OASIS

The OASIS AMQP TC advances a vendor-neutral and platform-agnostic protocol that offers organizations an easier, more secure approach to passing real-time data streams and business transactions. The goal of AMQP is to ensure information is safely and efficiently transported between applications, among organizations, across distributed cloud computing environments, and within mobile infrastructures. AMQP avoids proprietary technologies, offering the potential to lower the cost of enterprise middleware software integrations through open interoperability. By enabling a commoditized, multi-vendor ecosystem, AMQP seeks to create opportunities for transforming the way business is done in the Cloud and over the Internet.

The OASIS MQTT TC is producing a standard for the Message Queuing Telemetry Transport Protocol compatible with MQTT V3.1, together with requirements for enhancements, documented usage examples, best practices, and guidance for use of MQTT topics with commonly available registry and discovery mechanisms. The standard supports bi-directional messaging to uniformly handle both signals and commands, deterministic message delivery, basic QoS levels, always/sometimes-connected scenarios, loose coupling, and scalability to support large numbers of devices. Candidates for enhancements include message priority and expiry, message payload typing, request/reply, and subscription expiry.
As an M2M/Internet of Things (IoT) connectivity protocol, MQTT is designed to support messaging transport from remote locations/devices involving small code footprints (e.g., 8-bit, 256KB ram controllers), low power, low bandwidth, high-cost connections, high latency, variable availability, and negotiated delivery guarantees. For example, MQTT is being used in sensors communicating to a broker via satellite links, SCADA, over occasional dial-up connections with healthcare providers (medical devices), and in a range of home automation and small device scenarios. MQTT is also ideal for mobile applications because of its small size, minimized data packets, and efficient distribution of information to one or many receivers (subscribers).
For more information on the MQTT TC, see the TC Charter.

Defining the schema and taxonomy for collaborative automated course of action operations (CACAO) security playbooks and how these playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions.

A language for expressing cyber threat and observable information. This document defines concepts that apply across all of STIX and defines the overall structure of the STIX language.

The OASIS Electronic Court Filing TC will develop specifications for the use of XML to create legal documents and to transmit legal documents from an attorney, party or self-represented litigant to a court, from a court to an attorney, party or self-represented litigant or to another court, and from an attorney or other user to another attorney or other user of legal documents.
 
The TC is affiliated with the OASIS LegalXML Member Section. For more information, see the TC Charter and FAQ

The DSS-X TC is developing new profiles of the existing OASIS Digital Signature Services core protocol "Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0" and is maintaining this specification and its existing profiles. If at a later date it becomes clear that a new version of DSS is necessary then this may be produced by the TC.

DSS-X is also working on promotion of the standard and the creation of material helping dissemination. In general terms, the TC has the goal to facilitate the processing of digital signatures and time stamps in a client server environment.

The DSS-X TC is a member of the IDtrust Member Section.

The purpose of the OASIS DITA Technical Committee (TC) is to define and maintain the Darwin Information Typing Architecture (DITA) and to promote the use of the architecture for creating standard information types and domain-specific markup vocabularies.
 
DITA is specializable, which allows for the introduction of specific semantics for specific purposes without increasing the size of other DTDs, and which allows the inheritance of shared design and behavior and interchangeability with unspecialized content.

The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. In the initial phase of TC work, three specifications will be transitioned from the US Department of Homeland Security (DHS) for development and standardization under the OASIS open standards process: STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression).
 
The OASIS CTI Technical Committee will:

• define composable information sharing services for peer-to-peer, hub-and-spoke, and source subscriber threat intelligence sharing models
• develop standardized representations for campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action
• develop formal models that allow organizations to develop their own standards-based sharing architectures to meet specific needs

The OASIS XSPA TC works to standardize the way healthcare providers, hospitals, pharmacies, and insurance companies exchange privacy policies, consent directives, and authorizations within and between healthcare organizations. The OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee will specify healthcare profiles of existing OASIS standards to support reliable, auditable methods of confirming personal identity, official authorization status, and role attributes. This work aligns with security specifications being developed within the U.S. Healthcare Information Technology Standards Panel (HITSP).

The OASIS Context Server (CXS) TC was chartered to create specifications for a Context Server (also known as Customer Data Platforms, CDP see below) as a core technology for enabling the delivery of personalized user experiences. The goal is to assist organizations that currently struggle to create and deliver consistent personalized experiences across channels, markets, and systems. The Context Server (aka CDP) will simplify management, integration, and interoperability between solutions providing services like Web Content Management, CRM, BigData, Machine Learning, Digital Marketing, and Data Management Platforms. TC members are producing a detailed list of use cases, a domain model, a REST API, as well as a reference implementation to serve as a real world example of how the Context Server standard can be used.
 
Relation to Customer Data Platforms: since the OASIS Context Server TC has been established, the term Customer Data Platform (CDP) has emerged and can be interchangeably be used for the Context Server. To reflect this, the specification produced by this TC has changed its name to : the Customer Data Platform specification.
 
Relation to Apache Unomi : the reference implementation of the Customer Data Platform specification is produced as part of the Apache Unomi project.

The OASIS CSAF Technical Committee is chartered to make a major revision to the Common Vulnerability Reporting Framework (CVRF) under a new name for the framework that reflects the primary purpose: a Common Security Advisory Framework (CSAF). TC deliverables are designed standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.

CACAO TC members are developing a standard to implement the course of action playbook model for cybersecurity operations.
 
In order to defend against cyber threats, organizations must manually identify, create, and document the prevention, mitigation, and remediation steps that, together, form a course of action playbook. However, today, there is is no standardized way to document and share these playbooks across organizational boundaries and technology solutions. CACAO addresses this problem by defining a sequence of cyber defense actions that can be executed for each type of playbook. It will specifically enable organizations to:

1. create course of action playbooks in a structured machine-readable format,
2. digitally sign course of action playbooks,
3. securely share course of action playbooks across organizational boundaries and technological solutions, and
4. document processing instructions for course of action playbooks in a machine readable format.