Jump to content

OASIS (organization)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by MaximilianHoch (talk | contribs) at 08:36, 20 October 2023 (Added Common Security Advisory Framework). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

OASIS Open
Founded1993; 31 years ago (1993)
TypeGlobal nonprofit consortium-501(c)(6)
FocusOpen standard
Location
Staff
12[1]
Websitewww.oasis-open.org

The Organization for the Advancement of Structured Information Standards (OASIS; /ˈ.sɪs/) is a nonprofit consortium that works on the development, convergence, and adoption of open standards for cybersecurity, blockchain, Internet of things (IoT), emergency management, cloud computing, legal data exchange, energy, content technologies, and other areas.[2]

History

OASIS was founded under the name "SGML Open" in 1993. It began as a trade association of Standard Generalized Markup Language (SGML) tool vendors to cooperatively promote the adoption of SGML through mainly educational activities, though some amount of technical activity was also pursued including an update of the CALS Table Model specification and specifications for fragment interchange and entity management.[3]

In 1998, with the movement of the industry to XML, SGML Open changed its emphasis from SGML to XML, and changed its name to OASIS Open to be inclusive of XML and reflect an expanded scope of technical work and standards. The focus of the consortium's activities also moved from promoting adoption (as XML was getting much attention on its own) to developing technical specifications. In July 2000 a new technical committee process was approved. With the adoption of the process the manner in which technical committees were created, operated, and progressed their work was regularized. At the adoption of the process there were five technical committees; by 2004 there were nearly 70.

During 1999, OASIS was approached by UN/CEFACT, the committee of the United Nations dealing with standards for business, to jointly develop a new set of specifications for electronic business. The joint initiative, called "ebXML" and which first met in November 1999, was chartered for a three-year period. At the final meeting under the original charter, in Vienna, UN/CEFACT and OASIS agreed to divide the remaining work between the two organizations and to coordinate the completion of the work through a coordinating committee. In 2004 OASIS submitted its completed ebXML specifications to ISO TC154 where they were approved as ISO 15000.

The consortium has its headquarters in Burlington, Massachusetts, shared with other companies. On September 4, 2014, the consortium moved from 25 Corporate Drive Suite 103 to 35 Corporate Dr Suite 150, still on the same loop route.[4]

OASIS Burlington office
OASIS Burlington office building

Standards development

The following standards are under development or maintained by OASIS technical committees:

  • AMQPAdvanced Message Queuing Protocol, an application layer protocol for message-oriented middleware.
  • BCM — Business Centric-Methodology, BCM is a comprehensive approach and proven techniques that enable a service-oriented architecture (SOA) and support enterprise agility and interoperability.
  • CAMContent Assembly Mechanism, is a generalized assembly mechanism for using templates of XML business transaction content and the associated rules. CAM templates augment schema syntax and provide implementers with the means to specify interoperable interchange patterns.
  • CAMPCloud Application Management for Platforms, is an API for managing public and private cloud applications.
  • CAPCommon Alerting Protocol, is an XML-based data format for exchanging public warnings and emergencies between alerting technologies.
  • CSAFCommon Security Advisory Framwork, is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.
  • CDPCustomer Data Platform, is a specification that aims to standardize the exchange of customer data across systems and silos by defining a web-based API using GraphQL.
  • CMISContent Management Interoperability Services, is a domain model and Web services standard for working with Enterprise content management repositories and systems.
  • CIQCustomer Information Quality, is an XML Specifications for defining, representing, interoperating and managing party information (e.g. name, address).
  • DocBookDocBook, a markup language for technical documentation. It was originally intended for authoring technical documents related to computer hardware and software but it can be used for any other sort of documentation.
  • DITADarwin Information Typing Architecture, a modular and extensible XML-based language for topic-based information, such as for online help, documentation, and training.
  • EMLElection Markup Language, End to End information standards and processes for conducting democratic elections using XML-based information recording.
  • EDXLEmergency Data Exchange Language, Suite of XML-based messaging standards that facilitate emergency information sharing between government entities and the full range of emergency-related organizations
  • GeoXACMLGeospatial eXtensible Access Control Markup Language, a geo-specific extension to XACML Version 2.0, mainly the geometric data-type urn:ogc:def:dataType:geoxacml:1.0:geometry and several geographic functions such as topological, bag, set, geometric and conversion functions.
  • KMIP — The Key Management Interoperability Protocol tries to establish a single, comprehensive protocol for the communication between enterprise key management systems and encryption systems.
  • Legal XML LegalDocumentML (Akoma Ntoso), LegalRuleML, Electronic Court Filing, and eNotarization standards.[5]
  • MQTTMessage Queuing Telemetry Transport, a client-server, publish/subscribe messaging transport protocol. It is light weight, open, simple, and designed to be easy to implement. These characteristics make it ideal for use in many situations, including constrained environments such as for communication in machine to machine (M2M) and Internet of Things (IoT) contexts where a small code footprint is required and/or network bandwidth is at a premium.
  • oBIXopen Building Information Exchange, an extensible XML specification for enterprise interaction with building-based (or other) control systems, including HVAC, Access Control, Intrusion Detection, and many others.
  • ODataOpen Data Protocol (OData), Simplifying data sharing across disparate applications in enterprise, Cloud, and mobile devices.
  • OpenDocumentOASIS Open Document Format for Office Applications, an open document file format for saving office documents such as spreadsheets, memos, charts, and presentations.
  • OSLCOpen Services for Lifecycle Collaboration, (OSLC) develops standards that make it easy and practical for software lifecycle tools to share data with one another. See the OSLC community web site (http://open-services.net) for more details.
  • PKCS #11 - PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM) and smart cards, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key" - but "PKCS #11" is often used to refer to the API as well as the standard that defines it).
  • SAMLSecurity Assertion Markup Language, a standard XML-based framework for the secure exchange of authentication and authorization information.
  • SARIF - Static Analysis Results Interchange Format, a standard JSON-based format for the output of static analysis tools.
  • SDDSolution Deployment Descriptor, a standard XML-based schema defining a standardized way to express software installation characteristics required for lifecycle management in a multi-platform environment.
  • SPMLService Provisioning Markup Language, a standard XML-based protocol for the integration and interoperation of service provisioning requests.
  • TOSCATopology and Orchestration Specification for Cloud Applications, a Standard to describe cloud services, the relationships between parts of the service, and the operational behavior of the services.
  • UBLUniversal Business Language, the international effort to define a royalty-free library of standard electronic business documents (purchase order, invoice, waybill, etc.) in XML. UBL 2.1 was approved as ISO/IEC 19845:2015. UBL serves as the basis for numerous electronic commerce networks and implementations worldwide.
  • UDDIUniversal Description Discovery and Integration, a platform-independent, XML-based registry for companies and individuals to list Web Services.
  • VirtIOVirtual I/O, a standard for paravirtualized devices.
  • WebCGMWeb Computer Graphics Metafile, a profile of Computer Graphics Metafile (CGM), which adds Web linking and is optimized for Web applications in technical illustration, electronic documentation, geophysical data visualization, and similar fields.
  • WS-BPELWeb Services Business Process Execution Language
  • WSDMWeb Services Distributed Management
  • XACMLeXtensible Access Control Markup Language, a standard XML-based protocol for access control policies.
  • XDIXRI Data Interchange, a standard for sharing, linking, and synchronizing data ("dataweb") across multiple domains and applications using XML documents, eXtensible Resource Identifiers (XRIs), and a new method of distributed data control called a link contract.
  • XLIFFXML Localization Interchange File Format, a XML-based format created to standardize localization.
  • XRIeXtensible Resource Identifier, a URI-compatible scheme and resolution protocol for abstract identifiers used to identify and share resources across domains and applications.

Members

Adhesion to the consortium requires some fees to be paid, which must be renewed annually, depending on the membership category adherents want to access.[6] Among the adherents are members from American Bar Association, Collabora, Dell, EclecticIQ, General Motors, IBM, ISO/IEC, KDE e.V., Microsoft, Novell, Oracle, Red Hat, The Document Foundation, universities, government agencies, individuals and employees from other less-known companies.[7][8]

Member sections

Member sections are special interest groups within the consortium that focus on specific topics. These sections keep their own distinguishable identity and have full autonomy to define their work programme and agenda.[9] The integration of the member section in the standardization process is organized via the technical committees.

Active member sections are for example:

Member sections may be completed when they have achieved their objectives. The standards that they promoted are then maintained by the relevant technical committees directly within OASIS. For example:

Patent disclosure controversy

Like many bodies producing open standards e.g. ECMA,[10] OASIS added a Reasonable and non-discriminatory licensing (RAND) clause to its policy in February 2005.[8] That amendment required participants to disclose intent to apply for software patents for technologies under consideration in the standard. Contrary to the W3C, which requires participants to offer royalty-free licenses to anyone using the resulting standard, OASIS offers a similar Royalty Free on Limited Terms mode, along with a Royalty Free on RAND Terms mode and a RAND (reasonable and non-discriminatory) mode for its committees. Compared to W3C, OASIS is less restrictive regarding obligation to companies to grant a royalty-free license to the patents they own.[11]

Controversy has rapidly arisen[12] because this licensing was added silently and allows publication of standards which could require licensing fee payments to patent holders. This situation could effectively eliminate the possibility of free/open source implementations of these standards. Further, contributors could initially offer royalty-free use of their patent, later imposing per-unit fees, after the standard has been accepted.

On April 11, 2005, The New York Times reported IBM committed for free, all of its patents to the OASIS group.[13] Larry Rosen, a software law expert and the leader of the reaction which rose up when OASIS quietly included a RAND clause in its policy, welcomed the initiative and supposed OASIS will not continue using that policy as other companies involved would follow. History proved him wrong, as that RAND policy has still not been removed and other commercial companies have not published such a free statement towards OASIS.

Patrick Gannon, president and CEO of OASIS from 2001 to 2008,[14] minimized the risk that a company could take advantage of a standard to request royalties when it has been established: "If it's an option nobody uses, then what's the harm?".

Sam Hiser, former marketing lead of the now defunct OpenOffice.org, explained that such patents towards an open standard are counterproductive and inappropriate. He also argued that IBM and Microsoft were shifting their standardization efforts from the W3C to OASIS, in a way to leverage probably their patents portfolio in the future. Hiser also attributed this RAND change to the OASIS policy to Microsoft.[15]

The RAND term could indeed theoretically allow any company involved to leverage their patent in the future. But that amendment was probably added in a way to attract more companies to the consortium, and encourage contributions from potential participants. Big actors like Microsoft could have indeed applied pressure and made a sine-qua-non condition to access the consortium, and possibly jeopardize/boycott the standard if such a clause was not present.

Criticism

Doug Mahugh — while working for Microsoft (a promoter of Office Open XML, a Microsoft document format competing with OASIS's ISO/IEC 26300, i.e. ODF v1.0) — claimed that "many countries have expressed frustration about the pace of OASIS's responses to defect reports that have been submitted on ISO/IEC 26300 and the inability for SC 34 members to participate in the maintenance of ODF."[16] However, Rob Weir, co-chair of the OASIS ODF Technical Committee noted that at the time, "the ODF TC had received zero defect reports from any ISO/IEC national body other than Japan". He added that the submitter of the original Japanese defect report, Murata Mokoto, was satisfied with the preparation of the errata.[17] He also self-published a blog post blaming Microsoft of involving people to improve and modify the accuracy of ODF and OpenXML Wikipedia articles, trying to make ODF sound risky to adopt.[18]

See also

References

  1. ^ "Staff". Retrieved August 10, 2015.
  2. ^ "About Us". OASIS Open. Retrieved 2020-11-25.
  3. ^ "About Us". Retrieved August 10, 2015.
  4. ^ "OASIS Headquarters Moving". Retrieved August 10, 2015.
  5. ^ Flatt, Amelie; Langner, Arne; Leps, Olof (2022). Model-Driven Development of Akoma Ntoso Application Profiles - A Conceptual Framework for Model-Based Generation of XML Subschemas (1st ed.). Heidelberg: Sprinter Nature. ISBN 978-3-031-14131-7.
  6. ^ "Categories and Dues | OASIS". Retrieved August 10, 2015.
  7. ^ "OASIS OASIS Open Document Format for Office Applications (OpenDocument) TC Technical Committee". Retrieved August 10, 2015.
  8. ^ a b "Larry Rosen et al. vs. OASIS on licensing". 22 February 2005. Archived from the original on 4 March 2016. Retrieved 10 August 2015.
  9. ^ "Member Section Policy | OASIS". www.oasis-open.org. Retrieved 2020-07-19.
  10. ^ "Ecma Code of Conduct in Patent Matters". 1 December 2009. Retrieved 10 August 2015.
  11. ^ "Intellectual Property Rights (IPR) Policy | OASIS". OASIS.
  12. ^ Sheriff, Lucy (February 23, 2005). "OASIS open standards not open enough· The Register". The Register.
  13. ^ "No RAND in OASIS". 5 April 2005. Retrieved 10 August 2015.
  14. ^ "Bio –Patrick J. Gannon" (PDF). 1 May 2012. Retrieved 10 August 2015.
  15. ^ Lyman, Jay (May 24, 2005). "Linux.com :: OASIS: Meaningful open standards or mirage?". Archived from the original on March 20, 2015. Retrieved June 27, 2013.
  16. ^ Mahugh, Doug (October 1, 2008). "SC 34 Plenary, Jeju, Korea - Doug Mahugh - Site Home - MSDN Blogs". Retrieved June 27, 2013.
  17. ^ "Further comment on ODF_1.0_Errata_draft_3". Retrieved August 10, 2015.
  18. ^ Weir, Robert (June 9, 2009). "ODF Lies and Whispers". Retrieved June 27, 2013.