Apologies: this is what comes of recycling earlier emails. The sentence
beginning with "... updating ISO's approval of prior..." was leftover from
an earlier message. ISO is not involved with STIX or TAXII at all.
/chet
On Fri, Jul 8, 2022 at 9:51 AM Chet Ensign <
chet.ensign@oasis-open.org>
wrote:
> The members of the OASIS OASIS Cyber Threat Intelligence (CTI) TC [1] have
> requested that OASIS submit the following OASIS Standards:
>
> 1. STIX™ Version 2.1
> OASIS Standard
> 25 January 2021
>
> 2. TAXII™ Version 2.1
> OASIS Standard
> 10 June 2021
>
> to ITU-T Study Group 17 [2] for approval as proposed International
> Standards, updating ISO's approval of prior versions of those standards as
> ISO 15000:2004, parts 1-4.
>
> The OASIS Liaison Policy [3] requires that management approve or reject
> the TC's request as meeting the policy's requirements. If it is accepted,
> the policy requires that this request be posted for member review for 30
> days, for comment on the proposed terms, before transmitting it to ITU-T.
>
> The specifications each were approved as OASIS Standards, and are
> available as described here:
>
> 1. OASIS STIX™ Version 2.1 (approved June 2021):
>
http://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html>
> 2. OASIS TAXII™ Version 2.1 (approved June 2021):
>
http://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html>
> The Request of the TCs meets all applicable criteria of the Liaison
> Policy, with one exception noted below, and is available here:
>
>
https://www.oasis-open.org/committees/download.php/70056/Request_to_advance_STIX2_1.docx>
> The exception relates to OASIS' IPR Policy, which generally prohibits any
> inclusion of third-party trademarks in a final standard. The STIX and
> TAXII standards do include a reservation of trademark rights [4] by the
> contributor of the original drafts, US DHS. OASIS did approve prior final
> versions of STIX and TAXII, with those reservations, by consenting to a
> waiver of that trademark rule, on the basis that the negotiated
> restrictions should not interfere with typical open standards usage, and
> noting that the licensor is not a competitive commercial entity, but rather
> has an interest in broad deployment. A similar waiver by the OASIS Board
> will be required, likely by the end of this review period, to submit the
> current versions, for the same reason, so this proposal is contingent on
> that Board waiver. OASIS has asked the original contributor to re-evaluate
> whether a continuing trademark restriction is necessary, as it may impede
> permission-less open source development, and will report any developments
> at the end of this review period.
>
> Member Review Period:
>
> The member public review starts 09 July 2022 at 00:00 GMT and ends 07
> August 2022 at 23:59 GMT.
>
> This is an open invitation to OASIS members to comment on the proposed
> terms of submission, described in the Request and above. Comments may be
> submitted by any OASIS member by directing them to the
>
oasis-member-discuss@lists.oasis-open.org mailing list. Members should
> not need to subscribe to the list, as each member should be able to use it
> automatically. If you have a problem posting to it, let us know. Please
> direct any other questions to
project-admin@lists.oasis-open.org.
>
> Comments submitted to that list are publicly archived and can be viewed at:
>
https://lists.oasis-open.org/archives/oasis-member-discuss/>
> ========== Additional references:
>
> [1] OASIS CTI TC
>
https://www.oasis-open.org/committees/cti>
> [2] ITU-T Study Group 17
>
https://www.itu.int/en/ITU-T/studygroups/2022-2024/17/Pages/default.aspx>
> [3] OASIS Liaison Policy:
>
https://www.oasis-open.org/policies-guidelines/liaison#submitwork>
> [4] IPR reservations against STIX and TAXII:
>
https://www.oasis-open.org/committees/cti/ipr.php>
> --
> Chet Ensign
>
> Chief Technical Community Steward
>
> OASIS Open
>
> +1 201-341-1393 <+1+201-341-1393>
>
chet.ensign@oasis-open.org>
www.oasis-open.org>
--
Chet Ensign
Chief Technical Community Steward
OASIS Open
+1 201-341-1393 <+1+201-341-1393>
chet.ensign@oasis-open.orgwww.oasis-open.org