Working group

As businesses are developing rapidly, and IT infrastructures are constantly diversified, a single public / private cloud or a traditional on-premises datacenter is no longer able to meet service requirements in terms of costs, performance, scalability, security, and compatibility. Users are increasingly choosing hybrid clouds to meet their needs. Hybrid clouds take advantage of various clouds and traditional IT infrastructures and work systematically to benefit the users based on their service requirements.However, hybrid clouds pose new security risks, bringing a few challenges on security protection. This initiative aims to develop a security white paper specifying hybrid cloud security risks and countermeasures, helping users identify and reduce risk. This initiative proposes to provide suggestions on hybrid cloud governance, hybrid cloud threat profiles, and hybrid cloud security evaluation, guiding both users and cloud service providers to choose and provide secure hybrid cloud solutions, and promoting security planning and implementation.

Collaboration and coordination among all stakeholders are critical to secure the cloud platform. The current gap is that there is no defined guideline dividing the security roles and responsibilities between the Cloud Service Providers (CSPs) and Cloud customers; on how to secure Cloud services in different Cloud deployment models. This is especially the case for those who have little cloud security knowledge. This WG aims to develop guidelines for CSPs to secure its Cloud platform and provide Cloud security services to Cloud users; for Cloud users to select security qualified CSPs; for security vendors to develop their Cloud-based security products and services. Subsequently, this WG hopes to develop a platform for CSPs to publish their security requirements; for security vendors to share their security products and services, and to provide a platform for interoperability testing.

With today’s fast-evolving threat landscape, a holistic cloud incident response framework that considers an expansive scope of factors for cloud outages is necessary. The working group aims to develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud incidents (both security and non-security related), and their handling and mitigation strategies. The aim is to serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, and also a transparent and common framework for Cloud Service Providers to share with cloud customers their cloud incident response practices. Imperative factors of cloud incidents including, but not limited to, operational mistakes, infrastructure or system failure, environmental issues, cyber security incidents and malicious acts will be included in development of the framework.

Preparation of European Standards specifying safety and performance requirements for supplementary grip devices to be mounted on tyres of road vehicles.

The OASIS Trust Elevation TC works to define a set of standardized protocols that service providers may use to elevate the trust in an electronic identity credential presented to them for authentication. The Trust Elevation TC is intended to respond to suggestions from the public sector, including the U.S. National Strategy for Trusted Identities in Cyberspace (NSTIC). The Trust Elevation TC promotes interoperability among multiple identity providers--and among multiple identity federations and frameworks--by facilitating clear communication about common and comparable operations to present, evaluate and apply identity [data/assertions] to sets of declared authorization levels.

The OASIS XSPA TC works to standardize the way healthcare providers, hospitals, pharmacies, and insurance companies exchange privacy policies, consent directives, and authorizations within and between healthcare organizations. The OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee will specify healthcare profiles of existing OASIS standards to support reliable, auditable methods of confirming personal identity, official authorization status, and role attributes. This work aligns with security specifications being developed within the U.S. Healthcare Information Technology Standards Panel (HITSP).

This Technical Specification (TS) provides implementation guidance to support the use of the International Patient Summary dataset in a European context. The focus of this technical specification takes into consideration European specific jurisdictional requirements, needs and contexts that Europe requires to be satisfied for effective implementation. It addresses both functional and non-functional requirements for the dataset’s interchange. As part of the usability of the International Patient Summary, European perspectives, directives and regulations contextualise and add value to generic reference implementations for use by Member States. The TS applies the refined European Interoperability Framework (ReEIF), which describes legal, organisational, semantic and technological considerations for interoperability. These considerations highlight the eHealth Network’s (eHN) guidance for cross-border care and underpin the care process. The TS formalises principles to support the safe and legitimate use of patient summary data and afford protection for efficient cross-border data interchange within scenarios for unscheduled care. This Technical Specification gives selection criteria and provides examples of various transport formats and terminologies shown to be suitable for interchanging the International Patient Summary dataset. Compliance, deployment & migration Guidance are also included. The TS distinguishes between cross-border only requirements for interchanging the dataset and those that are generally applicable within national borders.

The scope of this project is to define a general object-oriented information model that may be used to structure information and identify services used in point-of-care (POC) medical device communications. The scope is primarily focused on acute care medical devices and the communication of patient vital signs information.

This document specifies the common conventions required for the cart-to-host as well as cart-to-cart interchange of specific patient data (demographic, recording, ...), ECG signal data, ECG measurement and ECG interpretation results. This document specifies the content and structure of the information which is to be interchanged between digital ECG carts and computer ECG management systems, as well as other computer systems where ECG data can be stored