OASIS members and other interested parties,
OASIS and the Open Command and Control (OpenC2) TC are pleased to announce
that three specifications in the OpenC2 suite are now available for public
review and comment. This is the second public review for these
specifications:
- Open Command and Control (OpenC2) Language Specification Version 1.0
- Open Command and Control (OpenC2) Profile for Stateless Packet Filtering
Version 1.0
- Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0
OpenC2 is a suite of specifications to achieve command and control of cyber
defense functions. These specifications include the OpenC2 Language
Specification, Actuator Profiles, and Transfer Specifications. The OpenC2
Language Specification and Actuator Profile(s) focus on the standard at the
producer and consumer of the command and response while the transfer
specifications focus on the protocols for their exchange.
- The OpenC2 Language Specification provides the semantics for the
essential elements of the language, the structure for commands and
responses, and the schema that defines the proper syntax for the language
elements that represents the command or response.
- OpenC2 Actuator Profiles specify the subset of the OpenC2 language
relevant in the context of specific actuator functions. Cyber defense
components may implement multiple actuator profiles. Actuator profiles
extend the language by defining specifiers that identify the actuator to
the required level of precision and may define command arguments for those
actuator functions. "OpenC2 Profile for Stateless Packet Filtering" is the
first OpenC2 Actuator Profile.
- OpenC2 Transfer Specifications utilize existing protocols and standards
to implement OpenC2 in specific environments. These standards are used for
communications and security functions beyond the scope of the OpenC2
language, such as message transfer encoding, authentication, and end-to-end
transport of OpenC2 messages. "Transfer of OpenC2 Messages via HTTPS" is
the first OpenC2 Transfer Specification.
Each specification would best be reviewed in the context of the overall
suite of companion specifications.
The documents and related files are available here:
Open Command and Control (OpenC2) Language Specification Version 1.0
Committee Specification Draft 08 / Public Review Draft 02
04 April 2019
Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.mdHTML:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.htmlPDF:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.pdfComplete ZIP package of specification documents and related files:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02.zip******
Open Command and Control (OpenC2) Profile for Stateless Packet Filtering
Version 1.0
Committee Specification Draft 05 / Public Review Draft 02
04 April 2019
Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.mdHTML:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.htmlPDF:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.pdfComplete ZIP package of specification documents and related files:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02.zip******
Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0
Committee Specification Draft 04 / Public Review Draft 02
04 April 2019
Editable source in Markdown (Authoritative):
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.mdHTML:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.htmlPDF:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.pdfComplete ZIP package of specification documents and any related files:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02.zipHow to Provide Feedback
The TC requests reviewers reference their comments to the page and nearest
line numbers in the PDF versions.
OASIS and the OpenC2 TC value your feedback. We solicit input from
developers, users and others, whether OASIS members or not, for the sake of
improving the interoperability and quality of our technical work.
The public reviews start 13 April at 00:00 UTC and ends 27 April 2019 at
23:59 UTC.
These specifications were previously submitted for public review, and the
resolutions of all comments are included in log files [1]. This 15-day
review is limited in scope to changes made from the previous review.
Changes are also highlighted in red-lined PDF files [2].
Comments may be submitted to the TC by any person through the use of the
OASIS TC Comment Facility which can be used by following the instructions
on the TC's "Send A Comment" page (
https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=openc2).Comments submitted by TC non-members for this work and for other work of
this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/openc2-comment/All comments submitted to OASIS are subject to the OASIS Feedback License,
which ensures that the feedback you provide carries the same obligations at
least as the obligations of the TC members. In connection with this public
review, we call your attention to the OASIS IPR Policy [3] applicable
especially [4] to the work of this Technical Committee. All members of the
TC should be familiar with this document, which may create obligations
regarding the disclosure and availability of a member's patent, copyright,
trademark and license rights that read on an approved OASIS specification.
OASIS invites any persons who know of any such claims to disclose these if
they may be essential to the implementation of the above specification, so
that notice of them may be posted to the notice page for this TC's work.
Additional information about the specifications and the OpenC2 TC can be
found at the TC's public home page:
https://www.oasis-open.org/committees/openc2/========== Additional references:
[1] Previous public review:
- 30-day public review, 09 November 2018:
https://lists.oasis-open.org/archives/openc2/201811/msg00005.html- Comment resolution logs:
OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd01/oc2ls-v1.0-csprd01-comment-resolution-log.pdfOpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd01/oc2slpf-v1.0-csprd01-comment-resolution-log.pdfTransfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd01/open-impl-https-v1.0-csprd01-comment-resolution-log.pdf[2] Red-lined PDF versions:
OpenC2 Language Specification:
https://docs.oasis-open.org/openc2/oc2ls/v1.0/csprd02/oc2ls-v1.0-csprd02-DIFF.pdfOpenC2 Profile for Stateless Packet Filtering:
https://docs.oasis-open.org/openc2/oc2slpf/v1.0/csprd02/oc2slpf-v1.0-csprd02-DIFF.pdfTransfer of OpenC2 Messages via HTTPS:
https://docs.oasis-open.org/openc2/open-impl-https/v1.0/csprd02/open-impl-https-v1.0-csprd02-DIFF.pdf[3]
https://www.oasis-open.org/policies-guidelines/ipr[4]
https://www.oasis-open.org/committees/openc2/ipr.phphttps://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-ModeNon-Assertion Mode
--
Paul Knight <
paul.knight@oasis-open.org>....Document Process Analyst
<https://www.oasis-open.org/people/staff/paul-knight>...mobile: +1
781-883-1783
OASIS <https://www.oasis-open.org/> - Advancing open standards for the
information society