OASIS eXtensible Access Control Markup Language (XACML) TC

XSPA Profile of XACML for Healthcare v1.0 Submitted for OASIS Standard Approval Ballot

  • 1.  XSPA Profile of XACML for Healthcare v1.0 Submitted for OASIS Standard Approval Ballot

    Posted 10-02-2009 00:45
    OASIS Members:
    
    The OASIS eXtensible Access Control Markup Language (XACML) Technical  
    Committee has submitted the following specification, which is an  
    approved Committee Specification, to be considered as an OASIS Standard:
    
    Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of  
    XACML v2.0 for Healthcare Version 1.0
    
    The text of the TC submission is appended.
    
    You now have until 15 October to familiarize yourself with the  
    submission and provide input to your organization's voting  
    representative.
    
    On 16 October, a Call For Vote will be issued to all Voting  
    Representatives of OASIS member organizations. They will have until  
    the last day of October, inclusive, to cast their ballots on whether  
    this Committee Specification should be approved as an OASIS Standard  
    or not.
    
    Members who wish to discuss this ballot may do so through member-discuss@lists.oasis-open.org 
    .
    
    In accordance with the OASIS Technical Committee Process, this  
    Committee Specification has already completed the necessary 60-day  
    public review period as noted in the submission below.
    
    The normative TC Process for approval of Committee Specifications as  
    OASIS Standards is found at
    http://www.oasis-open.org/committees/process-2009-07-30.php#OASISstandard
    
    Any statements related to the IPR of this specification are posted at:
    http://www.oasis-open.org/committees/xacml/ipr.php
    
    Your participation in the review and balloting process is greatly  
    appreciated.
    
    Mary
    
    
    
    
    Mary P McRae
    Director, Technical Committee Administration
    OASIS: Advancing open standards for the information society
    email: mary.mcrae@oasis-open.org
    web: www.oasis-open.org
    twitter: fiberartisan #oasisopen
    phone: 1.603.232.9090
    
    
    (a) Links to the approved Committee Specification in the TC’s document  
    repository, and any appropriate supplemental documentation for the  
    specification, both of which must be written using the OASIS  
    templates. The specification may not have been changed between its  
    approval as a Committee Specification and its submission to OASIS for  
    consideration as an OASIS Standard, except for the changes on the  
    title page and running footer noting the approval status and date.
    
    Editable Source:
    http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.doc
    PDF:
    http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.pdf
    HTML:
    http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.html
    
    (b) The editable version of all files that are part of the Committee  
    Specification;
    http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.doc
    
    (c) Certification by the TC that all schema and XML instances included  
    in the specification, whether by inclusion or reference, including  
    fragments of such, are well formed, and that all expressions are valid;
    
    The required certification was made by the TC and is documented in the  
    XACML minutes of 08-27-2009:
    http://lists.oasis-open.org/archives/xacml/200908/msg00019.html
    
    (d) A clear English-language summary of the specification;
    
    This profile describes a Cross-enterprise Security and Privacy  
    Authorization (XSPA) framework using the XACML core standard and  
    specific attributes to satisfy requirements pertaining to information- 
    centric security and privacy within the healthcare community.
    
    (e) A statement regarding the relationship of this specification to  
    similar work of other OASIS TCs or other standards developing  
    organizations;
    
    The Cross-Enterprise Security and Privacy Authorization (XSPA) Profile  
    of XACML v2.0 for Healthcare Version 1.0 is related to the work of the  
    OASIS XSPA TC.  The profile has been demonstrated by members of the  
    XSPA TC along with the work of the SSTC, specifically the Cross- 
    Enterprise Security and Privacy Authorization (XSPA) Profile of  
    Security Assertion Markup Language (SAML) for Healthcare Version 1.0,  
    at the Healthcare Information and Management Systems Society (HIMSS)  
    2009 conference.  The XSPA profile is consistent with the TP 20  
    “Access Control Transaction Package” recognized by the Healthcare  
    Information Technology Standards Panel (HITSP).
    
    (f) The Statements of Use presented above;
    
    Three Statements of Use from OASIS members successfully using or  
    implementing the Cross-Enterprise Security and Privacy Authorization  
    (XSPA) Profile of Security Assertion Markup Language (XACML) for  
    Healthcare Version 1.0:
    Sun Microsystems:
    http://lists.oasis-open.org/archives/xacml/200908/msg00012.html
    SAIC:
    http://lists.oasis-open.org/archives/xacml/200908/msg00011.html
    Red Hat:
    http://lists.oasis-open.org/archives/xacml/200908/msg00010.html
    
    (g) The beginning and ending dates of the public review(s), a pointer  
    to the announcement of the public review(s), and a pointer to an  
    account of each of the comments/issues raised during the public review  
    period(s), along with its resolution;
    
    The XSPA profile of XACML has gone through 60 day public review (12  
    Jan - 13 Mar 2009), announced in:
    http://lists.oasis-open.org/archives/tc-announce/200901/msg00012.html
    
    A link to the public comments and resolution is consolidated in a  
    spreadsheet at the bottom of the e-mail message below:
    http://lists.oasis-open.org/archives/xacml/200905/msg00009.html
    
    (h) An account of and results of the voting to approve the  
    specification as a Committee Specification, including the date of the  
    ballot and a pointer to the ballot;
    
    The ballot to make the profile a Committee Specification was approved  
    by special majority on 24 August 2009.  A pointer to the result of the  
    ballot is below:
    http://www.oasis-open.org/committees/ballot.php?id=1758
    
    (i) An account of or pointer to votes and comments received in any  
    earlier attempts to standardize substantially the same specification,  
    together with the originating TC’s response to each comment
    
    There were no earlier attempts to standardize substantially the same  
    specification other than those described above.
    
    (j) A pointer to the publicly visible comments archive for the  
    originating TC;
    
    http://lists.oasis-open.org/archives/xacml-comment/
    
    (k) A pointer to any minority reports delivered by one or more Members  
    who did not vote in favor of approving the Committee Specification,  
    which report may include statements regarding why the member voted  
    against the specification or that the member believes that Substantive  
    Changes were made which have not gone through public review; or  
    certification by the Chair that no minority reports exist.
    
    There were no negative votes cast on the final ballot and no minority  
    reports were submitted during the process.
    
    
    Hal Lockhart
    Bill Parducci
    Co-Chairs XACML TC