[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Federal Register (1/21/09) announcement
|
Colleagues During our monthly call, David Weitzel was interested in the
previous announcement of standards selected by HITSP in the Federal
Register. The announcement (attached) occurs as a result of the Secretary
of the ( Please remind your organization and your peers in other OASIS
organizations that the 15 day familiarization period has started on
the XACML & SAML XSPA profiles, which can be reviewed here: http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.pdf http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.pdf The entire process is announced in the attached emails.
I am available to discuss the context of the profiles with your organization if
desired. Best regards, David David Staggs, JD, CISSP (SAIC) |
Federal Register volume 74 pages 3599 to 3608.pdf
--- Begin Message ---Title: [security-services] XSPA Profile of SAML for Healthcare v1.0 Submitted for OASIS Standard Approval Ballot
- From: "Mary McRae" <mary.mcrae@oasis-open.org>
- To: <tc-announce@lists.oasis-open.org>
- Date: Thu, 1 Oct 2009 20:56:26 -0400
OASIS Members:
The OASIS Security Services (SAML) Technical Committee has submitted
the following specification, which is an approved Committee
Specification, to be considered as an OASIS Standard:Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of
Security Assertion Markup Language (SAML) for Healthcare Version 1.0The text of the TC submission is appended.
You now have until 15 October to familiarize yourself with the
submission and provide input to your organization's voting
representative.On 16 October, a Call For Vote will be issued to all Voting
Representatives of OASIS member organizations. They will have until
the last day of October, inclusive, to cast their ballots on whether
this Committee Specification should be approved as an OASIS Standard
or not.Members who wish to discuss this ballot may do so through member-discuss@lists.oasis-open.org
.In accordance with the OASIS Technical Committee Process, this
Committee Specification has already completed the necessary 60-day
public review period as noted in the submission below.The normative TC Process for approval of Committee Specifications as
OASIS Standards is found at
http://www.oasis-open.org/committees/process-2009-07-30.php#OASISstandardAny statements related to the IPR of this specification are posted at:
http://www.oasis-open.org/committees/security/ipr.phpYour participation in the review and balloting process is greatly
appreciated.Mary
Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
twitter: fiberartisan #oasisopen
phone: 1.603.232.9090
(a) Links to the approved Committee Specification in the TC’s document
repository, and any appropriate supplemental documentation for the
specification, both of which must be written using the OASIS
templates. The specification may not have been changed between its
approval as a Committee Specification and its submission to OASIS for
consideration as an OASIS Standard, except for the changes on the
title page and running footer noting the approval status and date.Editable Source:
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.doc
HTML:
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.html
PDF:
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.pdf(b) The editable version of all files that are part of the Committee
Specification;
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.doc(c) Certification by the TC that all schema and XML instances included
in the specification, whether by inclusion or reference, including
fragments of such, are well formed, and that all expressions are valid;
The required certification was made by the TC and is documented in the
SSTC minutes of 08-25-2009:
http://lists.oasis-open.org/archives/security-services/200908/msg00083.html(d) A clear English-language summary of the specification;
This profile describes a Cross-enterprise Security and Privacy
Authorization (XSPA) framework using the SAML core standard and
specific attributes to satisfy requirements pertaining to information-
centric security and privacy within the healthcare community.(e) A statement regarding the relationship of this specification to
similar work of other OASIS TCs or other standards developing
organizations;The Cross-Enterprise Security and Privacy Authorization (XSPA) Profile
of Security Assertion Markup Language (SAML) for Healthcare Version
1.0 is related to the work of the OASIS XSPA TC. The profile has been
demonstrated by members of the XSPA TC along with the work of the
XACML TC, specifically the Cross-Enterprise Security and Privacy
Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0,
at the Healthcare Information and Management Systems Society (HIMSS)
2009 conference. The XSPA profile is consistent with the TP 20
“Access Control Transaction Package” recognized by the Healthcare
Information Technology Standards Panel (HITSP).(f) The Statements of Use presented above;
Three Statements of Use from OASIS members successfully using or
implementing the Cross-Enterprise Security and Privacy Authorization
(XSPA) Profile of Security Assertion Markup Language (SAML) for
Healthcare Version 1.0:
Jericho Systems
http://lists.oasis-open.org/archives/security-services/200908/msg00032.html
Red Hat:
http://lists.oasis-open.org/archives/security-services/200908/msg00031.html
Sun Microsystems:
http://lists.oasis-open.org/archives/security-services/200908/msg00035.html(g) The beginning and ending dates of the public review(s), a pointer
to the announcement of the public review(s), and a pointer to an
account of each of the comments/issues raised during the public review
period(s), along with its resolution;The XSPA profile of SAML has gone through 60 day public review (12 Jan
- 13 Mar), announced in:
http://lists.oasis-open.org/archives/tc-announce/200901/msg00011.htmlA link to the public comments and resolution is consolidated in a
spreadsheet at the bottom of the e-mail message below:
http://lists.oasis-open.org/archives/security-services/200905/msg00021.htmlChanges due to the comments made in the first review resulted in a
shortened 15-day review (15 Jun - 30 Jun) announced in:
http://lists.oasis-open.org/archives/tc-announce/200906/msg00006.htmlComments made during this review were consolidated in a spreadsheet at
the bottom of the e-mail message below and resulted in no changes:
http://lists.oasis-open.org/archives/security-services/200907/msg00020.html(h) An account of and results of the voting to approve the
specification as a Committee Specification, including the date of the
ballot and a pointer to the ballot;
The ballot to make the profile a Committee Specification was approved
by special majority on 24 August 2009. A pointer to the result of the
ballot is below:http://www.oasis-open.org/committees/ballot.php?id=1757
(i) An account of or pointer to votes and comments received in any
earlier attempts to standardize substantially the same specification,
together with the originating TC’s response to each comment;There were no earlier attempts to standardize substantially the same
specification.(j) A pointer to the publicly visible comments archive for the
originating TC;http://lists.oasis-open.org/archives/security-services-comment/
(k) A pointer to any minority reports delivered by one or more Members
who did not vote in favor of approving the Committee Specification,
which report may include statements regarding why the member voted
against the specification or that the member believes that Substantive
Changes were made which have not gone through public review; or
certification by the Chair that no minority reports exist.There were no negative votes cast on the final ballot and no minority
reports were submitted during the process.Hal Lockhart
Thomas Hardjono
Co-Chairs Security Services TC
---------------------------------------------------------------------
--- End Message ---
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
--- Begin Message ---Title: [xacml] XSPA Profile of XACML for Healthcare v1.0 Submitted for OASIS Standard Approval Ballot
- From: "Mary McRae" <mary.mcrae@oasis-open.org>
- To: <tc-announce@lists.oasis-open.org>
- Date: Thu, 1 Oct 2009 20:44:37 -0400
OASIS Members:
The OASIS eXtensible Access Control Markup Language (XACML) Technical
Committee has submitted the following specification, which is an
approved Committee Specification, to be considered as an OASIS Standard:Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of
XACML v2.0 for Healthcare Version 1.0The text of the TC submission is appended.
You now have until 15 October to familiarize yourself with the
submission and provide input to your organization's voting
representative.On 16 October, a Call For Vote will be issued to all Voting
Representatives of OASIS member organizations. They will have until
the last day of October, inclusive, to cast their ballots on whether
this Committee Specification should be approved as an OASIS Standard
or not.Members who wish to discuss this ballot may do so through member-discuss@lists.oasis-open.org
.In accordance with the OASIS Technical Committee Process, this
Committee Specification has already completed the necessary 60-day
public review period as noted in the submission below.The normative TC Process for approval of Committee Specifications as
OASIS Standards is found at
http://www.oasis-open.org/committees/process-2009-07-30.php#OASISstandardAny statements related to the IPR of this specification are posted at:
http://www.oasis-open.org/committees/xacml/ipr.phpYour participation in the review and balloting process is greatly
appreciated.Mary
Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
twitter: fiberartisan #oasisopen
phone: 1.603.232.9090
(a) Links to the approved Committee Specification in the TC’s document
repository, and any appropriate supplemental documentation for the
specification, both of which must be written using the OASIS
templates. The specification may not have been changed between its
approval as a Committee Specification and its submission to OASIS for
consideration as an OASIS Standard, except for the changes on the
title page and running footer noting the approval status and date.Editable Source:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.doc
PDF:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.pdf
HTML:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.html(b) The editable version of all files that are part of the Committee
Specification;
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.doc(c) Certification by the TC that all schema and XML instances included
in the specification, whether by inclusion or reference, including
fragments of such, are well formed, and that all expressions are valid;The required certification was made by the TC and is documented in the
XACML minutes of 08-27-2009:
http://lists.oasis-open.org/archives/xacml/200908/msg00019.html(d) A clear English-language summary of the specification;
This profile describes a Cross-enterprise Security and Privacy
Authorization (XSPA) framework using the XACML core standard and
specific attributes to satisfy requirements pertaining to information-
centric security and privacy within the healthcare community.(e) A statement regarding the relationship of this specification to
similar work of other OASIS TCs or other standards developing
organizations;The Cross-Enterprise Security and Privacy Authorization (XSPA) Profile
of XACML v2.0 for Healthcare Version 1.0 is related to the work of the
OASIS XSPA TC. The profile has been demonstrated by members of the
XSPA TC along with the work of the SSTC, specifically the Cross-
Enterprise Security and Privacy Authorization (XSPA) Profile of
Security Assertion Markup Language (SAML) for Healthcare Version 1.0,
at the Healthcare Information and Management Systems Society (HIMSS)
2009 conference. The XSPA profile is consistent with the TP 20
“Access Control Transaction Package” recognized by the Healthcare
Information Technology Standards Panel (HITSP).(f) The Statements of Use presented above;
Three Statements of Use from OASIS members successfully using or
implementing the Cross-Enterprise Security and Privacy Authorization
(XSPA) Profile of Security Assertion Markup Language (XACML) for
Healthcare Version 1.0:
Sun Microsystems:
http://lists.oasis-open.org/archives/xacml/200908/msg00012.html
SAIC:
http://lists.oasis-open.org/archives/xacml/200908/msg00011.html
Red Hat:
http://lists.oasis-open.org/archives/xacml/200908/msg00010.html(g) The beginning and ending dates of the public review(s), a pointer
to the announcement of the public review(s), and a pointer to an
account of each of the comments/issues raised during the public review
period(s), along with its resolution;The XSPA profile of XACML has gone through 60 day public review (12
Jan - 13 Mar 2009), announced in:
http://lists.oasis-open.org/archives/tc-announce/200901/msg00012.htmlA link to the public comments and resolution is consolidated in a
spreadsheet at the bottom of the e-mail message below:
http://lists.oasis-open.org/archives/xacml/200905/msg00009.html(h) An account of and results of the voting to approve the
specification as a Committee Specification, including the date of the
ballot and a pointer to the ballot;The ballot to make the profile a Committee Specification was approved
by special majority on 24 August 2009. A pointer to the result of the
ballot is below:
http://www.oasis-open.org/committees/ballot.php?id=1758(i) An account of or pointer to votes and comments received in any
earlier attempts to standardize substantially the same specification,
together with the originating TC’s response to each commentThere were no earlier attempts to standardize substantially the same
specification other than those described above.(j) A pointer to the publicly visible comments archive for the
originating TC;http://lists.oasis-open.org/archives/xacml-comment/
(k) A pointer to any minority reports delivered by one or more Members
who did not vote in favor of approving the Committee Specification,
which report may include statements regarding why the member voted
against the specification or that the member believes that Substantive
Changes were made which have not gone through public review; or
certification by the Chair that no minority reports exist.There were no negative votes cast on the final ballot and no minority
reports were submitted during the process.
Hal Lockhart
Bill Parducci
Co-Chairs XACML TC
---------------------------------------------------------------------
--- End Message ---
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]