Members of the CTI TC, Your public reviews for STIX V1.2.1 and TAXII V1.1.1 end today. I just thought I would take a moment to review next steps and timing with you all. Please feel free to skip this if you aren't engaged in the mechanics but I thought it would be helpful for everyone to know how the process goes from here. 1) The TC will need to prepare a comment resolution log for each specification. The details are explained here ->
https://www.oasis-open.org/resources/tcadmin/handling-the-comments-received-during-a-public-review . I believe you have had some internal PR comments. I don't believe I have seen any come in on the cti-comment@ mailing list. The TAB may be providing comments before the end of the day. In a nutshell, the log will need to include: the date each comment was received, a link to the email in which a comment was received, the name of the person or entity providing the comment, a brief summary of the comment and a brief statement of how the TC decides to handle the comment, in as much detail as you wish to provide. Please note: the TC is under no obligation to satisfy a comment. It is perfectly within the TC's rights to decline to make a change. Obviously, being diplomatic in responses helps but a negative comment by itself is not a show stopper to your progress. (I note this because I believe that is different in other orgs that you may be familiar with.) When this log is prepared, it should be sent to the TC's mailing list and the cti-comment@ mailing list. And please cc me and let me know that this is the final version of the comment log. I then load it to the public review directory so that the history of the comments and their resolution is co-located with the public review copy itself. If the review closed with no comments, then a simple email to the lists stating that the public review for <spec> closed on <date> and that no comments were received during the review will suffice. I will take that email and turn it into a text comment log to load. 2) If you expect to advance the specs as they are - that is, if there will be no further changes to them, then the TC can request a Special Majority Vote to approve each spec as an OASIS Committee Specification. The TC approves a motion or electronic ballot requesting the vote using language like: [I move that the TC / Do you] approve the Chair requesting that TC Administration hold a Special Majority Ballot to approve [Committee Draft title and version number] contained in [URL to the Committee Draft] as a Committee Specification. Once that motion is approved and documented in your minutes, someone then fills out the request for the Special Majority Vote using this form ->
https://www.oasis-open.org/resources/tc-admin-requests/committee-specification-ballot-request The Special Majority Vote is held by TC Admin and it requires that at least 2/3 of the Voting Members of the TC vote 'yes' and that no more than 1/4 of the votes cast be 'no.' That ballot will run for 7 days after which, assuming it passes, I will open a ticket to track publishing your approved Committee Specification. Note that an OASIS Committee Specification is considered an OASIS Standards Final Deliverable and it is where all the IPR protections lock in. If the TC needs to make Non-Material Changes to the drafts before approving the Committee Specification, that is possible. If that is needed, we'll talk. 3) Even more down the road... The next step in moving forward to OASIS Standard is the collecting of Statements of Use. This is definition 'ar' in the TC Process (
https://www.oasis-open.org/policies-guidelines/tc-process ) and reads in part: "Statement of Use"... is a written statement that a party has successfully used or implemented that specification in accordance with all or some of its conformance clauses... identifying those clauses that apply, and stating whether its use included the interoperation of multiple independent implementations. The Statement of Use must be made to a specific version of the Committee Specification and must include the Specification's approval date." You will need a minimum of three although more never hurts. At least one of these must come from an OASIS member although again, the more the merrier. I can give you a template for Statements of Use when you are ready. 4) Once you have your SoUs, the TC can then petition TC Admin to hold a Special Majority Vote to approve presenting the CS to the OASIS membership for consideration as an OASIS Standard. Same conditions apply as above. Assuming that passes, I then publish Candidate OASIS Standard versions of the specifications and announce a 60 day public review. At the end of that review, assuming no comments or no changes, I will open a membership-wide ballot to approve the COSs as OASIS Standards. This vote will run for 2 weeks and require that at least 15% of OASIS member organizations (only member orgs can vote - individuals cannot) vote in favor. In past OS votes, the threshold has been right around 45 approvals. Once the vote passes, I publish the final OS versions and announce them, Carol puts out a press release, you all pop open champagne. That, everyone, is what is ahead for STIX and TAXII. Please let me know if you have any questions on any of this. Best - /chet ---------------- Chet Ensign Director of Standards Development and TC Administration OASIS: Advancing open standards for the information society
http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393