Headline

CVE-2020-13101: Standards Archive - OASIS Open

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.

4 years ago

CVE

Open in Source

#vulnerability #web #ios #mac #js #git #intel #perl #xpath #ldap #pdf #auth #ssl

Sort by:Sort by:

Filter by:Standard type: Project/Committee: Year Approved:

Advanced Message Queueing Protocol (AMQP) v1.0

Approved: 30 Oct 2012

An open internet protocol for business messaging.

Messaging

Produced by:

OASIS Advanced Message Queuing Protocol (AMQP) TC

Voting history:

Voting History for OASIS Standard, October 2012

Additional approvals

ISO/IEC 19464:2014

OASIS Standard:****Cite as:

Cite as:
[amqp-core-overview-v1.0]
OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0 Part 0: Overview. Edited by Robert Godfrey, David Ingham, and Rafael Schloming. 29 October 2012. OASIS Standard. http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-overview-v1.0-os.html. Latest version: http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-overview-v1.0.html.

[amqp-core-types-v1.0]OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0 Part 1: Types. Edited by Robert Godfrey, David Ingham, and Rafael Schloming. 29 October 2012. OASIS Standard. http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-types-v1.0-os.html. Latest version: http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-types-v1.0.html.

[amqp-core-transport-v1.0]OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0 Part 2: Transport. Edited by Robert Godfrey, David Ingham, and Rafael Schloming. 29 October 2012. OASIS Standard. http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-transport-v1.0-os.html Latest version: http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-transport-v1.0.html.

[amqp-core-messaging-v1.0]OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0 Part 3: Messaging. Edited by Robert Godfrey, David Ingham, and Rafael Schloming. 29 October 2012. OASIS Standard. http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-messaging-v1.0-os.html. Latest version: http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-messaging-v1.0.html.

[amqp-core-transactions-v1.0]OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0 Part 4: Transactions. Edited by Robert Godfrey, David Ingham, and Rafael Schloming. 29 October 2012. OASIS Standard. http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-transactions-v1.0-os.html. Latest version: http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-transactions-v1.0.html.

[amqp-core-security-v1.0]OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0 Part 5: Security. Edited by Robert Godfrey, David Ingham, and Rafael Schloming. 29 October 2012. OASIS Standard. http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-security-v1.0-os.html. Latest version: http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-security-v1.0.html.

Advanced Message Queuing Protocol (AMQP) Enforcing Connection Uniqueness Version 1.0

Approved: 17 Sep 2018

Enables two processes via AMQP v1.0 to enforce that only one open AMQP connection exists between the two of them.

Messaging

Advanced Message Queuing Protocol (AMQP) WebSocket Binding (WSB) Version 1.0

Approved: 16 Aug 2016

Defining a mechanism for tunneling an AMQP connection over a WebSocket transport. It is applicable as an approach for general firewall tunneling and for Web browser messaging scenarios.

Messaging

Akoma Ntoso Naming Convention Version 1.0

Approved: 21 Feb 2019

Defining the naming convention for IRIs and ids related to the Akoma Ntoso XML standard. Id attributes are optional, but whenever attributes ‘eId’ and ‘wId’ are used, the specifications in this document are mandatory.

Content Technologies
eGov/Legal

Akoma Ntoso Version 1.0

Approved: 29 Aug 2018

Defining a common legal document standard for the specification of parliamentary, legislative, and judicial documents, for their interchange between institutions anywhere in the world, and for the creation of a common data and metadata model that allows experience, expertise, and tools to be shared and extended by all participating peers, courts, Parliaments, Assemblies, Congresses, and administrative branches of governments.

Content Technologies
eGov/Legal

Application Vulnerability Description Language (AVDL) v1.0 [OASIS 200403]

Approved: 01 Jun 2004

AVDL is a security interoperability standard for creating a uniform method of describing application security vulnerabilities using XML.

Cybersecurity
Web Services

AS4 Interoperability Profile for Four-Corner Networks Version 1.0

Approved: 12 Nov 2021

Defines an interoperability profile of the AS4 Profile of ebMS 3.0 for use in four-corner networks where entities exchange business documents through intermediary gateway services.

e-Business
Messaging

AS4 Profile of ebMS 3.0 v1.0

Approved: 24 Jan 2013

The OASIS ebMS 3.0 Standard combined multiple Web Service standards to create a single comprehensive specification for defining the secure and reliable exchange of documents using Web Services. The AS4 profile of the ebMS 3.0 specification was developed in order to bring continuity to the principles and simplicity that made AS2 successful, while adding better compliance to Web Services standards, and features such as message pulling capability and a built-in Receipt mechanism.

e-Business
Messaging

Authentication Step-Up Protocol and Metadata Version 1.0

Approved: 24 May 2017

Describing a common metadata set, mechanisms and protocol elements for Trust Elevation information exchanges in order to promote the use of Trust Elevation elements to facilitate standardization among the many technologies and approaches currently in use for credential & authentication risk mitigation.

Privacy/Identity

Basic Profile Version 1.2

Approved: 16 Jun 2014

Defining the WS-I Basic Profile 1.2, a set of clarifications, refinements, interpretations and amplifications to a combination of non-proprietary Web services specifications in order to promote interoperability.

Web Services

Basic Profile Version 2.0

Approved: 16 Jun 2014

This document defines the WS-I Basic Profile 2.0 consisting of a set of clarifications, refinements, interpretations and amplifications to a combination of non-proprietary Web services specifications in order to promote interoperability. It is an evolution of WS-I Basic Profile 1.1 and is based on SOAP 1.2. In particular it adds support for WS-Addressing.

Web Services

Basic Security Profile Version 1.1

Approved: 22 Oct 2014

Extends the Basic Profile (either v1.1 or v1.0), consisting of a set of clarifications, refinements, interpretations and amplifications to a combination of non-proprietary Web services specifications in order to promote interoperability.

Security
Web Services

Bindings for OBIX: REST Bindings Version 1.0

Approved: 14 Sep 2015

Specifies REST bindings for OBIX. OBIX provides the core information model and interaction pattern for communication with building control systems. Specific implementations of OBIX must choose how to bind OBIX interactions. This document describes the REST Binding, an interaction pattern that can be used in conjunction with XML, EXI, CoAP, and JSON encodings, as well as other encodings that may be specified elsewhere.

Energy
IoT

Bindings for OBIX: SOAP Bindings Version 1.0

Approved: 14 Sep 2015

OBIX provides the core information model and interaction pattern for communication with building control systems. Specific implementations of OBIX must choose how to bind OBIX interactions. Specifies SOAP protocol bindings for OBIX.

Energy
IoT

Bindings for OBIX: WebSocket Bindings Version 1.0

Approved: 14 Sep 2015

Energy
IoT

Biometric Identity Assurance Services (BIAS) SOAP Profile Version 1.0

Approved: 25 May 2012

Specifies a SOAP profile that implements the Biometric Identity Assurance Services (BIAS) abstract operations specified in INCITS 442 as SOAP messages.

Privacy/Identity
Security

Biometric Identity Assurance Services (BIAS) SOAP Profile Version 2.0

Approved: 11 Jul 2017

Specifies a SOAP profile that implements the Biometric Identity Assurance Services (BIAS) abstract operations specified in INCITS 442 as SOAP messages.

Privacy/Identity
Security

Business Centric Methodology (BCM) v1.0 Specification

Approved: 01 Apr 2006

Provides a set of layered methods for acquiring interoperable e-business information within communities of interest. The Standard serves as a road map, enabling organizations to identify and exploit business success factors in a technology-neutral manner.

e-Business

Business Document Envelope Version 1.0

Approved: 02 Aug 2015

Defining a business-oriented artefact enveloping a payload of one or more business documents or other artefacts with supplemental semantic information about the collection of payloads as a whole. This is distinct from any transport-layer infrastructure envelope that may be required.

e-Business
Messaging

Business Document Envelope Version 1.1

Approved: 05 Dec 2016

e-Business
Messaging

Business Document Metadata Service Location Version 1.0

Approved: 01 Aug 2017

Defines service discovery method values for use in DNS Resource Record service fields. The methods defined are instances of the generic pattern defined within IETF RFCs for Dynamic Delegation Discovery Services (DDDS).

e-Business

Business Document Naming and Design Rules (BDNDR) Version 1.1

Approved: 08 Nov 2021

Prescribes a set of naming and design rules used to create complete CCTS models of interoperable business documents.

e-Business

Business Document Naming and Design Rules Version 1.0

Approved: 18 Jan 2017

Prescribes a set of naming and design rules used to create XML document model validation artefacts (W3C Schema XSD files and OASIS Context/value association files) associated with abstract information bundles formally described using the Core Component Technical Specification 2.01 [CCTS].

e-Business

CACAO Security Playbooks Version 1.0

Approved: 23 Jun 2021

Defining the schema and taxonomy for collaborative automated course of action operations (CACAO) security playbooks and how these playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions.

Cybersecurity

CACAO Security Playbooks Version 1.0

Approved: 12 Jan 2021

Cybersecurity

CALS Table Model DTD

Approved: 19 Oct 1995

Produced by:

Tables Technical Committee

Voting history:

October 1995

OASIS Standard:****Cite as:

[cals-table-model]

CALS Table Model Document Type Definition. Edited by Harvey Bingham and Norman Walsh. 19 October 1995. Technical Memorandum. https://www.oasis-open.org/specs/tm9502.html

Classification of Everyday Living Version 1.0

Approved: 26 Jun 2018

Defines the Classification of Everyday Living (COEL) version 1.0 specification for the complete implementation of a compliant system. Examples and non-normative material are also offered as guidance.

e-Business
IoT

Classification of Everyday Living Version 1.0

Approved: 25 Feb 2018

Defines the Classification of Everyday Living (COEL) version 1.0 specification for the complete implementation of a compliant system. Examples and non-normative material are also offered as guidance.

e-Business
IoT

Classification of Everyday Living Version 1.0

Approved: 23 Jan 2019

Defines the Classification of Everyday Living (COEL) version 1.0 specification for the complete implementation of a compliant system. Examples and non-normative material are also offered as guidance.

e-Business
IoT

Cloud Application Management for Platforms (CAMP) Test Assertions Version 1.1

Approved: 09 Nov 2014

Defines the Test Assertions for version 1.1 of the OASIS Cloud Application Management for Platforms (CAMP) specification. These Test Assertions support the testing activity by acting as a bridge between the normative statements in the specification and the executable test cases that are parts of a conformance test suite.

Cloud

Cloud Application Management for Platforms Version 1.1

Approved: 09 Nov 2014

Defines the artifacts and APIs that need to be offered by a Platform as a Service (PaaS) cloud to manage the building, running, administration, monitoring and patching of applications in the cloud. Its purpose is to enable interoperability among self-service interfaces to PaaS clouds by defining artifacts and formats that can be used with any conforming cloud and enable independent vendors to create tools and services that interact with any conforming cloud using the defined interfaces. Cloud vendors can use these interfaces to develop new PaaS offerings that will interact with independently developed tools and components.

Cloud

Cloud Application Management for Platforms Version 1.2

Approved: 15 May 2018

Cloud

Code List Representation (genericode) Version 1.0

Approved: 06 Apr 2022

Describes the OASIS Code List Representation model and W3C XML Schema, known collectively as “genericode”.

Content Technologies

Code List Representation (Genericode) Version 1.0

Approved: 29 Dec 2007

Describes the OASIS Code List Representation model and W3C XML Schema, known collectively as “genericode”.

Content Technologies

Collaboration Protocol Profile and Agreement Version 3.0

Approved: 24 Sep 2020

Defines XML-based trading agreements between trading partners as part of the ebXML family of standards.

e-Business

Common Alerting Protocol v1.0 [OASIS 200402]

Approved: 01 Apr 2004

General format for exchanging all-hazard emergency alerts and public warnings over all kinds of networks. CAP allows a consistent warning message to be disseminated simultaneously over many different warning systems, thus increasing warning effectiveness while simplifying the warning task. CAP also facilitates the detection of emerging patterns in local warnings of various kinds, such as might indicate an undetected hazard or hostile act. And CAP provides a template for effective warning messages based on best practices identified in academic research and real-world experience.

Emergency Management
Messaging

Common Alerting Protocol v1.1

Approved: 01 Oct 2005

Emergency Management
Messaging

Common Alerting Protocol v1.2

Approved: 01 Jul 2010

Emergency Management
Messaging

Common Security Advisory Framework Version 2.0

Approved: 29 Jun 2022

A language to exchange Security Advisories formulated in JSON. CSAF v2.0 is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.d

Cybersecurity

Common Security Advisory Framework Version 2.0

Approved: 18 Nov 2022

Cybersecurity

Common Security Advisory Framework Version 2.0

Approved: 01 Aug 2022

Cybersecurity

Common Security Advisory Framework Version 2.0

Approved: 12 Nov 2021

Cybersecurity

Content Assembly Mechanism (CAM) v1.1

Approved: 01 Jun 2007

Provides an open XML based system for using business rules to define, validate and compose specific business documents from generalized schema elements and structures.

The core role of the OASIS CAM specifications is to provide a generic standalone content assembly mechanism that extends beyond the basic structural definition features in XML and schema to provide a comprehensive system with which to define dynamic e-business interoperability.

Content Technologies
e-Business

Content Management Interoperability Services (CMIS) v1.0

Approved: 01 May 2010

Defines a domain model and Web Services and Restful AtomPub bindings that can be used by applications to work with one or more Content Management repositories/systems.

The CMIS interface is designed to be layered on top of existing Content Management systems and their existing programmatic interfaces. It is not intended to prescribe how specific features should be implemented within those CM systems, not to exhaustively expose all of the CM system’s capabilities through the CMIS interfaces. Rather, it is intended to define a generic/universal set of capabilities provided by a CM system and a set of services for working with those capabilities.

Content Technologies

Content Management Interoperability Services (CMIS) v1.1

Approved: 23 May 2013

Deﬁnes a domain model and Web Services, Restful AtomPub and browser (JSON) bindings that can be used by applications to work with one or more Content Management repositories/systems.
The CMIS interface is designed to be layered on top of existing Content Management systems and their existing programmatic interfaces. It is not intended to prescribe how speciﬁc features should be implemented within those CM systems, nor to exhaustively expose all of the CM system’s capabilities through the CMIS interfaces. Rather, it is intended to deﬁne a generic/universal set of capabilities provided by a CM system and a set of services for working with those capabilities.

Content Technologies

Context/value association using genericode 1.0

Approved: 15 Apr 2010

Describes the file format used in a “context/value association” file (termed in short as “a CVA file”). This file format is an XML vocabulary using address expressions to specify hierarchical document contexts and their associated constraints. A document context specifies one or more locations found in an XML document or other similarly structured hierarchy of information. A constraint is expressed as either an explicit expression evaluation or as a value inclusion in one or more controlled vocabularies of values. This file format specification assumes a controlled vocabulary of values is expressed in an external resource described by the OASIS genericode standard.

Content Technologies

Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of SAML v2.0 for Healthcare Version 2.0

Approved: 23 Apr 2019

Defines a set of SAML attributes and corresponding vocabularies for healthcare information exchange applications.

Privacy/Identity

Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare v1.0

Approved: 01 Nov 2009

Describes a framework in which SAML is encompassed by cross-enterprise security and privacy authorization (XSPA) to satisfy requirements pertaining to information-centric security within the healthcare community.

Privacy/Identity
Security

Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of WS-Trust for Healthcare v1.0

Approved: 01 Nov 2010

Describes a framework in which WS-Trust is leveraged by cross-enterprise security and privacy authorization (XSPA) to satisfy requirements pertaining to information-centric security within the healthcare community.

Privacy/Identity
Security

Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare v1.0

Approved: 01 Nov 2009

CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2

Approved: 13 Sep 2017

Definitive reference for the CSAF CVRF language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.

Cybersecurity

Customer Data Platform Version 1.0

Approved: 04 Oct 2019

Aims to standardize exchange of customer data across systems and silos by defining a web-based API using GraphQL. The GraphQL api is a self-documented and strongly typed interface. It is designed to be dynamically extended, and allows extensive implementation specific customization.

Content Technologies
e-Business

Customer Information Quality Party Relationships (xPRL) Specification Version 3.0

Approved: 11 Nov 2009

Defines the extensible Party Relationships Language (xPRL) specifications of OASIS Customer Information Quality Specifications Version 3.0, a standard way of defining party information and relationships between parties that is vendor neutral and open (i.e., independent of tools, systems, languages and platforms) and enabled portability and interoperability of data, then it would be possible to reduce the expensive and complex Integration problems associated with new business initiatives.

e-Business

Customer Information Quality Specifications Version 3.0

Approved: 03 Oct 2008

Defines the OASIS Customer Information Quality Specifications Version 3.0, a standard way of defining party information and relationships between parties that is vendor neutral and open (i.e., independent of tools, systems, languages and platforms) and enabled portability and interoperability of data, then it would be possible to reduce the expensive and complex Integration problems associated with new business initiatives.

e-Business

Darwin Information Typing Architecture (DITA) v1.0

Approved: 01 May 2005

Defines both a) a set of document types for authoring and organizing topic-oriented information; and b) a set of mechanisms for combining and extending document types using a process called specialization.

Content Technologies

Darwin Information Typing Architecture (DITA) v1.1

Approved: 01 Aug 2007

Content Technologies

Darwin Information Typing Architecture (DITA) v1.2

Approved: 01 Dec 2010

Defines both a) a set of document types for authoring and organizing topic-oriented information; and b) a set of mechanisms for combining, extending, and constraining document types.

Content Technologies

Darwin Information Typing Architecture (DITA) v1.3

Approved: 17 Dec 2015

Defines both a) a set of document types for authoring and organizing topic-oriented information; and b) a set of mechanisms for combining, extending, and constraining document types.

Content Technologies

Devices Profile for Web Services (DPWS) v1.1

Approved: 01 Jul 2009

Defines a minimal set of implementation constraints to enable secure Web service messaging, discovery, description, and eventing on resource-constrained endpoints.

Web Services

Digital Signature Service Core Protocols, Elements, and Bindings Version 2.0

Approved: 11 Dec 2019

Defines JSON and XML based request/response protocols for signing and verifying documents and other data. It also defines a timestamp format, and a signature property for use with these protocols. Finally, it defines transport and security bindings for the protocols.

Security

Digital Signature Service Core Protocols, Elements, and Bindings Version 2.0

Approved: 04 Jul 2019

Security

Digital Signature Service Metadata Version 1.0

Approved: 11 Dec 2019

Defines JSON and XML structures and discovery mechanisms for metadata related to digital signature services.

Security

Digital Signature Service Metadata Version 1.0

Approved: 04 Jul 2019

Defines JSON and XML structures and discovery mechanisms for metadata related to digital signature services.

Security

Digital Signature Services v1.0

Approved: 01 Apr 2007

Defines XML request/response protocols for signing and verifying XML documents and other data. It also defines an XML timestamp format, and an XML signature property for use with these protocols. Finally, it defines transport and security bindings for the protocols.

Content Technologies

Directory Services Markup Language (DSML) v2.0 [OASIS 200201]

Approved: 01 Apr 2002

Providing a means for representing directory structural information as an XML document, as well as providing a method for expressing directory queries and updates (and the results of these operations) as XML documents

Content Technologies

DocBook v4.1 [OASIS 200101]

Approved: 01 Jan 2001

DocBook is a general purpose [XML] schema particularly well suited to books and papers about computer hardware and software (though it is by no means limited to these applications).

Content Technologies

DocBook v4.5

Approved: 01 Oct 2006

DocBook is a general purpose [XML] schema particularly well suited to books and papers about computer hardware and software (though it is by no means limited to these applications).d

Content Technologies

DocBook v5.0

Approved: 01 Nov 2009

DocBook is a general purpose [XML] schema particularly well suited to books and papers about computer hardware and software (though it is by no means limited to these applications).

The Version 5.0 release is a complete rewrite of DocBook in RELAX NG. The intent of this rewrite is to produce a schema that is true to the spirit of DocBook while simultaneously removing inconsistencies that have arisen as a natural consequence of DocBook’s long, slow evolution. The Technical Committee has taken this opportunity to simplify a number of content models and tighten constraints where RELAX NG makes that possible.

The Technical Committee provides the DocBook 5.0 schema in other schema languages, including W3C XML Schema and an XML DTD, but the RELAX NG Schema is now the normative schema.

Content Technologies

DocBook Version 5.1

Approved: 22 Nov 2016

DocBook is a general purpose [XML] schema particularly well suited to books and papers about computer hardware and software (though it is by no means limited to these applications).

The Version 5.1 release introduces assemblies for topic-oriented authoring. It also addresses a selection of bugs and feature requests.

The Technical Committee provides the DocBook 5.1 schema in other schema languages, including W3C XML Schema and an XML DTD, but the RELAX NG Schema is the normative schema.

Content Technologies

DSS Extension for Local Signature Computation Version 1.0

Approved: 06 Mar 2017

The core OASIS Digital Signature Service webservice [DSSCore] supports the creation of signatures on behalf of applications and / or users by utilizing server-based signature keys.

This Local Signature Computation profile extends the core functionality such that end users can bring (use) their own (secure) signature-creation device. Examples of such devices are smartcards or usb-tokens but also smartphones, mobile phones, tablets, pc’s or laptops with privately held signature keys.

Security

DSS Extension for Local Signature Computation Version 1.0

Approved: 27 Jul 2015

The core OASIS Digital Signature Service webservice [DSSCore] supports the creation of signatures on behalf of applications and / or users by utilizing server-based signature keys.

Security

ebCore Agreement Update Specification Version 1.0

Approved: 18 Sep 2016

Defines message exchanges and an XML schema to support the exchange of messaging service communication agreement update requests and the associated responses to such requests. The schema offers extensibility for various types of updates. The main initial application of the specification is the exchange of X.509 certificates for certificate rollover, for which a separate extension schema is provided. The specification is based on the concept of messaging service communication agreements and the creation of new agreements as independently identified updated copies of existing agreements. The specification also provides an Agreement Termination feature. The specification supports ebMS2, ebMS3 and AS4 but can also be used with other protocols that have a concept of communication agreement. The specification is independent of storage or interchange formats for configuration information.

Messaging

ebXML Business Process Specification Schema Technical Specification v2.0.4

Approved: 01 Dec 2006

Defines a standards-based business process foundation that promotes the automation and predictable exchange of Business Collaboration definitions using XML.

Messaging

ebXML Collaborative Partner Profile Agreement (CPPA) v2 [OASIS 200206]

Approved: 01 Nov 2002

Defines the Collaboration-Protocol Profile (CPP) and the Collaboration-Protocol Agreement (CPA), a component of the suite of ebXML specifications. A CPP describes the message exchange capabilities of a party to a business transaction.

e-Business

ebXML Message Service Specification v2.0 [OASIS 200204]

Approved: 01 Aug 2004

Defines a communications-protocol neutral method for exchanging electronic business messages. It defines specific enveloping constructs supporting reliable, secure delivery of business information.

e-Business

ebXML Messaging Protocol Binding for RegRep Version 1.0

Approved: 09 Mar 2021

Specifies a messaging protocol binding for the Registry Services of the OASIS ebXML RegRep Version 4.0 OASIS Standard. This binding is compatible with both the versions 2.0 and 3.0 of ebMS as well as the AS4 profile and complements the existing protocol bindings specified in OASIS RegRep Version 4.0.

e-Business
Messaging

ebXML Messaging Services v3.0: Part 1, Core Features

Approved: 01 Oct 2007

Defines a communications-protocol neutral method for exchanging electronic business messages. It defines specific Web Services-based enveloping constructs supporting reliable, secure delivery of business information. Furthermore, the specification defines a flexible enveloping technique, permitting messages to contain payloads of any format type. This versatility ensures legacy electronic business systems employing traditional syntaxes (i.e. UN/EDIFACT, ASC X12, or HL7) can leverage the advantages of the ebXML infrastructure along with users of emerging technologies.

e-Business
Messaging

ebXML Registry Information Model (RIM) v2.0 [OASIS 200203]

Approved: 01 Apr 2002

Defines the services and protocols for an ebXML Registry. A separate document, ebXML Registry: Information Model [ebRIM], defines the types of metadata and content that can be stored in an ebXML Registry.

e-Business

ebXML Registry Information Model (RIM) v3.0

Approved: 01 May 2005

Defines the types of metadata and content that can be stored in an ebXML Registry. A separate document, ebXML Registry: Service and Protocols [ebRS], defines the services and protocols for an ebXML Registry.

Content Technologies
Messaging

ebXML Registry Services and Protocols v3.0

Approved: 01 May 2005

Defines the services and protocols for an ebXML Registry. A separate document, ebXML Registry: Information Model [ebRIM], defines the types of
metadata and content that can be stored in an ebXML Registry.

Messaging

ebXML Registry Services Specification (RS) v2.0 [OASIS 200202]

Approved: 01 Apr 2002

Defines the services and protocols for an ebXML Registry.

e-Business

ebXML RegRep v4.0

Approved: 26 Jan 2012

A a standard defining the service interfaces, protocols and information model for an integrated registry and repository. The repository stores digital content while the registry stores metadata that describes the content in the repository.

e-Business
Messaging

eContracts Version 1.0

Approved: 28 Apr 2007

Describes the generic hierarchical structure of a wide range of contract documents. The TC envisages that the primary use of the eContracts Schema will be to facilitate the maintenance of precedent or template contract documents and contract terms by persons who wish to use them to create new contract documents with automated tools. Use cases covered include negotiated business contracts, ticket contracts, standard form business and consumer contracts and click-through agreements.

Content Technologies

Election Markup Language (EML) Specification Version 6.0

Approved: 22 Aug 2010

Describes the background and purpose of the Election Markup Language, the electoral processes from which it derives its structure and the security and audit mechanisms it is designed to support. It also provides an explanation of the core schemas used throughout, definitions of the simple and complex datatypes, plus the EML schemas themselves. It also covers the conventions used in the specification and the use of namespaces, as well as the guidance on the constraints, extendibility, and splitting of messages.

Content Technologies
Messaging

Election Markup Language (EML) Specification Version 7.0

Approved: 28 Oct 2011

Describes the background and purpose of the Election Markup Language, the electoral processes from which it derives its structure and the security and audit mechanisms it is designed to support. It also provides an explanation of the core schemas used throughout, definitions of the simple and complex datatypes, plus the EML schemas themselves. It also covers the conventions used in the specification and the use of namespaces, as well as guidance on the constraints, extensibility, and splitting of messages.

Content Technologies
Messaging

Election Markup Language (EML) v4.0

Approved: 01 Feb 2006

eGov/Legal
Messaging

Produced by:

OASIS Election and Voter Services TC

Voting history:

February 2006

Voting History

OASIS Standard:

The complete EML v4.0 Standard set (PDF format) and schema files can be
downloaded as a zip archive and includes the following documents:

EML Process and Data Requirements
EML Schema Descriptions
related schemas

Cite as:

Election Markup Language (EML) v5.0

Approved: 01 Dec 2007

eGov/Legal
Messaging

Electronic Court Filing Version 4.01

Approved: 07 Jul 2015

Defines the LegalXML Electronic Court Filing 4.01 (ECF 4.0) specification, which consists of a set of non-proprietary XML and Web services specifications, along with clarifying explanations and amendments to those specifications, that have been added for the purpose of promoting interoperability among electronic court filing vendors and systems. ECF Version 4.01 is a maintenance release to address several minor schema and definition issues identified by implementers of the ECF 4.0 specification.

eGov/Legal

Electronic Court Filing Version 5.0

Approved: 18 Apr 2019

Consists of a set of non-proprietary XML and Web services specifications developed to promote interoperability among electronic court filing vendors and systems. ECF v5.0 is a major release that adds new functionality and capabilities beyond the scope of the ECF 4.0 and 4.01 specifications that it supersedes.

eGov/Legal

Electronic Court Filing Web Services Service Interaction Profile Version 5.0

Approved: 24 Apr 2019

Defines a Service Interaction Profile, as defined in section 6 of the LegalXML Electronic Court Filing Version 5.0 (ECF 5.0) specification. The Web Services Service Interaction Profile may be used to transmit ECF 5.0 messages between Internet-connected systems.

eGov/Legal

Electronic Identity Credential Trust Elevation Framework Version 1.0

Approved: 22 May 2014

Recommends particular methods as satisfying defined degrees of assurance for elevating trust in an electronic identity credential, to assure the submitter’s identity sufficiently to support elevation between each pair of assurance levels to transact business where material amounts of economic value or personally identifiable data are involved. Alternative and optional methods may be included. The description of each recommended method shall include functional definitions of the types of identity and assertion data employed by each method, and may include specification of the data services required in each elevation, substantive data exchange patterns or models, message exchange patterns or models, and such other elements as the TC deems useful.

Privacy/Identity
Security

Electronic Trial Master File (eTMF) Specification Version 1.0

Approved: 25 Oct 2016

Publishes details of an interoperable content classification system with rules, policies and procedures for how electronic content can be shared and customized for clinical trials. Machine readable, open standards-based technologies are used in a vendor neutral approach.

Instructions on converting the eTMF schema spreadsheet to an OWL RDF/XML ontology are available from IEEE.

Content Technologies

Emergency Data Exchange Language (EDXL) Common Alerting Protocol (CAP) v1.2 Australia (AU) Profile Version 1.0

Approved: 05 Sep 2013

Describes an interpretation of the OASIS CAP v1.2 standard necessary to meet the needs of the Australian Government.

Emergency Management
Messaging

Emergency Data Exchange Language (EDXL) Distribution Element v1.0

Approved: 01 May 2006

Describes a standard message distribution framework for data
sharing among emergency information systems using the XML-based Emergency Data Exchange Language (EDXL). This format may be used over any data transmission system, including but not limited to the SOAP HTTP binding.

Emergency Management
Messaging

Emergency Data Exchange Language (EDXL) Distribution Element Version 2.0

Approved: 19 Sep 2013

Describes a standard message distribution format for data sharing among emergency information systems. The DE 2.0 serves two important purposes:

(1) The DE 2.0 allows an organization to wrap separate but related pieces of emergency information, including any of the EDXL message types, into a single “package” for easier and more useful distribution;

(2) The DE 2.0 allows an organization to “address” the package to organizations or individuals with specified roles, located in specified locations or those interested in specified keywords.

This version of the DE expands the ability to use local community-defined terms, uses a profile of the Geographic Markup Language (GML) , follows best practices for naming conventions, provides the capability to link content objects, supports extensions, and is reorganized for increased flexibility and reuse of common types. The DE 2.0 packages and addresses emergency information for effective distribution with improved standardization and ability to be tailored for user needs.

Emergency Management
Messaging

Emergency Data Exchange Language (EDXL) Hospital AVailability Exchange

Approved: 01 Nov 2008

Describes a standard message for data sharing among emergency information systems using the XML-based Emergency Data Exchange Language (EDXL). This format may be used over any data transmission system, including but not limited to the SOAP HTTP binding.

Emergency Management
Messaging

Emergency Data Exchange Language (EDXL) Hospital AVailability Exchange (HAVE) Version 2.0

Approved: 18 Mar 2019

An XML messaging standard primarily for exchange of information related to health facilities in the context of emergency management. HAVE supports sharing information about facility services, bed counts, operations, capacities, and resource needs so first responders, emergency managers, coordinating organizations, hospitals, care facilities, and the health community can provide each other with a coherent view of the health system.

Emergency Management
Messaging

Emergency Data Exchange Language (EDXL) Hospital AVailability Exchange (HAVE) Version 2.0

Approved: 13 Dec 2018

Emergency Management
Messaging

Emergency Data Exchange Language (EDXL) Tracking of Emergency Patients (TEP) Version 1.1

Approved: 21 Sep 2018

An XML messaging standard primarily for exchange of emergency patient and tracking information from the point of patient encounter through definitive care admission or field release. TEP supports patient tracking across the Emergency Medical Services (EMS) care continuum, as well as hospital evacuations and patient transfers, providing real-time information to responders, Emergency Management, coordinating organizations and care facilities in the chain of care and transport.

Emergency Management
Messaging

Emergency Data Exchange Language (EDXL) Tracking of Emergency Patients (TEP) Version 1.1

Approved: 20 Jan 2016

Emergency Management
Messaging

Emergency Data Exchange Language Resource Messaging (EDXL-RM) v1.0 incorporating Approved Errata

Approved: 01 Nov 2008

Describes a suite of standard messages for data sharing among emergency and other information systems that deal in requesting and providing emergency equipment, supplies, people and teams. This format may be used over any data transmission system, including but not limited to the SOAP HTTP binding.

Emergency Management
Messaging

Emergency Data Exchange Language Situation Reporting (EDXL-SitRep) Version 1.0

Approved: 06 Oct 2016

Describes a set of standard reports and elements that can be used for data sharing among emergency information systems, and that provide incident information for situation awareness on which incident command can base decisions.

Emergency Management
Messaging

Encodings for OBIX: Common Encodings Version 1.0

Approved: 14 Sep 2015

Specifies different encodings for OBIX objects adhering to the OBIX object model. OBIX provides the core information model and interaction pattern for communication with building control systems.

Energy
IoT

Energy Interoperation Version 1.0

Approved: 11 Jun 2014

Describes an information model and a communication model to enable collaborative and transactive use of energy, service definitions consistent with the OASIS SOA Reference Model [SOA-RM], and XML vocabularies for the interoperable and standard exchange of:

· Dynamic price signals

· Reliability signals

· Emergency signals

· Communication of market participation information such as bids

· Load predictability and generation information

This work facilitates enterprise interaction with energy markets, which:

· Allows effective response to emergency and reliability events

· Allows taking advantage of lower energy costs by deferring or accelerating usage

· Enables trading of curtailment and generation

· Supports symmetry of interaction between providers and consumers of energy

· Provides for aggregation of provision, curtailment, and use

The definition of a price and of reliability information depends on the market context in which it exists. It is not in scope for this TC to define specifications for markets or for pricing models, but the TC has coordinated with others to ensure that commonly used market and pricing models are supported.

While this specification uses Web Services to describe the services, no requirement or expectation of specific messaging implementation is assumed.

Energy

Energy Market Information Exchange (EMIX) Version 1.0

Approved: 11 Jan 2012

Defines an information model and XML vocabulary for the interoperable and standard exchange of prices and product definitions in transactive energy markets:

· Price information

· Bid information

· Time for use or availability

· Units and quantity to be traded

· Characteristics of what is traded

Energy

Entity Management

Approved: 10 Sep 1997

Defines an entity catalog that handles the simple cases of mapping an external entity’s public identifier and/or entity name to a file name, URL, or other storage object identifier.

Content Technologies

Produced by:

Entity Resolution TC

Voting history:

September 1997

OASIS Standard:****Cite as:

[entity-mgmt]

Entity Management. Edited by Paul Grosso. 10 September 1997. Technical Resolution. https://web.archive.org/web/20110909103855/http://www.oasis-open.org/specs/tr9401.html

Exchange Header Envelope (XHE) Version 1.0

Approved: 25 Apr 2021

Defining a business-oriented artifact either referencing (as a header) or containing (as an envelope) a payload of one or more business documents or other artifacts.

e-Business

Exchange Header Envelope (XHE) Version 1.0

Approved: 13 Dec 2020

Defines a business-oriented artifact either referencing (as a header) or containing (as an envelope) a payload of one or more business documents or other artifacts with supplemental semantic information about the collection of payloads as a whole.

Content Technologies
e-Business

Exchange Header Envelope (XHE) Version 1.0

Approved: 05 Sep 2019

Defines a business-oriented artefact either referencing (as a header) or containing (as an envelope) a payload of one or more business documents or other artefacts with supplemental semantic information about the collection of payloads as a whole. This is distinct from any transport-layer infrastructure header or envelope that may be required to propagate documents from one system to another. An exchange header envelope describes contextual information important to the sender and receiver about the payloads, without having to modify the payloads in any fashion.

Content Technologies
e-Business

Exchange Header Envelope (XHE) Version 1.0

Approved: 21 Mar 2019

Content Technologies
e-Business

Extensible Access Control Markup Language (XACML) v1.0 [OASIS 200301]

Approved: 01 Feb 2003

eXtensible Access Control Markup Language (XACML) v3.0

Approved: 23 Jan 2013

Defines Version 3.0 of the eXtensible Access Control Markup Language.

Security

eXtensible Access Control Markup Language v2.0 (XACML)

Approved: 01 Feb 2005

Extensible Resource Descriptor (XRD) v1.0

Approved: 01 Nov 2010

Defines XRD, a simple generic format for describing and discovering resources.

Security

Extensible Resource Identifier (XRI) Resolution Version 2.0

Approved: 12 Apr 2008

Defines a simple generic format for resource description (XRDS documents), a protocol for obtaining XRDS documents from HTTP(S) URIs, and generic and trusted protocols for resolving Extensible Resource Identifiers (XRIs) using XRDS documents and HTTP(S) URIs. These protocols are intended for use with both HTTP(S) URIs as defined in [RFC2616] and with XRIs as defined by Extensible Resource Identifier (XRI) Syntax Version 2.0 [XRISyntax] or higher.

Content Technologies

Extensible Resource Identifier (XRI) Syntax V2.0

Approved: 14 Nov 2005

This is the normative technical specification for XRI generic syntax. For a non-normative introduction to the uses and features of XRIs, see Introduction to XRIs [XRIIntro].

Content Technologies

Field Force Management Integration Interface Specification Version 1.0

Approved: 06 Oct 2012

Describes the Field Force Management Integration Interface (FFMII), a flexible interface between Enterprise Resource Management System (ERMS) and Field Force Management System (FFMS).

Content Technologies

Fragment Interchange

Approved: 07 Nov 1996

Defining a way to send fragments of an SGML document—regardless of whether the fragments are predetermined entities or not—without having to send everything up to the part in question.

Content Technologies

Produced by:

Fragment Interchange Subcommittee

Voting history:

November 1996

OASIS Standard:****Cite as:

[frag-interchg]

Fragment Interchange. Edited by Steve DeRose and Paul Grosso. 07 November 1996. Technical Resolution. https://web.archive.org/web/20011224202900/http://www.oasis-open.org/specs/tr9601.html

Identity Metasystem Interoperability (IMI) v1.0

Approved: 01 Jul 2009

Intended for developers and architects who wish to design identity systems and applications that interoperate using the Identity Metasystem Interoperability specification.

An Identity Selector and the associated identity system components allow users to manage their Digital Identities from different Identity Providers, and employ them in various contexts to access online services. In this specification, identities are represented to users as “Information Cards”. Information Cards can be used both at applications hosted on Web sites accessed through Web browsers and rich client applications directly employing Web services.

This specification also provides a related mechanism to describe security-verifiable identity for endpoints by leveraging extensibility of the WS-Addressing specification. This is achieved via XML [XML 1.0] elements for identity provided as part of WS-Addressing Endpoint References. This mechanism enables messaging systems to support multiple trust models across networks that include processing nodes such as endpoint managers, firewalls, and gateways in a transport-neutral manner.

Privacy/Identity

Identity Provider Discovery Service Protocol and Profile

Approved: 27 Mar 2008

Defines a generic browser-based protocol by which a centralized discovery service implemented independently of a given service provider can provide a requesting service provider with the unique identifier of an identity provider that can authenticate a principal.

Privacy/Identity

Integrated Collaboration Object Model (ICOM) for Interoperable Collaboration Services Version 1.0

Approved: 31 Jan 2013

Defines a framework for integrating a broad range of domain models for collaboration activities in an integrated and interoperable collaboration environment.

Content Technologies

JSON Profile of XACML 3.0 Version 1.0

Approved: 11 Dec 2014

Proposes a standardized interface between a policy enforcement point and a policy decision point using JSON. The decision request and response structure is specified in the core XACML specification. This profile leverages it.

Security

JSON Profile of XACML 3.0 Version 1.1

Approved: 20 Jun 2019

Defines a standardized interface between a policy enforcement point and a policy decision point using JSON. The decision request and response structure is specified in the core XACML specification. This profile leverages it.

Security

JSON Profile of XACML 3.0 Version 1.1

Approved: 05 Dec 2018

Define a standardized interface between a policy enforcement point and a policy decision point using JSON. The decision request and response structure is specified in the core XACML specification. This profile leverages it.

Security

Key Management Interoperability Protocol Profiles v1.0

Approved: 01 Oct 2010

Intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol specification.

Cloud
Security

Key Management Interoperability Protocol Profiles v1.1

Approved: 25 Jan 2013

Intended for developers and architects who wish to design systems and applications that conform to the Key Management Interoperability Protocol specification.

KMIP V1.1 enhances the KMIP V1.0 standard (established in October 2010) by

defining new functionality in the protocol to improve interoperability, such as a Discover Versions operation and a Group object;
defining additional Test Cases for verifying and validating the new functionality;
providing additional information in the KMIP Usage Guide to assist in effective implementation of KMIP in key management clients and servers; and
defining new profiles for establishing KMIP-compliant implementations.

The Key Management Interoperability Protocol (KMIP) is a single, comprehensive protocol for communication between clients that request any of a wide range of encryption keys and servers that store and manage those keys. By replacing redundant, incompatible key management protocols, KMIP provides better data security while at the same time reducing expenditures on multiple products.

Security

Key Management Interoperability Protocol Profiles v1.2

Approved: 19 May 2015

Intended for developers and architects who wish to design systems and applications that conform to the Key Management Interoperability Protocol specification.

Cloud
Security

Key Management Interoperability Protocol Profiles Version 1.3

Approved: 27 Dec 2016

Intended for developers and architects who wish to design systems and applications that conform to the Key Management Interoperability Protocol specification.

Cloud
Security

Key Management Interoperability Protocol Profiles Version 1.4

Approved: 22 Nov 2017

Intended for developers and architects who wish to design systems and applications that conform to the Key Management Interoperability Protocol specification.

Cloud
Security

Key Management Interoperability Protocol Profiles Version 2.0

Approved: 31 Oct 2019

Defines a set of normative constraints for employing KMIP within a particular environment or context of use. They may, optionally, require the use of specific KMIP functionality or in other respects define the processing rules to be followed by profile actors.

Security

Key Management Interoperability Protocol Profiles Version 2.1

Approved: 14 Dec 2020

Specifies conformance clauses that define the use of objects, attributes, operations, message elements and authentication methods within specific contexts of KMIP server and client interaction.

Security

Key Management Interoperability Protocol Profiles Version 2.1

Approved: 07 May 2020

Intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification

Cloud
Security

Key Management Interoperability Protocol Specification v1.0

Approved: 01 Oct 2010

Intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol specification.

Cloud
Security

Key Management Interoperability Protocol Specification v1.1

Approved: 25 Jan 2013

Intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification.

Cloud
Security

Key Management Interoperability Protocol Specification v1.2

Approved: 19 May 2015

Intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification.

Cloud
Security

Key Management Interoperability Protocol Specification Version 1.3

Approved: 27 Dec 2016

Intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification.

Cloud
Security

Key Management Interoperability Protocol Specification Version 1.4

Approved: 22 Nov 2017

Intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification.

Cloud
Security

Key Management Interoperability Protocol Specification Version 2.0

Approved: 31 Oct 2019

Specifies the protocol used for the communication between clients and servers performing certain management operations on objects stored and maintained by a key management system, including symmetric and asymmetric cryptographic keys and digital certificates.

Privacy/Identity
Security

Key Management Interoperability Protocol Specification Version 2.1

Approved: 14 Dec 2020

A single, comprehensive protocol for communication between clients that request any of a wide range of encryption keys and servers that store and manage those keys.

Security

Key Management Interoperability Protocol Specification Version 2.1

Approved: 07 May 2020

Privacy/Identity
Security

Key Management Interoperability Protocol Specification Version 2.1

Approved: 16 Nov 2020

Privacy/Identity
Security

KMIP Additional Message Encodings v1.0

Approved: 19 May 2015

Describes additional (optional) message encodings as an alternative to the (mandatory) raw TTLV (Tag, Type, Length, Value) encoding including HTTPS, JSON and XML.

Security

KMIP Asymmetric Key Lifecycle Profile v1.0

Approved: 19 May 2015

Describes a profile for a KMIP server performing asymmetric key lifecycle operations based on requests received from a KMIP client.

Security

KMIP Cryptographic Services Profile v1.0

Approved: 19 May 2015

Describes the use of KMIP operations to support cryptographic services being performed by a KMIP server on behalf of a KMIP client for key management operations.

Security

KMIP Opaque Managed Object Store Profile v1.0d

Approved: 19 May 2015

Describes a profile for a KMIP server performing opaque managed object storage operations based on requests received from a KMIP client.

Security

KMIP Storage Array with Self-Encrypting Drives Profile v1.0

Approved: 19 May 2015

Describes a profile for Storage Arrays with Self-Encrypting Drives as KMIP clients interacting with KMIP servers.

Security

KMIP Suite B Profile v1.0

Approved: 19 May 2015

Describes a profile for KMIP clients and KMIP servers using Suite B cryptography that has been approved by NIST for use by the U.S. Government and specified in NIST standards or recommendations.

Security

KMIP Symmetric Key Foundry for FIPS 140-2 Profile v1.0

Approved: 19 May 2015

Describes a profile for a KMIP server creating FIPS140-2 approved symmetric key algorithms based on requests received from a KMIP client.

Security

KMIP Symmetric Key Lifecycle Profile v1.0

Approved: 19 May 2015

Describes a profile for a KMIP server performing symmetric key lifecycle operations based on requests received from a KMIP client.

Security

KMIP Tape Library Profile v1.0

Approved: 19 May 2015

Describes a profile for Tape Libraries as KMIP clients interacting with KMIP servers.

Security

LegalRuleML Core Specification Version 1.0 – Committee Specification 01

Approved: 08 May 2018

Extends RuleML with formal features specific to legal norms, guidelines, policies and reasoning. It defines a specification (expressed with XML-schema and Relax NG) that is able to represent the particularities of the legal normative rules with a rich, articulated, and meaningful markup language.

eGov/Legal

LegalRuleML Core Specification Version 1.0 – Committee Specification 02

Approved: 06 Apr 2020

Extending the RuleML specifiation with formal features specific to legal norms, guidelines, policies and reasoning. It defines a specification (expressed with XML-schema and Relax NG) that is able to represent the particularities of the legal normative rules with a rich, articulated, and meaningful markup language.

eGov/Legal

LegalRuleML Core Specification Version 1.0 – OASIS Standard

Approved: 30 Aug 2021

Defining a standard (expressed with XML-schema and Relax NG on the basis of Consumer RuleML 1.02) that is able to represent the particularities of the legal normative rules with a rich, articulated, and meaningful mark-up language.

e-Business
eGov/Legal

Message Annotations for Response Routing Version 1.0

Approved: 16 Feb 2021

AMQP is a vendor-neutral, platform-agnostic protocol for passing real-time data streams and business transactions. This document defines mechanisms to allow messages which transit boundaries to be annotated with sufficient information to allow responses to be directed back to the intended recipient.

e-Business
IoT
- Messaging

Metadata Extension for SAML V2.0 and V1.x Query Requesters

Approved: 01 Nov 2007

Defines an extension to the SAML V2.0 metadata specification [SAML2Meta]. The extension defines role descriptor types that describe a standalone SAML V1.x or V2.0 query requester for each of the three predefined query types. Readers are advised to familiarize themselves with that specification before reading this one.

Privacy/Identity
Security

Metadata Profile for the OASIS Security Assertion Markup Language (SAML) V1.x

Approved: 01 Nov 2007

Defines a profile of the OASIS SAML V2.0 metadata specification for use in describing SAML V1.0 and V1.1 entities. Readers should be familiar with the SAML V2.0 metadata specification [SAML2Meta] before reading this document.

Privacy/Identity
Security

MQTT v3.1.1

Approved: 29 Oct 2014

A Client Server publish/subscribe messaging transport protocol. It is light weight, open, simple, and designed so as to be easy to implement. These characteristics make it ideal for use in many situations, including constrained environments such as for communication in Machine to Machine (M2M) and Internet of Things (IoT) contexts.

IoT
Messaging

MQTT Version 5.0

Approved: 07 Mar 2019

A Client Server publish/subscribe messaging transport protocol. It is light weight, open, simple, and designed to be easy to implement. These characteristics make it ideal for use in many situations, including constrained environments such as for communication in Machine to Machine (M2M) and Internet of Things (IoT) contexts.

IoT
Messaging

MQTT Version 5.0

Approved: 15 May 2018

IoT
Messaging

MQTT Version 5.0

Approved: 25 Dec 2017

IoT
Messaging

OASIS DSS v1.0 Profile for Comprehensive Multi-Signature Verification Reports Version 1.0

Approved: 12 Nov 2010

Defines a protocol and processing profile of the DSS Verifying Protocol specified in Section 4 of [DSSCore], which allows to return individual signature verification reports for each signature in a verification request and include detailed information of the different steps taken during verification.

Security

OASIS ebCore Party Id Type Technical Specification Version 1.0

Approved: 25 Sep 2010

A mechanism for the identification of business partners in business documents based on XML (or other structured formats) and message headers using URN-based identifier types is required in many electronic business exchanges. This specification specifies a formal URN-based mechanism for referencing party types from the ISO 6523, ISO 9735 and ISO 20022 identification scheme catalogs using the oasis URN namespace. Sample applications include (but are not limited to): ebXML message headers; ebXML collaboration protocol profiles and agreements; UBL, UN/CEFACT and OAGIS XML business documents; the UN/CEFACT SBDH; and XBRL documents.

e-Business
Web Services

OASIS ebXML Messaging Services 3.0 Conformance Profiles

Approved: 24 Apr 2010

A supplement to the ebMS-3 specification [ebMS3]. It defines some conformance profiles that support specific messaging styles or context of use. Future releases of this document are likely to be augmented with additional conformance profiles that reflect the choices or needs of user communities. As a pre-condition to interoperability it is necessary for two implementations to agree on which common conformance profile, or which compatible conformance profiles, they will comply with. This document and its future releases is intended as a medium to publish conformance profiles that users and products will claim compliance with.

e-Business
Messaging

OASIS ebXML Messaging Services Version 3.0: Part 2, Advanced Features

Approved: 20 May 2011

Complements the ebMS 3.0 Core Specification by specifying advanced messaging functionality for message service configuration, message bundling, messaging across intermediaries (multi-hop) and transfer of (compressed) messages as series of smaller message fragments.

e-Business
Messaging

OASIS ebXML Messaging Transport Binding for Digital Signature Services Version 1.0

Approved: 31 Oct 2008

Mappings from DSS messages into standard communication protocols are called DSS bindings. A transport binding specifies how DSS messages are encoded and carried using a transport protocol. The DSS Core standard [DSS Core] specifies two transport bindings. This document specifies an alternative transport binding that uses the OASIS ebXML Messaging Service. This profile supports is compatible with both the version 2.0 [ebMS 2.0] and version 3.0 [ebMS 3.0] ebXML Messaging OASIS standards.

e-Business
Messaging

OBIX Version 1.1

Approved: 14 Sep 2015

Specifies an object model used for machine-to-machine (M2M) communication. Companion documents will specify the protocol bindings and encodings for specific cases.

Energy
IoT

OData Atom Format Version 4.0

Approved: 17 Nov 2013

The Open Data Protocol (OData) for representing and interacting with structured content is comprised of a set of specifications. The core specification for the protocol is in OData Version 4.0 Part 1: Protocol. This document extends the core specification by defining representations for OData requests and responses using an Atom format.

Cloud
Messaging

OData Common Schema Definition Language (CSDL) JSON Representation Version 4.01

Approved: 12 May 2020

The Common Schema Definition Language (CSDL) defines specific representations of the entity data model exposed by an OData service. This document specifically defines the XML representation of CSDL.

Messaging

OData Common Schema Definition Language (CSDL) XML Representation Version 4.01

Approved: 12 May 2020

The Common Schema Definition Language (CSDL) defines specific representations of the entity data model exposed by an OData service. This document specifically defines the XML representation of CSDL.

Messaging

OData Extension for Data Aggregation Version 4.0

Approved: 04 Nov 2015

Adds basic grouping and aggregation functionality (e.g. sum, min, and max) to the Open Data Protocol (OData) without changing any of the base principles of OData.

Cloud
Messaging

OData Extension for Temporal Data Version 4.0 – Committee Specification 01

Approved: 25 Jan 2022

OData JSON Format v4.0

Approved: 24 Feb 2014

OData enables the creation and consumption of REST-based data services which allow resources, identified using Uniform Resource Locators (URLs) and defined in a data model, to be published and edited by Web clients using simple HTTP messages. This document extends the core specification by defining representations for OData requests and responses using a JSON format.

Messaging

Produced by:

OASIS Open Data Protocol (OData) TC

Voting history:

Voting History for OASIS Standard, February 2014

Voting History for Approved Errata 01, September 2014

Voting History for Approved Errata 02, October 2014

Voting History for Approved Errata 03, June 2016

Additional approvals

ISO/IEC 20802-2:2016

OASIS Standard:

OASIS Standard:
HTML
PDF
DOC

Distribution ZIP File

Approved Errata 01:
DOC
HTML
PDF

OASIS Standard incorporating Approved Errata 01:
DOC
HTML
PDF

Distribution ZIP File

Approved Errata 02:
DOC
HTML
PDF

OASIS Standard incorporating Approved Errata 02:
DOC
HTML
PDF

Distribution ZIP File

Approved Errata 03:
DOC
HTML
PDF

OASIS Standard incorporating Approved Errata 03:
DOC
HTML
PDF

Distribution ZIP File

Cite as:

Cite as:
[OData-JSON-Format-v4.0]
OData JSON Format Version 4.0. Edited by Ralf Handl, Michael Pizzo, and Mark Biamonte. 24 February 2014. OASIS Standard. http://docs.oasis-open.org/odata/odata-json-format/v4.0/os/odata-json-format-v4.0-os.html. Latest version: http://docs.oasis-open.org/odata/odata-json-format/v4.0/odata-json-format-v4.0.html.

[OData-JSON-Format-v4.0]OData JSON Format Version 4.0 Plus Errata 01. Edited by Ralf Handl, Michael Pizzo, Martin Zurmuehl, and Mark Biamonte. 04 September 2014. OASIS Standard incorporating Approved Errata 01. http://docs.oasis-open.org/odata/odata-json-format/v4.0/errata01/os/odata-json-format-v4.0-errata01-os-complete.html. Latest version: http://docs.oasis-open.org/odata/odata-json-format/v4.0/odata-json-format-v4.0.html.

[OData-JSON-Format-v4.0-plus-Errata02]OData JSON Format Version 4.0 Plus Errata 02. Edited by Ralf Handl, Michael Pizzo, Martin Zurmuehl, and Mark Biamonte. 30 October 2014. OASIS Standard incorporating Approved Errata 02. http://docs.oasis-open.org/odata/odata-json-format/v4.0/errata02/os/odata-json-format-v4.0-errata02-os-complete.html. Latest version: http://docs.oasis-open.org/odata/odata-json-format/v4.0/odata-json-format-v4.0.html.

[OData-JSON-Format-v4.0-errata03]OData JSON Format Version 4.0 Errata 03. Edited by Ralf Handl, Michael Pizzo, and Martin Zurmuehl. 02 June 2016. OASIS Approved Errata. http://docs.oasis-open.org/odata/odata-json-format/v4.0/errata03/os/odata-json-format-v4.0-errata03-os.html. Latest version: http://docs.oasis-open.org/odata/odata-json-format/v4.0/errata03/odata-json-format-v4.0-errata03.html.

[OData-JSON-Format-v4.0]OData JSON Format Version 4.0 Plus Errata 03. Edited by Ralf Handl, Michael Pizzo, and Mark Biamonte. 02 June 2016. OASIS Standard incorporating Approved Errata 03. http://docs.oasis-open.org/odata/odata-json-format/v4.0/errata03/os/odata-json-format-v4.0-errata03-os-complete.html. Latest version: http://docs.oasis-open.org/odata/odata-json-format/v4.0/odata-json-format-v4.0.html.

OData JSON Format v4.01

Approved: 12 May 2020

Messaging

OData v4.0

Approved: 24 Feb 2014

OData enables the creation and consumption of REST-based data services which allow resources, identified using Uniform Resource Locators (URLs) and defined in a data model, to be published and edited by Web clients using simple HTTP messages. OData helps create a more open, programmable Web, and simplifies the querying and sharing of data across applications for re-use in the enterprise, cloud, and mobile devices.

Messaging

OData Version 4.01

Approved: 23 Apr 2020

OData enables the creation and consumption of REST-based data services which allow resources, identified using Uniform Resource Locators (URLs) and defined in a data model, to be published and edited by Web clients using simple HTTP messages. OData helps create a more open, programmable Web, and simplifies the querying and sharing of data across applications for re-use in the enterprise, cloud, and mobile devices.

Messaging

Open Command and Control (OpenC2) Language Specification Version 1.0

Approved: 24 Nov 2019

A concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. It should be understood that a language such as OpenC2 is necessary but insufficient to enable coordinated cyber responses that occur within cyber relevant time. Other aspects of coordinated cyber response such as sensing, analytics, and selecting appropriate courses of action are beyond the scope of OpenC2.

Cybersecurity
Security

Open Command and Control (OpenC2) Language Specification Version 1.0

Approved: 11 Jul 2019

Cybersecurity
Security

Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0

Approved: 11 Jul 2019

A concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. Stateless packet filtering is a cyber defense mechanism that denies or allows traffic based on static properties of the traffic, such as address, port, protocol, etc. This profile defines the Actions, Targets, Specifiers and Options that are consistent with the version 1.0 of the OpenC2 Language Specification ([OpenC2-Lang-v1.0]) in the context of stateless packet filtering (SLPF).

Cybersecurity
Security

Open Document Format for Office Applications (OpenDocument) Specification v1.1

Approved: 01 Feb 2007

An open, XML-based file format for office applications, based on OpenOffice.org XML [OOo].

Content Technologies

Open Document Format for Office Applications (OpenDocument) Version 1.2

Approved: 30 Sep 2011

This specification consists of this document as well as the following three parts:

Part 1 defines an XML schema for office applications and its semantics. The schema is suitable for office documents, including text documents, spreadsheets, charts and graphical documents like drawings or presentations, but is not restricted to these kinds of documents.

Part 2 defines a formula language to be used in OpenDocument documents.

Part 3 defines a package format to be used for OpenDocument documents.

Content Technologies

Open Document Format for Office Applications (OpenDocument) Version 1.3

Approved: 30 Oct 2020

An open XML-based document file format for office applications that produce documents containing text, spreadsheets, charts, and graphical elements.

Content Technologies

Open Document Format for Office Applications (OpenDocument) Version 1.3

Approved: 27 Apr 2021

Specifying the characteristics of an XML-based application-independent and platform-independent digital document file format, as well as the characteristics of software applications which read, write and process such documents.

Content Technologies

Open Document Format for Office Applications (OpenDocument) Version 1.3

Approved: 25 Dec 2019

Part 1 of the Open Document Format for Office Applications (OpenDocument) Version 1.3 specification.

Content Technologies

Open Document Format v1.1 Accessibility Guidelines Version 1.0

Approved: 01 May 2008

A guide for Office Applications, that support version 1.1 of the OpenDocument format, to promote and preserve accessible ODF documents. This guide is not a comprehensive guide for content mapping to platform accessibility APIs.

Content Technologies

OpenDocument Format for Office Applications (OpenDocument) v1.0

Approved: 01 May 2005

An open, XML-based file format for office applications, based
on OpenOffice.org XML [OOo].

Content Technologies

OSLC Architecture Management Version 2.1

Approved: 09 Oct 2018

Defines the OSLC Architecture Management domain, a RESTful web services interface for the management of architectural resources and relationships between those and related resources such as product change requests, activities, tasks, requirements or test cases. To support these scenarios, this specification defines a set of HTTP-based RESTful interfaces in terms of HTTP methods: GET, POST, PUT and DELETE, as well as HTTP response codes, content type handling and resource formats.

Software development

OSLC Architecture Management Version 3.0

Approved: 30 Sep 2021

Software development

OSLC Architecture Management Version 3.0

Approved: 11 Jul 2022

Defining a RESTful web services interface for managing architectural resources and their relationships to related resources

Software development

OSLC Change Management Version 3.0

Approved: 01 Sep 2020

Defines the OSLC Change Management domain, a RESTful web services interface for the management of product change requests, activities, tasks and relationships between those and related resources such as requirements, test cases, or architectural resources. To support these scenarios, this specification defines a set of HTTP-based RESTful interfaces in terms of HTTP methods: GET, POST, PUT and DELETE, HTTP response codes, content type handling and resource formats.

Software development

OSLC Change Management Version 3.0

Approved: 24 Aug 2018

Software development

OSLC Change Management Version 3.0

Approved: 08 Jun 2018

Software development

OSLC Change Management Version 3.0

Approved: 26 May 2021

Defining the constraints for using the OSLC Change Management vocabulary in OSLC. Different sets of constraints may be applied to a vocabulary in order to tailor its use.

Software development

OSLC Configuration Management Version 1.0

Approved: 30 May 2022

Defining an RDF vocabulary and a set of REST APIs for managing versions and configurations of linked data resources from multiple domains.

Software development

OSLC Core Version 3.0

Approved: 01 Sep 2020

Defining the overall approach to Open Services for Lifecycle Collaboration (OSLC) based specifications and capabilities that extend and complement W3C Linked Data Platform.

Software development

OSLC Core Version 3.0

Approved: 05 Apr 2017

Defines the overall approach to Open Services for Lifecycle Collaboration (OSLC) based specifications and capabilities that extend and compliment W3C Linked Data Platform [LDP]. OSLC Core 3.0 constitutes the approach outlined in this document and capabilities referenced in other documents.

Software development

OSLC Core Version 3.0

Approved: 23 Apr 2021

Defining the overall approach to Open Services for Lifecycle Collaboration (OSLC) based specifications and capabilities that extend and complement W3C Linked Data Platform.

Software development

OSLC Core Version 3.0

Approved: 26 Aug 2021

Defining the overall approach to Open Services for Lifecycle Collaboration (OSLC) based specifications and capabilities that extend and complement W3C Linked Data Platform.

Software development

OSLC PROMCODE Version 1.0

Approved: 11 Mar 2022

Defines standard information for managing contracted software delivery based on the OSLC framework

Software development

Produced by:

OSLC Lifecycle Integration for Project Management of Contracted Delivery (OSLC PROMCODE) TC

Voting history:

March 2022

OASIS Standard:****Cite as:

[OSLC-PROMCODE-v1.0-Spec]
OSLC PROMCODE Version 1.0. Part 1: Specification. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 11 March 2022. OASIS Standard. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/os/promcode-spec.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-spec.html.

[OSLC-PROMCODE-v1.0-Vocab]
OSLC PROMCODE Version 1.0. Part 2: Vocabulary. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 11 March 2022. OASIS Standard. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/os/promcode-vocab.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-vocab.html.

[OSLC-PROMCODE-v1.0-Shapes]
OSLC PROMCODE Version 1.0. Part 3: Constraints. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 11 March 2022. OASIS Standard. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/os/promcode-shapes.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-shapes.html.

OSLC PROMCODE Version 1.0

Approved: 10 Nov 2021

Defines standard information for managing contracted software delivery based on the OSLC framework

Software development

Produced by:

OSLC Lifecycle Integration for Project Management of Contracted Delivery (OSLC PROMCODE) TC

Voting history:

November 2021

Voting History

OASIS Standard:

Committee Specification 02

Part 1: Specification

HTML
PDF

Part 2: Vocabulary

HTML
PDF

Part 3: Constraints

HTML
PDF

Machine-readable files

Vocabulary terms
Constraints

Cite as:

[OSLC-PROMCODE-v1.0-Spec]
OSLC PROMCODE Version 1.0. Part 1: Specification. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 10 November 2021. OASIS Committee Specification 02. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-spec.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-spec.html.

[OSLC-PROMCODE-v1.0-Vocab]
OSLC PROMCODE Version 1.0. Part 2: Vocabulary. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 10 November 2021. OASIS Committee Specification 02. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-vocab.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-vocab.html.

[OSLC-PROMCODE-v1.0-Shapes]
OSLC PROMCODE Version 1.0. Part 3: Constraints. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 10 November 2021. OASIS Committee Specification 02. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-shapes.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-shapes.html.

OSLC PROMCODE Version 1.0

Approved: 15 Feb 2022

Defines standard information for managing contracted software delivery based on the OSLC framework

Software development

Produced by:

OSLC Lifecycle Integration for Project Management of Contracted Delivery (OSLC PROMCODE) TC

Voting history:

February 2022

Voting History

OASIS Standard:

Committee Specification 03

Part 1: Specification

HTML
PDF

Part 2: Vocabulary

HTML
PDF

Part 3: Constraints

HTML
PDF

Machine-readable files

Vocabulary terms
Constraints

Cite as:

[OSLC-PROMCODE-v1.0-Spec]
OSLC PROMCODE Version 1.0. Part 1: Specification. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 15 February 2022. OASIS Committee Specification 03. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs03/promcode-spec.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-spec.html.

[OSLC-PROMCODE-v1.0-Vocab]
OSLC PROMCODE Version 1.0. Part 2: Vocabulary. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 15 February 2022. OASIS Committee Specification 03. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs03/promcode-vocab.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-vocab.html.

[OSLC-PROMCODE-v1.0-Shapes]
OSLC PROMCODE Version 1.0. Part 3: Constraints. Edited by Mikio Aoyama, Yoshio Horiuchi, Tom Kamimura, Shinji Matsuoka, Shigeaki Matsumoto, Masaki Wakao, Kazuo Yabuta, and Hiroyuki Yoshida. 15 February 2022. OASIS Committee Specification 03. https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs03/promcode-shapes.html. Latest stage: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/promcode-shapes.html.

OSLC Quality Management Version 2.1

Approved: 01 Aug 2020

Defines the OSLC Quality Management domain, a RESTful web services interface for the management of product, service or software quality artefacts, activities, tasks and relationships between those and related resources such as requirements, defects, change requests or architectural resources. To support these scenarios, this specification defines a set of HTTP-based RESTful interfaces in terms of HTTP methods: GET, POST, PUT and DELETE, HTTP response codes, content type handling and resource formats.

Software development

OSLC Quality Management Version 2.1

Approved: 19 Jan 2022

Defines the OSLC quality management domain, a RESTful web services interface for the management of product, service or software quality artifacts.

Software development

OSLC Query Version 3.0

Approved: 01 Oct 2020

Provides a mechanism for a client to query or search for RDF resources that match a given criteria. The response to a successful query includes the RDF of a query result container that references the member resources found by the query, and optionally includes selected properties of each member resource.

Software development

OSLC Query Version 3.0

Approved: 26 Aug 2021

Software development

OSLC Requirements Management Version 2.1

Approved: 28 May 2021

Defines the OSLC Requirements Management domain. The specification supports key RESTful web service interfaces for the management of Requirements, Requirements Collections and supporting resources defined in the OSLC Core specification. To support these scenarios, this specification defines a set of HTTP-based RESTful interfaces in terms of HTTP methods: GET, POST, PUT and DELETE, HTTP response codes, content type handling and resource formats.

Software development

OSLC Requirements Management Version 2.1

Approved: 21 Jun 2021

Software development

OSLC Requirements Management Version 2.1

Approved: 01 Sep 2020

Software development

OSLC Requirements Management Version 2.1

Approved: 24 Aug 2018

Software development

OSLC Tracked Resource Set Version 3.0

Approved: 07 Feb 2022

The Tracked Resource Set protocol allows a server to expose a set of resources in a way that allows clients to discover that set of resources, to track additions to and removals from the set, and to track state changes to the resources in the set.

Software development

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40

Approved: 14 Apr 2015

PKCS #11 Cryptographic Token Interface Base Specification Version 3.0

Approved: 15 Jun 2020

Defines a platform-independent API to cryptographic tokens, such as hardware security modules and smart cards. The API itself is named “Cryptoki” (from “cryptographic token interface” and pronounced as “crypto-key”).

Privacy/Identity
Security

PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40

Approved: 14 Apr 2015

PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 3.0

Approved: 15 Jun 2020

PKCS #11 specifications define a platform-independent API to cryptographic tokens, such as hardware security modules and smart cards. “Current Mechanisms” defines mechanisms that are used with the current version of PKCS #11.

Privacy/Identity
Security

PKCS #11 Cryptographic Token Interface Historical Mechanisms Specification Version 2.40

Approved: 14 Apr 2015

PKCS #11 Cryptographic Token Interface Historical Mechanisms Specification Version 3.0

Approved: 15 Jun 2020

PKCS #11 specifications define a platform-independent API to cryptographic tokens, such as hardware security modules and smart cards. “Historical Mechanisms” defines mechanisms for PKCS #11 that are no longer in general use.

Privacy/Identity
Security

PKCS #11 Cryptographic Token Interface Profiles Version 2.40

Approved: 14 Apr 2015

Intended for developers and architects who wish to design systems and applications that conform to the PKCS #11 Cryptographic Token Interface standard.

The PKCS #11 Cryptographic Token Interface standard documents an API for devices that may hold cryptographic information and may perform cryptographic functions.

Privacy/Identity
Security

PKCS #11 Cryptographic Token Interface Profiles Version 3.0

Approved: 15 Jun 2020

PKCS #11 specifications define a platform-independent API to cryptographic tokens, such as hardware security modules and smart cards. “Profiles” is intended to assist developers and architects design systems and applications that conform to the PKCS #11 standard.

Privacy/Identity
Security

PKCS #11 Profiles Version 3.1

Approved: 14 Jul 2022

For developers and architects who wish to design systems and applications that conform to the PKCS #11 Cryptographic Token Interface specification

Privacy/Identity
Security

PKCS #11 Specification Version 3.1

Approved: 11 Aug 2022

Defines data types, functions and other basic components of the PKCS #11 Cryptoki interface for devices that may hold cryptographic information and may perform cryptographic functions.

Security

Privacy Management Reference Model and Methodology (PMRM) Version 1.0

Approved: 17 May 2016

Provides a model and a methodology to

· understand and analyze privacy policies and their privacy management requirements in defined Use Cases; and

· select the technical Services, Functions and Mechanisms that must be implemented to support requisite Privacy Controls.

It is particularly valuable for Use Cases in which Personal Information (PI) flows across regulatory, policy, jurisdictional, and system boundaries.

Cloud
Privacy/Identity

Product Life Cycle Support DEXs Version R5

Approved: 19 Nov 2010

To establish structured data exchange and sharing capabilities for use by industry to support complex engineered assets throughout their total life cycle. The OASIS Product Life Cycle Support (PLCS) DEXs standard is defined by Data Exchange Specifications (DEXs) that are based upon ISO 10303 (STEP) Application Protocol 239 (Product Life Cycle Support).

The scope of the information content of ISO 10303-239 covers:

The identification and composition of a product design from a support viewpoint;
The definition of documents and their applicability to products and support activities;
The identification and composition of individual products;
Configuration management activities, over the complete life cycle;
Activities required to sustain product function;
The resources needed to perform such activities;
The planning and scheduling of such activities;
The capture of feedback on the performance of such activities, including the resources used;
The capture of feedback on the usage and condition of a product;
The definition of the support environment in terms of people, organizations, skills, experience and facilities.
The business goals of the OASIS PLCS DEXs are to satisfy three significant requirements for owners/operators of complex products and systems such as aircraft, ships and power plants, namely:

Reduction in the total cost of ownership
Increased asset availability
Effective information management throughout the product lifecycle

Software development

Product Life Cycle Support Version 1.0

Approved: 15 Oct 2013

To establish structured data exchange and sharing capabilities for use by industry to support complex engineered assets throughout their total life cycle. The OASIS Product Life Cycle Support (PLCS) standard is defined by Data Exchange Specifications (DEX) that are based upon ISO 10303 (STEP) Application Protocol 239 Product Life Cycle Support.

The scope of the information content of ISO 10303-239 covers:

Reduction in the total cost of ownership;
Increased asset availability;
Effective information management throughout the product lifecycle.

Software development

Production Planning and Scheduling (PPS) Version 1.0

Approved: 30 Sep 2011

Deals with problems of decision-making in all manufacturing companies who want to have a sophisticated information system for production planning and scheduling. PPS specification provides XML schema and communication protocols for information exchange among manufacturing application programs in the web-services environment. The Core Elements section focuses on information model of core elements which can be used as ontology in the production planning and scheduling domain. Since the elements have been designed without particular contexts in planning and scheduling, they can be used in any specific type of messages as a building block depending on the context of application programs. The Transaction Messages section focuses on transaction messages that represent domain information sent or received by application programs in accordance with the context of the communication, as well as transaction rules for contexts such as pushing and pulling of the information required. Finally, the Profile Specifications section focuses on profiles of application programs that may exchange the messages. Application profile and implementation profile are defined. Implementation profile shows capability of application programs in terms of services for message exchange, selecting from all exchange items defined in the application profile. The profile can be used for definition of a minimum level of implementation of application programs which are involved in a community of data exchange.

Content Technologies
e-Business

Reference Architecture Foundation for Service Oriented Architecture Version 1.0

Approved: 05 Dec 2012

Specifies the OASIS Reference Architecture Foundation for Service Oriented Architecture (SOA-RAF). It follows from the concepts and relationships defined in the OASIS Reference Model for Service Oriented Architecture as well as work conducted in other organizations. While it remains abstract in nature, the current document describes the foundation upon which specific SOA concrete architectures can be built.

The focus of the SOA-RAF is on an approach to integrating business with the information technology needed to support it. These issues are always present but are all the more important when business integration involves crossing ownership boundaries.

The SOA-RAF follows the recommended practice of describing architecture in terms of models, views, and viewpoints, as prescribed in the ANSI/IEEE 1471-2000.

It has three main views: the Participation in a SOA Ecosystem view which focuses on the way that participants are part of a Service Oriented Architecture ecosystem; the Realization of a SOA Ecosystem view which addresses the requirements for constructing a SOA-based system in a SOA ecosystem; and the Ownership in a SOA Ecosystem view which focuses on what is meant to own a SOA-based system.

The SOA-RAF is of value to Enterprise Architects, Business and IT Architects as well as CIOs and other senior executives involved in strategic business and IT planning.

e-Business

Reference Model for Open Architecture for XML Authoring and Localization Version 1.0

Approved: 12 Dec 2009

Provides a comprehensive, efficient, and cost-effective model for building an XML lifecycle production framework based completely on Open Standards from OASIS, LISA OSCAR and W3C.

Software development

Reference Model for Service Oriented Architecture (SOA-RM) v1.0

Approved: 01 Oct 2006

An abstract framework for understanding significant entities and relationships between them within a service-oriented environment, and for the development of consistent standards or specifications supporting that environment. It is based on unifying concepts of SOA and may be used by architects developing specific service oriented architectures or in training and explaining SOA.

A reference model is not directly tied to any standards, technologies or other concrete implementation details. It does seek to provide a common semantics that can be used unambiguously across and between different implementations. The relationship between the Reference Model and particular architectures, technologies and other aspects of SOA is illustrated in Figure 1.

While service-orientation may be a popular concept found in a broad variety of applications, this reference model focuses on the field of software architecture. The concepts and relationships described may apply to other “service” environments; however, this specification makes no attempt to completely account for use outside of the software domain.

RELAX NG Compact Syntax

Approved: 01 Nov 2002

RELAX NG DTD Compatibility

Approved: 01 Nov 2001

Defines datatypes and annotations for use in [RELAX NG] schemas. The purpose of these datatypes and annotations is to support some of the features of XML 1.0 DTDs that are not supported directly by RELAX NG.

Content Technologies

RELAX NG Specification

Approved: 01 Nov 2001

The definitive specification of RELAX NG, a simple schema language for XML, based on [RELAX] and [TREX]. A RELAX NG schema specifies a pattern for the structure and content of an XML document. A RELAX NG schema is itself an XML document.

Content Technologies

Reliable Secure Profile Version 1.0

Approved: 16 Jun 2014

Defines the WS-I Reliable Secure Profile Version 1.0 consisting of a set clarifications, refinements, interpretations and amplifications to a combination of non-proprietary Web services specifications in order to promote interoperability. In particular it profiles the use of WS-SecureConversation, WS-ReliableMessaging and WS-MakeConnection. This profile extends either one of the Basic Profiles BP1.2 or BP2.0.

Web Services

Repeatable Requests Version 1.0

Approved: 07 Jul 2020

Describes a method to provide the ability to retry unsafe (i.e. POST, PUT, PATCH, DELETE) requests without incurring unintended side-effects. This specification can be applied to any HTTP based protocol.

Cloud
Messaging

REST Profile of XACML v3.0 Version 1.0

Approved: 23 Nov 2014

Defines a profile for the use of XACML in a RESTful architecture.

Security

S-RAMP Version 1.0

Approved: 23 Dec 2013

Vendors offer tools to facilitate various activities across the life cycle of a SOA artifact, such as design, assembly, quality assurance, deployment and runtime operation of SOA based applications and business processes. The lack of a standardized information model and interaction protocol for artifacts and their metadata residing in a SOA repository means that tools must be customized for use with each different vendor’s SOA repository product. This reduces choice, flexibility and adds costs for customers when choosing tools. This specification defines a SOA artifact data model together with bindings that describe the syntax for interacting with a SOA repository.

SAM Threshold Sharing Schemes Version 1.0

Approved: 09 Mar 2022

Intended for developers and architects who wish to design systems and applications that utilize threshold sharing schemes in an interoperable manner.

Cybersecurity
Security

SAM Threshold Sharing Schemes Version 1.0

Approved: 14 Oct 2021

Intended for developers and architects who wish to design systems and applications that utilize threshold sharing schemes in an interoperable manner.

Cybersecurity
Security

SAM Threshold Sharing Schemes Version 1.0

Approved: 04 Aug 2021

For developers and architects who wish to design secure systems that use threshold sharing schemes in an interoperable manner

Cybersecurity
Security

SAM Threshold Sharing Schemes Version 1.0

Approved: 19 Aug 2021

For developers and architects who wish to design systems and applications that utilize threshold sharing schemes in an interoperable manner.

Cybersecurity
Security

SAML 2.0 Protocol Extension for Requested Authentication Context

Approved: 23 May 2007

Defines a protocol extension to SAML 2.0 specification Error: Reference source not found that facilitates a more flexible model for expressing Authentication Context than that currently supported. The extension allows service providers to express combinations of Authentication Context classes in their requests for authentication assertions. The expectation is that the extension, when its additional functionality was necessary, would be used in replacement of the existing Authentication Context mechanisms in the authentication request message. Readers should be familiar with Error: Reference source not found before reading this document.

Security

SAML 2.0 Session Token Profile Version 1.0

Approved: 24 Nov 2011

Web Servers and Application Servers generally maintain security state information for currently active users, particularly once some type of authentication has occurred. This specification defines a format for communicating such security session state based on the OASIS SAML Assertion. It also specifies two different mechanisms for communicating this information between servers via a standard Web browser.

Security

SAML 2.0 Shared Credentials Authentication Context Extension and Related Classes

Approved: 23 May 2007

Defines an authentication context extension to the SAML 2.0 Authentication Context specification SAMLAC that allows providers to distinguish whether or not the credential by which a principal authenticates to the identity provider is known to be shared amongst a group of users or unique to that user. Two new Authentication Context classes and associated schemas are also introduced to distinguish between these two cases.

Readers should be familiar with SAMLAC before reading this document.

Security

SAML Conformance Clause for AS4/ebMS Version 1.0

Approved: 30 Jan 2014

Provides a specification as to how an ebMS3/AS4 MSH can support SAML in addition to the username/password and X.509 token profiles of WS-Security for authentication.

The usage of the username/password and X.509 token profiles of WS-Security are defined in some detail in ebMS3 and AS4. SAML is included in ebMS3 but is not defined in detail. AS4 does not discuss SAML.

This document will define the use of SAML in ebMS3 and apply that to the scenarios addressed by AS4.

Security

SAML V1.1 Information Card Token Profile Version 1.0

Approved: 21 Jul 2010

Describes a set of rules for Identity Providers and Relying Parties to follow when using SAML V1.1 assertions as managed Information Card security tokens, so that interoperability and security is achieved commensurate with other SAML authentication profiles.

Security

SAML V2.0 Asynchronous Single Logout Profile Extension Version 1.0

Approved: 23 Nov 2012

Defines an extension to the SAML 2.0 Single Logout Protocol that allows the initiator to indicate that it does not expect to receive a response from the session authority. This improves user interface interoperability in deployments that want the identity provider to control the user experience during logout.

Security

SAML V2.0 Attribute Extensions Version 1.0

Approved: 04 Aug 2009

Defines new XML attributes useful in extending the element to communicate additional information about SAML attributes, their origin, rules for handling them, or any other kind of “meta-information” deemed interesting.

Security

SAML V2.0 Attribute Predicate Profile Version 1.0

Approved: 29 Nov 2011

Provides a mechanism to allow a SAML authority to certify that a given Boolean predicate holds over one or more of a subject’s attribute values, without revealing the exact values of these attributes. The profile further defines a query format for attribute predicates.

Security

SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems

Approved: 27 Mar 2008

Specifies the use of SAML V2.0 attribute queries and assertions to support distributed authorization in support of X.509-based authentication.

Security

SAML V2.0 Change Notify Protocol Version 1.0

Approved: 23 Sep 2011

Describes request and response messages for informing SAML endpoints about available changes to subjects and attributes associated with subjects.

Security

SAML V2.0 Channel Binding Extensions Version 1.0

Approved: 10 Jul 2013

Enables extension-aware SAML requesters and responders to modify protocol behavior in a generic, layered fashion. This specification defines an extension to the SAML V2.0 protocol specification that supports the use of channel bindings in conjunction with SAML profiles. It also includes a new SAML profile that applies the extension to a set of profiles that fit a particular communication pattern.

Security

SAML V2.0 Condition for Delegation Restriction Version 1.0

Approved: 15 Nov 2009

Defines a type for expressing a chain of intermediaries acting on behalf of the subject of an assertion, requring relying parties to distinguish between direct and indirect access.

Security

SAML V2.0 Deployment Profiles for X.509 Subjects

Approved: 27 Mar 2008

Specifies how a principal who has been issued an X.509 identity certificate is represented as a SAML Subject, how an assertion regarding such a principal is produced and consumed, and finally how two entities exchange attributes about such a principal.

Security

SAML V2.0 Enhanced Client or Proxy Profile Version 2.0

Approved: 26 Aug 2013

The SAML V2.0 Enhanced Client or Proxy profile is a SSO profile for use with HTTP, and clients with the capability to directly contact a principal’s identity provider(s) without requiring discovery and redirection by the service provider, as in the case of a browser. This specification updates the original profile by adding support for “Holder of Key” subject confirmation [SAML2HOK] and channel bindings [ChanBind].

Security

SAML V2.0 Holder-of-Key Assertion Profile Version 1.0

Approved: 23 Jan 2010

Describes the issuing and processing of holder-of-key SAML assertions. Specifically, we show how a SAML issuer binds X.509 data to a element and how a relying party confirms that a element matches given X.509 data. The binding material used by the SAML issuer and the matching data used by the relying party are obtained from an X.509 certificate.

Security

SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0

Approved: 10 Aug 2010

Allows for transport of holder-of-key assertions by standard HTTP user agents with no modification of client software and maximum compatibility with existing deployments. The flow is similar to standard Web Browser SSO, but an X.509 certificate presented by the user agent via a TLS handshake supplies a key to be used in a holder-of-key assertion. Proof of possession of the private key corresponding to the public key in the certificate resulting from the TLS handshake strengthens the assurance of the resulting authentication context and protects against credential theft. Neither the identity provider nor the service provider is required to validate the certificate.

Security

SAML V2.0 Identity Assurance Profiles Version 1.0

Approved: 05 Nov 2010

Specifies methods of representing assurance information in two different aspects of SAML. It provides guidelines for the use of SAML’s Authentication Context [SAMLAC] mechanisms to express authentication assurance information within authentication requests and assertions. Separately, it defines an attribute suitable for inclusion in SAML Metadata [SAMLMeta] for enumerating an Identity Provider’s assurance certifications.

Security

SAML V2.0 Information Card Token Profile Version 1.0

Approved: 21 Jul 2010

Describes a set of rules for Identity Providers and Relying Parties to follow when using SAML V2.0 assertions as managed Information Card security tokens, so that interoperability and security is achieved commensurate with other SAML authentication profiles.

Security

SAML V2.0 Kerberos Attribute Profile Version 1.0

Approved: 30 Aug 2011

Defines an attribute profile for the Kerberos protocol.

Security

SAML V2.0 Kerberos Subject Confirmation Method Version 1.0

Approved: 30 Aug 2011

Defines a subject confirmation method for use with the Kerberos protocol.

Security

SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0

Approved: 07 Feb 2012

Allows for transport of assertions using the Kerberos subject confirmation method by standard HTTP user agents with no modification of client software and maximum compatibility with existing deployments. The flow is similar to standard Web Browser SSO, but a Kerberos AP-REQ message is presented by the user agent via the HTTP Negotiate authentication scheme and the Kerberos GSS-API mechanism. The presentation of a valid Kerberos AP-REQ message whose client principal name matches the principal name given in the subject confirmation strengthens the assurance of the resulting authentication context and protects against credential theft.

Security

SAML V2.0 Metadata Extension for Entity Attributes Version 1.0

Approved: 04 Aug 2009

Defines an extension element for use in attaching SAML attributes to an or element, to communicate an arbitrary set of additional information about an entity in its metadata.

Security

SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0

Approved: 24 Oct 2019

Defines a set of extensions to SAML metadata that provide information necessary for user agents to present effective user interfaces and, in the case of identity provider discovery, recommend appropriate choices to the user.

Security

SAML V2.0 Metadata Extensions for Registration and Publication Information Version 1.0

Approved: 04 Apr 2012

Defines a set of extensions to SAML metadata that provide information about the creation and intended usage of the metadata document and information about who and how particular entities were registered.

Security

SAML V2.0 Metadata Interoperability Profile Version 1.0

Approved: 24 Oct 2019

Describes a set of rules for SAML metadata producers and consumers to follow such that federated relationships can be interoperably provisioned, and controlled at runtime in a secure, understandable, and self-contained fashion.

Security

SAML V2.0 Metadata Interoperability Profile Version 1.0

Approved: 04 Aug 2009

Security

SAML v2.0 Metadata Profile for Algorithm Support Version 1.0

Approved: 22 Feb 2011

Includes an element allowing entities to describe the XML Encryption [XMLEnc] algorithms they support. This specification defines metadata extension elements to enable entities to describe the XML Signature [XMLSig] algorithms they support, and a profile for using both elements to enable better algorithm agility for profiles that rely on metadata.

Security

SAML V2.0 Protocol Extension for Requesting Attributes per Request Version 1.0

Approved: 23 Aug 2017

Defines an extension to the SAML V2.0 protocol specification [SAML2Core]. The extension allows Service Providers to specify ad-hoc sets of attributes per request. This brings more flexibility than existing mechanisms, which are based on signaling pre-defined sets of requested attributes.

Security

SAML V2.0 Protocol Extension for Third-Party Requests

Approved: 23 May 2007

Defines an extension to the SAML V2.0 protocol specification [SAML2Core] that facilitates requests made by parties other than the intended response recipient. Protocol extensions enable extension-aware SAML requesters and responders to modify protocol behavior in a generic, layered fashion. Readers should be familiar with [SAML2Core] before reading this document.

Security

SAML V2.0 Subject Identifier Attributes Profile Version 1.0

Approved: 16 Jan 2019

Standardizes two new SAML Attributes to identify security subjects, as a replacement for long-standing inconsistent practice with the and constructs, and to address recognized deficiencies with the SAML V2.0 urn:oasis:names:tc:SAML:2.0:nameid-format:persistent Name Identifier format.

Security

SAML V2.0 Text-Based Challenge/ Response Token AuthenticationContext Class

Approved: 23 May 2007

Covers a subset of challenge/response schemes including those that are based on cryptographic functions and time-based tokens. The notion of text-based challenge/response tokens are not covered by any of the current authentication context definitions.

This document proposes an authentication context class to cover the general case of text-based challenge/response tokens to facilitate signaling their use in SAML. Such schemes include, for example, scratch tokens, numbered list tokens, grid tokens, etc. associated with a challenge/response authentication function. This document also proposes an extension that enables text-based challenge/response token parameters to be specified in relevant authentication contexts. This extension would be included in the of such contexts.

Security

SAML V2.0 X.500/LDAP Attribute Profile

Approved: 27 Mar 2008

A replacement for the X.500/LDAP Attribute Profile found in the original SAML 2.0 Profiles specification [SAML2Prof]. The original profile results in well-formed but schema-invalid XML and cannot be corrected without a normative change.

Security

SAMLv2.0 HTTP POST “SimpleSign” Binding

Approved: 27 Mar 2008

Defines a SAML HTTP protocol binding, specifically using the HTTP POST method, and not using XML Digital Signature for SAML message data origination authentication. Rather, a “sign the BLOB” technique is employed wherein a conveyed SAML message is treated as a simple octet string if it is signed. Conveyed SAML assertions may be individually signed using XMLdsig. Security is optional in this binding.

Security

Schedule Signals and Streams Version 1.0

Approved: 19 Sep 2016

Defines a normative structure for conveying time series of information that is conformant with the WS-Calendar Platform Independent Model (PIM). Specifications that conform to the WS-Calendar PIM can be transformed into each other and into the WS-Calendar 1.0 model. We term these conveyances “Streams”.

Web Services

searchRetrieve v1.0

Approved: 31 Jan 2013

A set of documents for the OASIS Search Web Services (SWS) initiative. This document is the Overview and serves to introduce the full collection of documents.

Web Services

Secure QR Code Authentication Version 1.0

Approved: 01 Jul 2022

Secure QR Code Authentication Version 1.0

Approved: 04 Oct 2022

Security Assertion Markup Language (SAML) v1.0 [OASIS 200205]

Approved: 01 Nov 2002

Defines the syntax and semantics for XML-encoded assertions about
authentication, attributes, and authorization, and for the protocols that convey this information.

Security

Security Assertion Markup Language (SAML) v1.1 [OASIS 200308]

Approved: 01 Sep 2003

Defines the syntax and semantics for XML-encoded assertions about
authentication, attributes, and authorization, and for the protocols that convey this information.

Security

Security Assertion Markup Language (SAML) v2.0

Approved: 01 Mar 2005

Defines the syntax and semantics for XML-encoded assertions about
authentication, attributes, and authorization, and for the protocols that convey this information.

Security

Service Metadata Publishing (SMP) Version 1.0

Approved: 01 Aug 2017

Describes a protocol for publishing service metadata within a 4-corner network. In a 4-corner network, entities are exchanging business documents through intermediary gateway services (sometimes called Access Points). To successfully send a business document in a 4-corner network, an entity must be able to discover critical metadata about the recipient (endpoint) of the business document, such as types of documents the endpoint is capable of receiving and methods of transport supported. The recipient makes this metadata available to other entities in the network through a Service Metadata Publisher service. This specification describes the request/response exchanges between a Service Metadata Publisher and a client wishing to discover endpoint information. A client can either be an end-user business application or a gateway/access point in the 4-corner network. It also defines the request processing that must happen at the client.

e-Business

Service Metadata Publishing (SMP) Version 2.0

Approved: 14 Feb 2021

Standard describes the request/response exchanges between a Service Metadata Publisher and a client wishing to discover endpoint information in a 4-corner network

e-Business

Service Metadata Publishing (SMP) Version 2.0

Approved: 16 Jan 2020

Describes a protocol for publishing service metadata within a 4-corner network. In a 4-corner network, entities are exchanging business documents through intermediary gateway services (sometimes called Access Points). To successfully send a business document in a 4-corner network, an entity must be able to discover critical metadata about the recipient of the business document, such as types of documents the recipient is capable of receiving and methods of transport supported. The recipient makes this metadata available to other entities in the network through a Service Metadata Publisher service. This specification describes the request/response exchanges between a Service Metadata Publisher and a client wishing to discover endpoint information. A client can either be an end-user business application or a gateway/access point in the 4-corner network. It also defines the request processing that must happen at the client.

e-Business

Service Metadata Publishing (SMP) Version 2.0

Approved: 20 May 2019

Describes a protocol for publishing service metadata within a 4-corner network. In a 4-corner network, entities are exchanging business documents through intermediary gateway services (sometimes called Access Points). To successfully send a business document in a 4-corner network, an entity must be able to discover critical metadata about the recipient of the business document, such as types of documents the recipient is capable of receiving and methods of transport supported. The recipient makes this metadata available to other entities in the network through a Service Metadata Publisher service. This specification describes the request/response exchanges between a Service Metadata Publisher and a client wishing to discover endpoint information. A client can either be an end-user business application or a gateway/access point in the 4-corner network. It also defines the request processing that must happen at the client.

e-Business

Service Provider Request Initiation Protocol and Profile Version 1.0

Approved: 05 Nov 2010

Defines a generic browser-based protocol by which a request can be made to a service provider to initiate a protocol-specific request for authentication, and to ask that particular options be used when making such a request.

Security

Service Provisioning Markup Language (SPML) v1.0, [OASIS 200306]

Approved: 01 Nov 2003

Defines an XML-based framework for exchanging user, resource, and service provisioning information within and between organizations.

e-Business

Service Provisioning Markup Language (SPML) v2.0

Approved: 01 Apr 2006

Defines an XML-based framework for exchanging user, resource, and service provisioning information within and between organizations.

e-Business

Produced by:

OASIS Provisioning Services TC

Voting history:

April 2006

Voting History

OASIS Standard:

This specification can be downloaded here and consists of three documents described and available as follows.

OASIS Service Provisioning Markup Language (SPML) v2
OASIS Service Provisioning Markup Language (SPML) v2 - DSML v2 Profile
OASIS Service Provisioning Markup Language (SPML) v2 - XSD Profile

Cite as:

SOA-EERP Business Quality of Service Version 1.0

Approved: 25 Nov 2010

Specifies the XML vocabulary for business quality of service (bQoS), one of three Specifications for end-to-end resource planning (EERP). Business quality of service describes the business-related characteristics or attributes of a service.

SOA-EERP Business Rating of Service Version 1.0

Approved: 25 Nov 2010

Specifies the XML vocabulary for business rating, one of three Specifications for end-to-end resource planning (EERP). Business rating describes the business-related rating and credentials for a service.

SOA-EERP Business Service Level Agreement Version 1.0

Approved: 25 Nov 2010

Specifies the XML vocabulary for business service level agreement (bSLA), one of three Specifications for end-to-end resource planning (EERP). Business service level agreement describes the agreement between two parties, service requester and service provider, on business-related characteristics or attributes of a service.

SOAP-over-UDP v1.1

Approved: 01 Jul 2009

Defines a binding for SOAP envelopes to use datagrams.

Web Services

Solution Deployment Descriptor Specification 1.0

Approved: 01 Sep 2008

Defines schema for two XML document types: Package Descriptors and Deployment Descriptors. Package Descriptors define characteristics of a package used to deploy a solution. Deployment Descriptors define characteristics of the content of a solution package, including the requirements that are relevant for creation, configuration and maintenance of the solution content. The semantics of the descriptors are fully defined, allowing software implementations to precisely understand the intent of the descriptor authors and to use the information provided in the descriptors to support solution deployment.

Content Technologies

Specification for JSON Abstract Data Notation (JADN) Version 1.0 – Committee Specification 01

Approved: 17 Aug 2021

JADN is an information modeling language. It has several purposes including defining data structures, validating data instances, informing user interfaces working with structured data, and facilitating protocol internationalization.

Cybersecurity
Information Modeling

Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0

Approved: 11 Jul 2019

Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1 – Committee Specification 01

Approved: 30 Nov 2021

Specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages. A Testing conformance target is provided to support interoperability testing without security mechanisms.

Cybersecurity
Messaging

Specification for Transfer of OpenC2 Messages via MQTT Version 1.0 – Committee Specification 01

Approved: 19 Nov 2021

Static Analysis Results Interchange Format (SARIF) Version 2.1.0

Approved: 23 Jul 2019

Defines a standard format for the output of static analysis tools. The format is referred to as the “Static Analysis Results Interchange Format” and is abbreviated as SARIF.

Software development

Static Analysis Results Interchange Format (SARIF) Version 2.1.0

Approved: 27 Mar 2020

To form an overall picture of software quality, developers often need to aggregate the results produced by a number of analytical tools, commercial, open source, and home grown. SARIF (https://www.oasis-open.org/standard/sarifv2-1-os/) defines a standard format for the output of static analysis tools, enabling developers to combine the results and more quickly identify problems.

Software development

STIX Version 2.1

Approved: 20 Mar 2020

A language for expressing cyber threat and observable information. This document defines concepts that apply across all of STIX and defines the overall structure of the STIX language.

Cybersecurity

STIX Version 2.1

Approved: 25 Jan 2021

A language for expressing cyber threat and observable information. This document defines concepts that apply across all of STIX and defines the overall structure of the STIX language.

Cybersecurity

STIX Version 2.1

Approved: 10 Jun 2021

A language for expressing cyber threat and observable information. This document defines concepts that apply across all of STIX and defines the overall structure of the STIX language.

Cybersecurity

STIX™ Version 1.2.1

Approved: 05 May 2016

A collaborative, community-driven effort to define and develop a framework for expressing cyber threat information to enable cyber threat information sharing and cyber threat analysis. The STIX framework comprises a collection of extensible component specifications along with an overarching core specification and supporting specifications. This document serves as an overview of those specifications and defines how they are used within the broader STIX framework.

Cybersecurity

Produced by:

OASIS Cyber Threat Intelligence (CTI) TC

Voting history:

May 2016

Voting History

OASIS Standard:****Cite as:

Cite as:

[STIX-v1.2.1-Overview]STIX™ Version 1.2.1. Part 1: Overview. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part1-overview/stix-v1.2.1-cs01-part1-overview.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part1-overview.html.

[STIX-v1.2.1-Common]STIX™ Version 1.2.1. Part 2: Common. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part2-common/stix-v1.2.1-cs01-part2-common.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part2-common.html.

[STIX-v1.2.1-Core]STIX™ Version 1.2.1. Part 3: Core. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part3-core/stix-v1.2.1-cs01-part3-core.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part3-core.html.

[STIX-v1.2.1-Indicator]STIX™ Version 1.2.1. Part 4: Indicator. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part4-indicator/stix-v1.2.1-cs01-part4-indicator.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part4-indicator.html.

[STIX-v1.2.1-TTP]STIX™ Version 1.2.1. Part 5: TTP. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part5-ttp/stix-v1.2.1-cs01-part5-ttp.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part5-ttp.html.

[STIX-v1.2.1-Incident]STIX™ Version 1.2.1. Part 6: Incident. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part6-incident/stix-v1.2.1-cs01-part6-incident.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part6-incident.html.

[STIX-v1.2.1-Threat-actor]STIX™ Version 1.2.1. Part 7: Threat Actor. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part7-threat-actor/stix-v1.2.1-cs01-part7-threat-actor.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part7-threat-actor.html.

[STIX-v1.2.1-Campaign]STIX™ Version 1.2.1. Part 8: Campaign. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part8-campaign/stix-v1.2.1-cs01-part8-campaign.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part8-campaign.html.

[STIX-v1.2.1-COA]STIX™ Version 1.2.1. Part 9: Course of Action. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part9-coa/stix-v1.2.1-cs01-part9-coa.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part9-coa.html.

[STIX-v1.2.1-Exploit-Target]STIX™ Version 1.2.1. Part 10: Exploit Target. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part10-exploit-target/stix-v1.2.1-cs01-part10-exploit-target.html. Latest version: ttp://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part10-exploit-target.html.

[STIX-v1.2.1-Report]STIX™ Version 1.2.1. Part 11: Report. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part11-report/stix-v1.2.1-cs01-part11-report.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part11-report.html.

[STIX-v1.2.1-Extensions]STIX™ Version 1.2.1. Part 12: Default Extensions. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part12-extensions/stix-v1.2.1-cs01-part12-extensions.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part12-extensions.html.

[STIX-v1.2.1-Data-Marking]STIX™ Version 1.2.1. Part 13: Data Marking. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part13-data-marking/stix-v1.2.1-cs01-part13-data-marking.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part13-data-marking.html.

[STIX-v1.2.1-Vocabularies]STIX™ Version 1.2.1. Part 14: Vocabularies. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part14-vocabularies/stix-v1.2.1-cs01-part14-vocabularies.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part14-vocabularies.html.

[STIX-v1.2.1-UML-Model]STIX™ Version 1.2.1. Part 15: UML Model. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/stix/v1.2.1/cs01/part15-uml-model/stix-v1.2.1-cs01-part15-uml-model.html. Latest version: http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part15-uml-model.html.

STIX™ Version 2.0

Approved: 19 Jul 2017

A language for expressing cyber threat and observable information. This document defines concepts that apply across all of STIX and defines the overall structure of the STIX language.

Cybersecurity

Subject-based Profiles for SAML V1.1 Assertions

Approved: 07 Oct 2008

Places constraints upon SAML V1.1 subjects and assertions so that they have properties similar to SAML V2.0 subjects and assertions.

Privacy/Identity
Security

Symmetric Key Services Markup Language (SKSML) Version 1.0

Approved: 11 Jan 2011

Defines the first (1.0) version of the Symmetric Key Services Markup Language (SKSML), an XML-based messaging protocol, by which applications executing on computing devices may request and receive symmetric key-management services from centralized key-management servers, securely, over networks. Applications using SKSML are expected to either implement the SKSML protocol, or use a software library – called the Symmetric Key Client Library (SKCL) – that implements this protocol. SKSML messages are transported securely over standard HTTP using XML Security (XML Signature and XML Encryption).

Messaging

Symptoms Automation Framework (SAF) Version 1.0

Approved: 21 Jan 2014

Defines a reference architecture for the Symptoms Automation Framework, a tool in the automatic detection, optimization, and remediation of operational aspects of complex systems, notably data centers. It also provides a non-normative XML data model, based on a pseudo schema and an XSD.

Software development

TAXII Version 2.1

Approved: 27 Jan 2020

An application layer protocol for the communication of cyber threat information in a simple and scalable manner. This specification defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations.

Cybersecurity

TAXII Version 2.1

Approved: 10 Jun 2021

Cybersecurity

TAXII™ Version 1.1.1

Approved: 05 May 2016

Produced by:

OASIS Cyber Threat Intelligence (CTI) TC

Voting history:

May 2016

Voting History

OASIS Standard:****Cite as:

Cite as:

[TAXII-v1.1.1-Overview]TAXII™ Version 1.1.1. Part 1: Overview. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part1-overview/taxii-v1.1.1-cs01-part1-overview.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part1-overview.html.

[TAXII-v1.1.1-Services]TAXII™ Version 1.1.1. Part 2: Services. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part2-services/taxii-v1.1.1-cs01-part2-services.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part2-services.html.

[TAXII-v1.1.1-HTTP]TAXII™ Version 1.1.1. Part 3: HTTP Protocol Binding. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part3-http/taxii-v1.1.1-cs01-part3-http.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part3-http.html.

[TAXII-v1.1.1-XML-Msg]TAXII™ Version 1.1.1. Part 4: XML Message Binding. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part4-xml/taxii-v1.1.1-cs01-part4-xml.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part4-xml.html.

[TAXII-v1.1.1-Query]TAXII™ Version 1.1.1. Part 5: Default Query. Edited by Mark Davidson, Charles Schmidt, and Bret Jordan. 05 May 2016. OASIS Committee Specification 01. http://docs.oasis-open.org/cti/taxii/v1.1.1/cs01/part5-query/taxii-v1.1.1-cs01-part5-query.html. Latest version: http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part5-query.html.

TAXII™ Version 2.0

Approved: 19 Jul 2017

Cybersecurity

Telecom SOA Requirements Version 1.0

Approved: 16 Jun 2010

Collecting requirements related to technical issues and gaps of SOA standards (specified by OASIS and other SDOs) utilized within the context of Telecoms. Such technical issues are documented in SOA-TEL’s TC first deliverable “Telecom Use Cases and Issues, v.1.0”.

For each of the issues within the “Telecom Use Cases and Issues, v.1.0”, specific requirements are provided within this document. Where possible, non prescriptive solution proposals to the identified issues and requirements are also described, in order to possibly assist those Technical Committees (within OASIS and other SDOs) responsible for the development and maintenance of the SOA related standards.

Telecom SOA Use Cases and Issues Version 1.0

Approved: 09 Mar 2010

Collecting potential technical issues and gaps of SOA standards (specified by OASIS and other SDOs) utilized within the context of Telecoms.

All perceived technical issues on SOA standards contained in this document are structured with a description of the context, a use case, and a rationalization of the possible gap within the standard.

Amongst future deliverables of the SOA-TEL TC there is a Requirements specification, which will aim to extend the current core SOA enabling stack (Web Services and/or REST, etc.) in support of Telecom needs on the basis of the issues identified within the present document.

Test Assertions Model v1.0

Approved: 16 Oct 2012

Defines a model for Test Assertions that are associated with a specification, and defines their use and semantics.

Software development

Test Assertions Part 2 – Test Assertion Markup Language Version 1.0

Approved: 01 Dec 2011

Defines an XML vocabulary for representing test assertions aligned with the Test Assertions Model.

Software development

The DocBook Schema Version 5.0.1

Approved: 07 Nov 2018

Updated with the new Schematron rules so users can continue using DocBook 5.0 if they need to use newer Schematron tools.

Content Technologies

The State of ODF Interoperability Version 1.0

Approved: 10 Dec 2010

Discusses interoperability with respect to the OASIS OpenDocument Format (ODF) and notes specific areas where implementors might focus in order to improve interoperability among ODF-supporting applications.

Content Technologies

Topology and Orchestration Specification for Cloud Applications Version 1.0

Approved: 24 Nov 2013

Introduces the formal description of Service Templates, including their structure, properties, and behavior.

Cloud

Topology and Orchestration Specification for Cloud Applications Version 1.0

Approved: 25 Nov 2013

Enable interoperable deployment of cloud services and their management throughout the complete lifecycle (e.g. scaling, patching, monitoring, etc.) when the applications are ported over alternative cloud environments.

Cloud

TOSCA Simple Profile in YAML Version 1.0

Approved: 21 Dec 2016

Defines a simplified profile of the TOSCA version 1.0 specification in a YAML rendering which is intended to simplify the authoring of TOSCA service templates. This profile defines a less verbose and more human-readable YAML rendering, reduced level of indirection between different modeling artifacts as well as the assumption of a base type system.

Cloud

TOSCA Simple Profile in YAML Version 1.1

Approved: 30 Jan 2018

Defines a simplified profile of the TOSCA Version 1.0 specification in a YAML rendering which is intended to simplify the authoring of TOSCA service templates. This profile defines a less verbose and more human-readable YAML rendering, reduced level of indirection between different modeling artifacts as well as the assumption of a base type system.

Cloud

TOSCA Simple Profile in YAML Version 1.2

Approved: 19 Jul 2018

Cloud

TOSCA Simple Profile in YAML Version 1.2

Approved: 17 Jan 2019

Cloud

TOSCA Simple Profile in YAML Version 1.3

Approved: 18 Sep 2019

Cloud

TOSCA Simple Profile in YAML Version 1.3

Approved: 26 Feb 2020

Specifies a rendering of TOSCA which aims to provide a more accessible syntax as well as a more concise and incremental expressiveness of the TOSCA DSL in order to minimize the learning curve and speed the adoption of the use of TOSCA to portably describe cloud applications.

Cloud

Transformational Government Framework (TGF) Pattern Language Core Patterns v1.0

Approved: 25 Apr 2013

A practical “how to” standard for the design and implementation of an effective program of technology-enabled change at national, state or local government level. It describes a managed process of ICT-enabled change in the public sector, which puts the needs of citizens and businesses at the heart of that process and which achieves significant and transformational impacts on the efficiency and effectiveness of government.

The complete Framework consists of:

· The TGF Primer

· The TGF Pattern Language

· and possibly other future deliverables

The TGF Pattern Language is a formalization of the Framework that is both human-readable and machine-tractable. It provides a concise, structured and formal set of “patterns” using the so‑called “Alexandrian form”, where each pattern describes a core problem, a context in which the problem arises and an archetypal solution to the stated problem.

This Work Product constitutes the initial set of patterns that form the core of the TGF Pattern Language. This set may be revised and/or extended from time to time as appropriate.

eGov/Legal

Transformational Government Framework Version 2.0

Approved: 01 May 2014

A practical “how to” standard for the design and implementation of an effective program of technology-enabled change at national, state or local government level. It describes a managed process of ICT-enabled change within the public sector and in its relationships with the private and voluntary sectors, which puts the needs of citizens and businesses at the heart of that process and which achieves significant and transformational impacts on the efficiency and effectiveness of government.

The TGF provides a tried and tested way forward utilizing the best parts of existing e-Government programs and avoiding large new investments. Its formalization as a Pattern Language enables it to be encapsulated in more formal, tractable, and machine-processable forms, thus making it easy to integrate into desk-top tools and management software aiding testing and assurance of compliance and conformance.

This Work Product constitutes the initial core set of patterns that form the TGF Standard. This set may be revised and/or extended from time to time as appropriate. It replaces and supersedes both the TGF Primer Version 1.0 and the TGF Pattern Languages Core Patterns Version 1.0.

eGov/Legal

Transport Protocol Bindings for OASIS Energy Interoperation 1.0 Version 1.0

Approved: 02 Oct 2012

Defines EI services and operations, XML, service and operation payloads and service operation interaction patterns. EI payloads can be exchanged using WSDL-based SOAP messages or using other transport protocols. For interoperability, any use of other networking technologies should be profiled and standardized. This version of this specification specifies standardized exchange of EI messages using the AS4 profile of the OASIS ebMS 3.0 OASIS Standard.

Energy

UBL 2 Guidelines for Customization, First Edition

Approved: 25 Dec 2009

UBL 2.0 International Data Dictionary, Volume 1: Japanese, Italian, and Spanish

Approved: 07 Jul 2009

UDDI v2 [OASIS 200302]

Approved: 01 May 2003

Describes the programming interface and expected behaviors of all instances of the Universal Description, Discovery and Integration (UDDI) registry. The primary audience for this document is programmers who want to write software that will directly interact with a UDDI Operator Site.

Web Services

Produced by:

OASIS UDDI Specifications TC

Voting history:

April 2003

Voting History

OASIS Standard:

The UDDI Version 2 OASIS Standard set consists of the following documents.

UDDI Version 2 API Specification. UDDI Version 2.04 API, Published Specification, Dated 19 July 2002: HTML / PDF
(492 KB)
UDDI Version 2 Data Structure. UDDI Version 2.03, Data Structure Reference, Published Specification, Dated 19 July 2002: HTML / PDF
(349 KB)
UDDI Version 2 XML Schema. Version 2.0 UDDI XML Schema 2001: uddi_v2.xsd
UDDI Version 2 Replication UDDI Version 2.03, Replication Specification, Published Specification, Dated 19 July 2002: HTML
/ PDF (251 KB)
UDDI Version 2 XML Replication Schema. Version 2.03 Replication XML Schema 2001: uddi_v2replication.xsd
UDDI Version 2 XML Custody Schema. UDDI XML Custody Schema: uddi_v2custody.xsd
UDDI Version 2 Operator’s Specification. UDDI Version 2.01, Operator’s Specification, Published Specification, Dated 19 July 2002: HTML / PDF
(205 KB)
UDDI Version 2 WSDL Service Interface Descriptions. UDDI Inquire API: inquire_v2.wsdl and UDDI Publish API: publish_v2.wsdl
UDDI Version 2 tModels:
UDDI Registry tModels
UDDI Other Core tModel
Replication tModels
Taxonomy tModels

Cite as:

Universal Business Language (UBL) v1.0:

Approved: 01 Nov 2004

Defines the Universal Business Language, a generic XML interchange format for business documents that can be restricted or extended to meet the requirements of particular industries.

Content Technologies
e-Business

Universal Business Language (UBL) v2.0

Approved: 01 Dec 2006

Universal Business Language (UBL) v2.1

Approved: 04 Nov 2013

Universal Business Language Naming & Design Rules v1.0 (UBL NDR)

Approved: 01 Jan 2005

Documents the naming and design rules and guidelines for the
construction of XML components for the UBL vocabulary.

e-Business

Universal Business Language Version 2.2

Approved: 22 Mar 2018

Defines the Universal Business Language, version 2.2.

e-Business

Universal Business Language Version 2.2

Approved: 09 Jul 2018

Defining a generic XML interchange format for business documents that can be restricted or extended to meet the requirements of particular industries.

e-Business

Universal Business Language Version 2.3

Approved: 19 Jan 2021

UBL is the leading interchange format for business documents.

e-Business

Universal Business Language Version 2.3

Approved: 15 Jun 2021

UBL is the leading interchange format for business documents.

e-Business

Universal Description, Discovery and Integration v3.0.2 (UDDI)

Approved: 01 Feb 2005

Universal Description Discovery & Integration (UDDI) is the definition of a set of services supporting the description and discovery of businesses, organizations, and other Web services providers, the Web services they make available, and the technical interfaces which may be used to access those services.

Web Services

Unstructured Information Management Architecture (UIMA) v1.0

Approved: 01 Mar 2009

Defines platform-independent data representations and interfaces for software components or services called analytics, which analyze unstructured information and assign semantics to regions of that unstructured information.

Content Technologies

UOML (Unstructured Operation Markup Language) Part 1 v1.0

Approved: 01 Oct 2008

Defines a markup language for unstructured document operation, including the definitions of abstract document model and document operating instructions to the abstract document model.

Content Technologies

User Interface Markup Language (UIML) Version 4.0

Approved: 01 May 2009

Provides a vendor-neutral, canonical representation of any user interface (UI) suitable for mapping to existing languages. UIML provides a highly device-independent method to describe a user interface.

Content Technologies

Using the AMQP Anonymous Terminus for Message Routing Version 1.0

Approved: 17 Sep 2018

An open internet protocol for business messaging. AMQP defines links as a unidirectional transport for messages between a source and a target. The target of a link identifies the node to which messages are to be sent to. If a large number of distinct destinations are in use, or if the destinations to be sent to are not known ahead of time (for example, they are provided as a reply-to in incoming messages) then creating a link per destination can be burdensome. This document defines a mechanism whereby a single outgoing link can be used to transfer messages which are then routed using the address carried in their “to” field.

Messaging

Virtual I/O Device (VIRTIO) Version 1.0

Approved: 03 Mar 2016

Describes the specifications of the “virtio” family of devices. These devices are found in virtual environments, yet by design they look like physical devices to the guest within the virtual machine – and this document treats them as such. This similarity allows the guest to use standard drivers and discovery mechanisms.
The purpose of virtio and this specification is that virtual environments and guests should have a straightforward, efficient, standard and extensible mechanism for virtual devices, rather than boutique per-environment or per-OS mechanisms.

Virtual I/O Device (VIRTIO) Version 1.1

Approved: 11 Apr 2019

Virtual I/O Device (VIRTIO) Version 1.2

Approved: 01 Jul 2022

Virtualization

Visible Signature Profile of the OASIS Digital Signature Services Version 1.0

Approved: 08 May 2010

Enables to embed visible signature characteristics into documents as part of a digital signature operation and also validate these characteristics as part of the verify signature operation.

e-Business

Web Services – Human Task (WS-HumanTask) Specification Version 1.1

Approved: 17 Aug 2010

Introduces the definition of human tasks, including their properties, behavior and a set of operations used to manipulate human tasks. A coordination protocol is introduced in order to control autonomy and life cycle of service-enabled human tasks in an interoperable manner.

Web Services

Web Services Business Process Execution Language v2.0

Approved: 01 Apr 2007

Defines a language for specifying business process behavior based on Web Services. This language is called Web Services Business Process Execution Language (abbreviated to WS-BPEL in the rest of this document). Processes in WS-BPEL export and import functionality by using Web Service interfaces exclusively.

Business processes can be described in two ways. Executable business processes model actual behavior of a participant in a business interaction. Abstract business processes are partially specified processes that are not intended to be executed. An Abstract Process may hide some of the required concrete operational details. Abstract Processes serve a descriptive role, with more than one possible use case, including observable behavior and process template. WS-BPEL is meant to be used to model the behavior of both Executable and Abstract Processes.

WS-BPEL provides a language for the specification of Executable and Abstract business processes. By doing so, it extends the Web Services interaction model and enables it to support business transactions. WS-BPEL defines an interoperable integration model that should facilitate the expansion of automated process integration in both the intra-corporate and the business-to-business spaces.

Web Services

Web Services Context (WS-Context) v1.0

Approved: 01 Apr 2007

Web services exchange XML documents with structured payloads. The processing semantics of an execution endpoint may be influenced by additional information that is defined at layers below the application protocol. When multiple Web services are used in combination, the ability to structure execution related data called context becomes important. This information is typically communicated via SOAP Headers. WS-Context provides a definition, a structuring mechanism, and service definitions for organizing and sharing context across multiple execution endpoints.

The ability to compose arbitrary units of work is a requirement in a variety of aspects of distributed applications such as workflow and business-to-business interactions. By composing work, we mean that it is possible for participants in an activity to be able to determine unambiguously whether or not they are participating in the same activity.

An activity is the execution of multiple Web services composed using some mechanism external to this specification, such as an orchestration or choreography. A common mechanism is needed to capture and manage contextual execution environment data shared, typically persistently, across execution instances.

Web Services

Web Services Dynamic Discovery (WS-Discovery) v1.1

Approved: 01 Jul 2009

Defines a discovery protocol to locate services. In an ad hoc mode of operation, probes are sent to a multicast group, and target services that match return a response directly to the requester. To scale to a large number of endpoints and to extend the reach of the protocol, this protocol defines a managed mode of operation and a multicast suppression behavior if a discovery proxy is available on the network. To minimize the need for polling, target services that wish to be discovered send an announcement when they join and leave the network.

Web Services

Web Services Federation Language (WS-Federation) v1.2

Approved: 01 May 2009

Defines mechanisms to allow different security realms to federate, such that authorized access to resources managed in one realm can be provided to security principals whose identities and attributes are managed in other realms. This includes mechanisms for brokering of identity, attribute, authentication and authorization assertions between realms, and privacy of federated claims.

By using the XML, SOAP and WSDL extensibility models, the WS-* specifications are designed to be composed with each other to provide a rich Web services environment. WS-Federation by itself does not provide a complete security solution for Web services. WS-Federation is a building block that is used in conjunction with other Web service, transport, and application-specific protocols to accommodate a wide variety of security models.

Web Services

Web Services for Remote Portlets (WSRP) v1.0 [OASIS 200304]

Approved: 01 Sep 2003

Enables an application designer or administrator to pick from a rich choice
of compliant remote content and application providers, and integrate them with just a few
mouse clicks and no programming effort.

Web Services

Web Services for Remote Portlets (WSRP) v2.0

Approved: 01 Apr 2008

Integration of remote content and application logic into an End-User presentation has been a task requiring significant custom programming effort. Typically, vendors of aggregating applications, such as a portal, write special adapters for applications and content providers to accommodate the variety of different interfaces and protocols those providers use. The goal of this specification is to enable an application designer or administrator to pick from a rich choice of compliant remote content and application providers, and integrate them with just a few mouse clicks and no programming effort. This revision of the specification adds Consumer managed coordination, additional lifecycle management and a set of related aggregation enhancements.

This specification is the effort of the OASIS Web Services for Remote Portlets (WSRP) Technical Committee which aims to simplify the effort required of integrating applications to quickly exploit new web services as they become available.

This standard layers on top of the existing web services stack, utilizing existing web services standards and will leverage emerging web service standards (such as policy) as they become available. The interfaces defined by this specification use the Web Services Description Language (WSDL).

Web Services

Web Services MakeConnection v1.1

Approved: 01 Feb 2009

Describes a protocol that allows messages to be transferred between nodes implementing this protocol by using a transport-specific back-channel. The protocol is described in this specification in a transport-independent manner allowing it to be implemented using different network technologies. To support interoperable Web services, a SOAP binding is defined within this specification.

The protocol defined in this specification depends upon other Web services specifications for the identification of service endpoint addresses and policies. How these are identified and retrieved are detailed within those specifications and are out of scope for this document.

By using the XML [XML], SOAP [SOAP 1.1], [SOAP 1.2] and WSDL [WSDL 1.1] extensibility model, SOAP-based and WSDL-based specifications are designed to be composed with each other to define a rich Web services environment. As such, WS-MakeConnection by itself does not define all the features required for a complete messaging solution. WS-MakeConnection is a building block that is used in conjunction with other specifications and application-specific protocols to accommodate a wide variety of requirements and scenarios related to the operation of distributed Web services.

Web Services

Web Services Quality Factors Version 1.0

Approved: 22 Jul 2011

Provides a standard for quality factors of web services in their development, usage and management. Web services usually have distinguished characteristics. They are service-oriented, network-based, variously bind-able, loosely-coupled, platform independent, and standard-protocol based. As a result, a web service system requires its own quality factors unlike installation-based software. For instance, as the quality of web services can be altered in real-time according to changes by the service provider, considering real-time properties of web services is very meaningful in describing the web services quality. This document presents the quality factors of web services with definition, classification, and sub-factors case by case. For each quality factor, related specifications are cited with a brief explanation. This specification can be generally extended to the definition of quality of SOA and to provide the foundation for quality in the SOA system.

Web Services

Web Services ReliableMessaging Policy v1.2

Approved: 01 Feb 2009

Describes a domain-specific policy assertion for WS-ReliableMessaging [WS-RM] that that can be specified within a policy alternative as defined in WS-Policy Framework [WS-Policy].

By using the XML [XML], SOAP [SOAP 1.1], [SOAP 1.2] and WSDL [WSDL 1.1] extensibility models, the WS* specifications are designed to be composed with each other to provide a rich Web services environment. This by itself does not provide a negotiation solution for Web services. This is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of policy exchange models.

Web Services

Web Services ReliableMessaging v1.2

Approved: 01 Feb 2009

Describes a protocol that allows messages to be transferred reliably between nodes implementing this protocol in the presence of software component, system, or network failures. The protocol is described in this specification in a transport-independent manner allowing it to be implemented using different network technologies. To support interoperable Web services, a SOAP binding is defined within this specification.

By using the XML [XML], SOAP [SOAP 1.1], [SOAP 1.2] and WSDL [WSDL 1.1] extensibility model, SOAP-based and WSDL-based specifications are designed to be composed with each other to define a rich Web services environment. As such, WS-ReliableMessaging by itself does not define all the features required for a complete messaging solution. WS-ReliableMessaging is a building block that is used in conjunction with other specifications and application-specific protocols to accommodate a wide variety of requirements and scenarios related to the operation of distributed Web services.

Web Services

Web Services Resource Framework (WSRF) v1.2

Approved: 01 Apr 2006

A family of OASIS-published specifications for web services. Web Services Resource Framework provides a set of operations that web services can use to implement stateful interactions.

Web Services

Web Services Resource Metadata 1.0

Approved: 09 Nov 2006

The components introduced by the WS Resource Framework (WSRF) address functional aspects of modeling stateful resources (such as systems resources) using Web services. WSRF uses WSDL (currently WSDL 1.1) as the form of service description. There is a need to be able to supplement the descriptive information available about a WS-Resource. The format of the information about the components of a WS-Resource is standardized by WSRF, most notably in the resource properties document [WS-ResourceProperties].

In the realm of resource properties, the loosely coupled operations for reading and writing of properties [WS-ResourceProperties] would benefit from metadata. An example of this type of metadata is the mutability constraints and an enumeration of possible values for resource property elements. This document explains the need for such metadata and proposes an information model representing it that would be applicable to Manageable Resources and WS-Resources in general.

Web Services

Web Services Security

Approved: 01 Dec 2004

Describes how to use Security Assertions Markup Language (SAML) V1.1 assertions and ISO/IEC 21000-5 Rights Expressions with the Web Services Security (WSS): SOAP Message Security [WS-Security] specification.

Web Services

Web Services Security v1.0 (WS-Security 2004) [OASIS 200401]

Approved: 01 Apr 2004

Builds on the Web Services security foundations as described in the WS-Security specification

Web Services

Web Services Security v1.1

Approved: 01 Feb 2006

Proposing a standard set of SOAP extensions that can be used when building secure Web services to implement message content integrity and confidentiality.

Web Services

Web Services Security v1.1.1

Approved: 19 May 2012

Describes how to use various security and rights tokens ISO/IEC 21000-5 Rights Expressions with the Web Services Security (WSS) specification.

Web Services

Web Services Transaction v1.1

Approved: 01 Mar 2007

Describes an extensible framework for providing protocols that coordinate the actions of distributed applications. Such coordination protocols are used to support a number of applications, including those that need to reach consistent agreement on the outcome of distributed activities.

Web Services

WebCGM v2.0

Approved: 01 Jan 2007

Computer Graphics Metafile (CGM) is an ISO standard, defined by ISO/IEC 8632:1999, for the interchange of 2D vector and mixed vector/raster graphics. WebCGM is a profile of CGM, which adds Web linking and is optimized for Web applications in technical illustration, electronic documentation, geophysical data visualization, and similar fields. First published (1.0) in 1999 and followed by a second (errata) release in 2001, WebCGM unifies potentially diverse approaches to CGM utilization in Web document applications. It therefore represents a significant interoperability agreement amongst major users and implementers of the ISO CGM standard.

WebCGM 2.0 adds a DOM (API) specification for programmatic access to WebCGM objects, and a specification of an XML Companion File (XCF) architecture, for externalization of non-graphical metadata. WebCGM 2.0, in addition, builds upon and extends the graphical and intelligent content of WebCGM 1.0, delivering functionality that was forecast for WebCGM 1.0, but was postponed in order to get the standard and its implementations to users expeditiously.

The design criteria for WebCGM aim at a balance between graphical expressive power on the one hand, and simplicity and implementability on the other. A small but powerful set of standardized metadata elements supports the functionalities of hyperlinking and document navigation, picture structuring and layering, and enabling search and query of WebCGM picture content.

Web Services

WebCGM v2.1

Approved: 01 Mar 2010

Describing a profile of Computer Graphics Metafile (CGM), ISO/IEC 8632:1999. WebCGM adds Web linking and is optimized for Web applications in technical illustration, electronic documentation, geophysical data visualization, and similar fields. It represents a significant interoperability agreement amongst major users and implementers of the ISO CGM standard.

Content Technologies

WS-AtomicTransaction v1.2

Approved: 01 Feb 2009

Provides the definition of the Atomic Transaction coordination type that is to be used with the extensible coordination framework described in WS-Coordination. This specification defines three specific agreement coordination protocols for the Atomic Transaction coordination type: completion, volatile two-phase commit, and durable two-phase commit. Developers can use any or all of these protocols when building applications that require consistent agreement on the outcome of short-lived distributed activities that have the all-or-nothing property.

Web Services

WS-Biometric Devices Version 1.0

Approved: 11 Jul 2017

WS-Biometric Devices is a protocol for the command and control of biometric sensors using the same protocols that underlie the web.

Web Services

WS-BPEL Extension for People (BPEL4People) Specification Version 1.1

Approved: 17 Aug 2010

Introduces a model for business processes based on Web services. A BPEL process orchestrates interactions among different Web services. The language encompasses features needed to describe complex control flows, including error handling and compensation behavior. In practice, however many business process scenarios require human interactions. A process definition should incorporate people as another type of participants, because humans may also take part in business processes and can influence the process execution.

This specification introduces a BPEL extension to address human interactions in BPEL as a first-class citizen. It defines a new type of basic activity which uses human tasks as an implementation, and allows specifying tasks local to a process or use tasks defined outside of the process definition. This extension is based on the WS-HumanTask specification.

Web Services

WS-BusinessActivity v1.2

Approved: 01 Feb 2009

Provides the definition of two Business Activity coordination types: AtomicOutcome or MixedOutcome, that are to be used with the extensible coordination framework described in the WS-Coordination specification. This specification also defines two specific Business Activity agreement coordination protocols for the Business Activity coordination types: BusinessAgreementWithParticipantCompletion, and BusinessAgreementWithCoordinatorCompletion. Developers can use these protocols when building applications that require consistent agreement on the outcome of long-running distributed activities.

Web Services

WS-Calendar Minimal PIM-Conformant Schema Version 1.0

Approved: 26 Sep 2016

The WS-Calendar MIN is a WS-Calendar conformant schema optimized for use in machine-to-machine (M2M) schedule negotiations.

iCalendar (RFC5545) and its peer specification XCAL (also in WS-Calendar 1.0) is a well-known and long used means to convey schedule-related information. iCalendar makes extensive use of extension and recursion. The WS-Calendar Platform Independent Model (PIM) constrains iCalendar and defines a simpler information model which shares iCalendar semantics and can be used to create as the common basis for any number of Platform Specific Models (PSMs).

Because an information model is abstract, it can apply to many transmission and serialization schemas. The PIM itself does not include a transmission and serialization schemas. Through transitive conformance such PSMs themselves conform to WS-Calendar.

The Minimal PIM-Conformant (MIN) schema defines an XML Schema that conforms with the PIM. MIN can be used by itself or as a seed-schema for other specifications.

Web Services

WS-Calendar Platform Independent Model (PIM) Version 1.0

Approved: 21 Aug 2015

Defines conformance and improves interoperation of calendar and schedule models with each other and with WS-Calendar and Xcal, which are in turn based on IETF RFCs.

This is a Platform Independent Model under the Object Management Group’s Model-Driven Architecture. The Platform Dependent Model to which this specification relates is the full model for WS-Calendar as expressed in XML (xCal).

The focus of this Platform Independent Model is on describing and passing schedule and interval information with information attachments.

Web Services

WS-Calendar SOAP-based Services Version 1.0

Approved: 28 Feb 2013

Describes standard messages and interactions for service interactions with a system that hosts calendar-based information using SOAP. Hosted information can be either traditional personal and enterprise calendar information or services that support XML payloads developed in conformance with the WS-Calendar specification.

Web Services

WS-Calendar Version 1.0

Approved: 31 Jul 2011

Describes:
. A semantic (or information) model for exchange of calendar information to coordinate activities
. A means of synchronizing and maintaining calendars

The specification includes XML vocabularies for the interoperable and standard exchange of:

. Schedules, including sequences of schedules

. Intervals, including sequences of Intervals

. Other calendar information consistent with the IETF iCalendar standards

These vocabularies describe schedules and Intervals future, present, or past (historical).

The specification is divided into three parts.

The information model and XML vocabularies for exchanging schedule information
RESTful Services for calendar update and synchronization
Web services for calendar update and synchronization

The Technical Committee has decided not to publish Parts 2 and 3 until a later version.

Web Services

WS-Coordination v1.2

Approved: 01 Feb 2009

The framework defined in this specification enables an application service to create a context needed to propagate an activity to other services and to register for coordination protocols. The framework enables existing transaction processing, workflow, and other systems for coordination to hide their proprietary protocols and to operate in a heterogeneous environment.

Additionally this specification describes a definition of the structure of context and the requirements for propagating context between cooperating services.

Web Services

WS-Reliability v1.1

Approved: 01 Nov 2004

Web Services Reliability (WS-Reliability) is a SOAP-based protocol for exchanging
SOAP messages with guaranteed delivery, no duplicates, and guaranteed message
ordering. WS-Reliability is defined as SOAP header extensions and is independent of the
underlying protocol. This specification contains a binding to HTTP.

Web Services

WS-ReliableMessaging v1.1:

Approved: 01 Jun 2007

By using the XML [XML], SOAP [SOAP 1.1], [SOAP 1.2] and WSDL [WSDL 1.1] extensibility model, SOAP-based and WSDL-based specifications are designed to be composed with each other to define a rich Web services environment. As such, WS-ReliableMessaging by itself does not define all the features required for a complete messaging solution. WS-ReliableMessaging is a building block that is used in conjunction with other specifications and application-specific protocols to accommodate a wide variety of requirements and scenarios related to the operation of distributed Web services.

Web Services

WS-SecureConversation v1.3

Approved: 01 Mar 2007

Defines extensions that build on [WS-Security] to provide a framework for requesting and issuing security tokens, and to broker trust relationships.

Web Services

WS-SecureConversation v1.4

Approved: 01 Feb 2009

Defines extensions that build on [WS-Security] to provide a framework for requesting and issuing security tokens, and to broker trust relationships.

Web Services

WS-SecurityPolicy v1.2

Approved: 01 Jul 2007

Indicates the policy assertions for use with [WS-Policy] which apply to WSS: SOAP Message Security [WSS10, WSS11], [WS-Trust] and [WS-SecureConversation]. This document incorporates Approved Errata approved by the Technical Committee on 25 April 2012.

Web Services

WS-SecurityPolicy v1.3

Approved: 01 Feb 2009

Web Services

WS-Trust v1.3

Approved: 01 Mar 2007

Defines extensions that build on [WS-Security] to provide a framework for requesting and issuing security tokens, and to broker trust relationships.

Web Services

WS-Trust v1.4

Approved: 01 Feb 2009

Defines extensions that build on [WS-Security] to provide a framework for requesting and issuing security tokens, and to broker trust relationships. This document incorporates errata approved by the Technical Committee on 25 April 2012.

Web Services

WSDM Management Using Web Services v1.0 (WSDM-MOWS)

Approved: 01 Mar 2005

Defines A) how management of any resource can be accessed via
15 Web services protocols – Management Using Web Services, or MUWS, and B)
16 management of the Web services resources via the former – Management Of Web
17 Services, or MOWS. This document is the WSDM specification defining MOWS.

Web Services

WSDM Management Using Web Services v1.0 (WSDM-MUWS)

Approved: 01 Mar 2005

Web Services

WSDM v1.1

Approved: 01 Aug 2006

There are two specifications produced by the Web Services Distributed Management technical committee: Management Using Web services (MUWS) and Management Of Web Services (MOWS, see [[MOWS]]). This document is part of MUWS.

MUWS defines how an Information Technology resource connected to a network provides manageability interfaces such that the IT resource can be managed locally and from remote locations using Web services technologies.

MUWS is composed of two parts. This document is MUWS part 1 and provides the fundamental concepts for management using Web services. MUWS part 2 [MUWS Part 2] provides specific messaging formats used to enable the interoperability of MUWS implementations. MUWS part 2 depends on MUWS part 1, while part 1 is independent from part 2.

Web Services

WSN v1.3

Approved: 01 Oct 2006

The Event-driven, or Notification-based, interaction pattern is a commonly used pattern for inter-object communications. Examples exist in many domains, for example in publish/subscribe systems provided by Message Oriented Middleware vendors, or in system and device management domains. This notification pattern is increasingly being used in a Web services context.

WS-Notification is a family of related specifications that define a standard Web services approach to notification using a topic-based publish/subscribe pattern. It includes: standard message exchanges to be implemented by service providers that wish to participate in Notifications, standard message exchanges for a notification broker service provider (allowing publication of messages from entities that are not themselves service providers), operational requirements expected of service providers and requestors that participate in notifications, and an XML model that describes topics. The WS-Notification family of documents includes three normative specifications: WS-BaseNotification, [WS-BrokeredNotification], and [WS-Topics].

Web Services

XACML 3.0 Additional Combining Algorithms Profile Version 1.0

Approved: 18 Aug 2014

Defines new useful but optional combining algorithms for XACML 3.0.

Security

XACML 3.0 Export Compliance-US (EC-US) Profile Version 1.0

Approved: 19 Jan 2015

Defines a profile for the use of XACML in expressing policies for complying with USA government regulations for export compliance (EC). It defines standard attribute identifiers useful in such policies, and recommends attribute value ranges for certain attributes.

Security

XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0

Approved: 16 Feb 2015

Defines a profile for the use of XACML in expressing policies for data loss prevention and network access control tools and technologies. It defines standard attribute identifiers useful in such policies, and recommends attribute value ranges for certain attributes. It also defines several new functions for comparing IP addresses and DNS names, not provided in the XACML 3.0 core specification.

Security

XACML Intellectual Property Control (IPC) Profile Version 1.0

Approved: 19 Jan 2015

Defines a profile for the use of XACML in expressing policies for intellectual property control (IPC). It defines standard attribute identifiers useful in such policies, and recommends attribute value ranges for certain attributes.

Security

XACML MAP Authorization Profile Version 1.0

Approved: 19 Jan 2015

Defines a profile for the use of XACML in expressing policies for TCG TNC Metadata Access Points (MAP). It defines standard attribute identifiers useful in such policies, in which a MAP utilizes an XACML PDP to make MAP content authorization decisions.

Security

XACML REST Profile Version 1.1

Approved: 05 Dec 2018

Defines a profile for the use of XACML in a RESTful architecture.

Security

XACML REST Profile Version 1.1

Approved: 20 Jun 2019

Defines a profile for the use of XACML in a RESTful architecture.

Security

XACML SAML Profile Version 2.0

Approved: 19 Aug 2014

Defines a profile for the integration of the OASIS Security Assertion Markup Language (SAML) Version 2.0 with all versions of XACML. SAML 2.0 complements XACML functionality in many ways, so a number of somewhat independent functions are described in this profile:

use of SAML 2.0 Attribute Assertions with XACML, including the use of SAML Attribute Assertions in a SOAP Header to convey Attributes that can be consumed by an XACML PDP
use of SAML to carry XACML authorization decisions, authorization decision queries, and authorization decision responses
use of SAML to carry XACML policies, policy queries, and policy query responses
use of XACML authorization decisions or policies as Advice in SAML Assertions
use of XACML responses in SAML Assertions as authorization tokens.

Particular implementations may provide only a subset of these functions.

Privacy/Identity
Security

XACML v3.0 Administration and Delegation Profile Version 1.0

Approved: 10 Aug 2010

Describes a profile for XACML 3.0 to enable it to express administration and delegation policies.

Security

XACML v3.0 Core and Hierarchical Role Based Access Control (RBAC) Profile Version 1.0

Approved: 23 Oct 2014

Defines a profile for the use of XACML in expressing policies that use role based access control (RBAC). It extends the XACML Profile for RBAC Version 1.0 to include a recommended Attribute field for roles, but reduces the scope to address only “core” and “hierarchical” RBAC. This specification has also been updated to apply to XACML v3.0.

Security

XACML v3.0 Dynamic Attribute Authority Version 1.0 – Committee Specification 01

Approved: 25 Jan 2022

Defines a new XACML system component, the Dynamic Attribute Authority, which augments the request context of an XACML authorization request with additional attributes and attribute values that are generated on demand according to a set of rules. The rules are expressed as XACML policies, use obligations to specify the additional attributes and values, and are processed in the normal manner of a Policy Decision Point. d

Cybersecurity
Privacy/Identity
- Security

XACML v3.0 Hierarchical Resource Profile Version 1.0

Approved: 18 May 2014

Provides a profile for the use of XACML with resources that are structured as hierarchies. The profile addresses resources represented as nodes in XML documents or represented in some non-XML way. The profile covers identifying nodes in a hierarchy, requesting access to nodes in a hierarchy, and specifying policies that apply to nodes in a hierarchy.

Security

XACML v3.0 Multiple Decision Profile Version 1.0

Approved: 18 May 2014

Provides a profile for requesting more than one access control decision in a single XACML Request Context, or for requesting a single combined decision based on multiple individual decisions.

Security

XACML v3.0 Privacy Policy Profile Version 1.0

Approved: 25 Jan 2015

XACML v3.0 Related and Nested Entities Profile Version 1.0

Approved: 25 Oct 2015

It is not unusual for access control policy to be dependent on attributes that are not naturally properties of the access subject or resource, but rather are properties of entities that are related to the access subject or resource. This profile defines the means to reference such attributes from within XACML policies for processing by a policy decision point.

Security

XACML v3.0 Related and Nested Entities Profile Version 1.0

Approved: 16 Feb 2021

This profile defines the means to reference attributes from within XACML policies for processing by a policy decision point.

Security

XACML v3.0 Time Extensions Version 1.0

Approved: 13 Feb 2020

Defines XACML functions for comparing time values that are not sensitive to the time zone chosen for those values, defines functions for performing arithmetic on date and time values and defines a data-type for representing the day of the week along with functions to operate on values of the data‑type.

Security

XACML v3.0 XML Digital Signature Profile Version 1.0

Approved: 18 May 2014

This specification profiles use of the W3C XML-Signature Syntax and Processing Standard in providing authentication and integrity protection for XACML schema instances.

Security

XLIFF v2.0

Approved: 05 Aug 2014

Defines version 2.0 of the XML Localisation Interchange File Format (XLIFF). The purpose of this vocabulary is to store localizable data and carry it from one step of the localization process to the other, while allowing interoperability between and among tools.

Content Technologies
Localization

XLIFF v2.1

Approved: 13 Feb 2018

Defines version 2.1 of the XML Localization Interchange File Format (XLIFF). The purpose of this vocabulary is to store localizable data and carry it from one step of the localization process to the other, while allowing interoperability between and among tools.

Content Technologies
Localization

XML Catalogs v1.1

Approved: 01 Oct 2005

Defines an entity catalog that maps both external identifiers and arbitrary URI references to URI references.

Content Technologies

XML Common Biometric Format (XCBF) v1.1 [OASIS 200305]

Approved: 01 Sep 2003

Defines a common set of secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). These XML encodings are based on the ASN.1 schema defined in ANSI X9.84 Biometric Information Management and Security.

Privacy/Identity
Security

XML Exchange Table Model Document Type Definition

Approved: 29 Sep 1999

An XML expression of the Exchange subset of the full CALS table model DTD, providing high probability that tagged tables will interoperate across majority of products

Content Technologies

Produced by:

Tables Technical Committee

Voting history:

September 1999

OASIS Standard:****Cite as:

[xml-exchg-table]

XML Exchange Table Model Document Type Definition. Edited by Norman Walsh et al. 29 September 1999. Technical Memorandum. https://www.oasis-open.org/specs/tm9901.html.

XML Interchange Language for System Dynamics (XMILE) Version 1.0

Approved: 14 Dec 2015

Defines an open XML protocol for the sharing, interoperability, and reuse of SD models and simulations. This document describes the XMILE language and format anyone who wishes to use SD models or embed them in their applications, such as vendors of SD software, Big Data, cloud, mobile, and social media solutions, as well as end users and consultants in the SD field.

Content Technologies

XML Localisation Interchange File Format (XLIFF) v1.2

Approved: 01 Feb 2008

Defines the XML Localization Interchange File Format (XLIFF). The purpose of this vocabulary is to store localizable data and carry it from one step of the localization process to the other, while allowing interoperability between tools.

Content Technologies
Localization

XML Testing and Event-driven Monitoring of Processes (XTemp) Version 1.0

Approved: 08 Dec 2011

XTemp is an XML mark-up language that is event-centric and intended for the analysis of a sequence of events that represent traces of business processes. It is designed for both log analysis and real-time execution. It leverages XPath and XSLT.