jan - 13 Mar 2009), announced in:
http://lists.oasis-open.org/archives/tc-announce/200901/msg00012.html
A link to the public comments and resolution is consolidated
in a
spreadsheet at the bottom of the e-mail message
below:
http://lists.oasis-open.org/archives/xacml/200905/msg00009.html
(h) An account of and results of the voting to approve the
specification as a Committee Specification,
including the date of the
ballot and a pointer to the ballot;
The ballot to make the profile a Committee Specification was
approved
by special majority on 24 August 2009. A
pointer to the result of the
ballot is below:
http://www.oasis-open.org/committees/ballot.php?id=1758
(i) An account of or pointer to votes and comments received in
any
earlier attempts to standardize substantially the
same specification,
together with the originating TC’s response to
each comment
There were no earlier attempts to standardize substantially
the same
specification other than those described above.
(j) A pointer to the publicly visible comments archive for the
originating TC;
http://lists.oasis-open.org/archives/xacml-comment/
(k) A pointer to any minority reports delivered by one or more
Members
who did not vote in favor of approving the
Committee Specification,
which report may include statements regarding why
the member voted
against the specification or that the member
believes that Substantive
Changes were made which have not gone through
public review; or
certification by the Chair that no minority
reports exist.
There were no negative votes cast on the final ballot and no
minority
reports were submitted during the process.
Hal Lockhart
Bill Parducci
Co-Chairs XACML TC
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave
the OASIS TC that
generates this mail. Follow this link to all
your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php