OASIS Members:
The OASIS eXtensible Access Control Markup Language (XACML) Technical
Committee has submitted the following specification, which is an
approved Committee Specification, to be considered as an OASIS Standard:
Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of
XACML v2.0 for Healthcare Version 1.0
The text of the TC submission is appended.
You now have until 15 October to familiarize yourself with the
submission and provide input to your organization's voting
representative.
On 16 October, a Call For Vote will be issued to all Voting
Representatives of OASIS member organizations. They will have until
the last day of October, inclusive, to cast their ballots on whether
this Committee Specification should be approved as an OASIS Standard
or not.
Members who wish to discuss this ballot may do so through member-discuss@lists.oasis-open.org
.
In accordance with the OASIS Technical Committee Process, this
Committee Specification has already completed the necessary 60-day
public review period as noted in the submission below.
The normative TC Process for approval of Committee Specifications as
OASIS Standards is found at
http://www.oasis-open.org/committees/process-2009-07-30.php#OASISstandard
Any statements related to the IPR of this specification are posted at:
http://www.oasis-open.org/committees/xacml/ipr.php
Your participation in the review and balloting process is greatly
appreciated.
Mary
Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org
web: www.oasis-open.org
twitter: fiberartisan #oasisopen
phone: 1.603.232.9090
(a) Links to the approved Committee Specification in the TC’s document
repository, and any appropriate supplemental documentation for the
specification, both of which must be written using the OASIS
templates. The specification may not have been changed between its
approval as a Committee Specification and its submission to OASIS for
consideration as an OASIS Standard, except for the changes on the
title page and running footer noting the approval status and date.
Editable Source:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.doc
PDF:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.pdf
HTML:
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.html
(b) The editable version of all files that are part of the Committee
Specification;
http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.doc
(c) Certification by the TC that all schema and XML instances included
in the specification, whether by inclusion or reference, including
fragments of such, are well formed, and that all expressions are valid;
The required certification was made by the TC and is documented in the
XACML minutes of 08-27-2009:
http://lists.oasis-open.org/archives/xacml/200908/msg00019.html
(d) A clear English-language summary of the specification;
This profile describes a Cross-enterprise Security and Privacy
Authorization (XSPA) framework using the XACML core standard and
specific attributes to satisfy requirements pertaining to information-
centric security and privacy within the healthcare community.
(e) A statement regarding the relationship of this specification to
similar work of other OASIS TCs or other standards developing
organizations;
The Cross-Enterprise Security and Privacy Authorization (XSPA) Profile
of XACML v2.0 for Healthcare Version 1.0 is related to the work of the
OASIS XSPA TC. The profile has been demonstrated by members of the
XSPA TC along with the work of the SSTC, specifically the Cross-
Enterprise Security and Privacy Authorization (XSPA) Profile of
Security Assertion Markup Language (SAML) for Healthcare Version 1.0,
at the Healthcare Information and Management Systems Society (HIMSS)
2009 conference. The XSPA profile is consistent with the TP 20
“Access Control Transaction Package” recognized by the Healthcare
Information Technology Standards Panel (HITSP).
(f) The Statements of Use presented above;
Three Statements of Use from OASIS members successfully using or
implementing the Cross-Enterprise Security and Privacy Authorization
(XSPA) Profile of Security Assertion Markup Language (XACML) for
Healthcare Version 1.0:
Sun Microsystems:
http://lists.oasis-open.org/archives/xacml/200908/msg00012.html
SAIC:
http://lists.oasis-open.org/archives/xacml/200908/msg00011.html
Red Hat:
http://lists.oasis-open.org/archives/xacml/200908/msg00010.html
(g) The beginning and ending dates of the public review(s), a pointer
to the announcement of the public review(s), and a pointer to an
account of each of the comments/issues raised during the public review
period(s), along with its resolution;
The XSPA profile of XACML has gone through 60 day public review (12
Jan - 13 Mar 2009), announced in:
http://lists.oasis-open.org/archives/tc-announce/200901/msg00012.html
A link to the public comments and resolution is consolidated in a
spreadsheet at the bottom of the e-mail message below:
http://lists.oasis-open.org/archives/xacml/200905/msg00009.html
(h) An account of and results of the voting to approve the
specification as a Committee Specification, including the date of the
ballot and a pointer to the ballot;
The ballot to make the profile a Committee Specification was approved
by special majority on 24 August 2009. A pointer to the result of the
ballot is below:
http://www.oasis-open.org/committees/ballot.php?id=1758
(i) An account of or pointer to votes and comments received in any
earlier attempts to standardize substantially the same specification,
together with the originating TC’s response to each comment
There were no earlier attempts to standardize substantially the same
specification other than those described above.
(j) A pointer to the publicly visible comments archive for the
originating TC;
http://lists.oasis-open.org/archives/xacml-comment/
(k) A pointer to any minority reports delivered by one or more Members
who did not vote in favor of approving the Committee Specification,
which report may include statements regarding why the member voted
against the specification or that the member believes that Substantive
Changes were made which have not gone through public review; or
certification by the Chair that no minority reports exist.
There were no negative votes cast on the final ballot and no minority
reports were submitted during the process.
Hal Lockhart
Bill Parducci
Co-Chairs XACML TC