Open Supplychain Information Modeling TC

 View Only

  • 1.  ISO Placeholder

    Posted 09-21-2024 14:56

    At a security standards summit this week, I had a discussion with a member of a USG agency (who is on this list) and a member of a very large software producer (who isn't on this list but someone else from that company is). It was suggested that we put a placeholder into ISO now for our work as a preemptive gesture to prevent duplication moving forward. OASIS does have a relatively easy path to ISO but it does take a long time and part of that is because we don't normally put such a placeholder in until after we are done creating the standard. Besides introducing delay, it allows for 'duplicative' work to flourish.

    So one topic to discuss is to validate that we would eventually want to 'promote' out work "up' to ISO (as opposed to the ITU, or as opposed to just leaving it just in OASIS).

    My personal opinion is this work is more within ISO scope than ITU scope - albeit there is work going on in Q4 of ITU-T SG17 already. IMHO we should alert ISO to our intent, get a placeholder, and then we (ie OASIS) should inform the ITU that the supply chain topic is broader than just telcom and the work rightly belongs in ISO (as fed by OASIS).

    I propose this be a topic for discussion at our next meeting.



    ------------------------------
    Duncan Sparrell
    Chief Cyber Curmudgeion
    sFractal Consulting LLC
    Oakton VA
    703-828-8646
    ------------------------------


  • 2.  RE: ISO Placeholder

    Posted 09-21-2024 18:35
    Understood, but I personally do not like ISO. The fact that you have to pay for the standard that we end up creating is a problem. So maybe we should have a joint ISO/ITU proposal. 

    Bret

    On Sat, Sep 21, 2024 at 12:56 PM Duncan Sparrell via OASIS <Mail@mail.groups.oasis-open.org> wrote:
    At a security standards summit this week, I had a discussion with a member of a USG agency (who is on this list) and a member of a very large... -posted to the "OASIS Open Supplychain Information Modeling (OSIM) TC" community

    Open Supplychain Information Modeling TC

    Post New Message
    ISO Placeholder
    Reply to Group Reply to Sender via Email
    Sep 21, 2024 2:56 PM
    Duncan Sparrell

    At a security standards summit this week, I had a discussion with a member of a USG agency (who is on this list) and a member of a very large software producer (who isn't on this list but someone else from that company is). It was suggested that we put a placeholder into ISO now for our work as a preemptive gesture to prevent duplication moving forward. OASIS does have a relatively easy path to ISO but it does take a long time and part of that is because we don't normally put such a placeholder in until after we are done creating the standard. Besides introducing delay, it allows for 'duplicative' work to flourish.

    So one topic to discuss is to validate that we would eventually want to 'promote' out work "up' to ISO (as opposed to the ITU, or as opposed to just leaving it just in OASIS).

    My personal opinion is this work is more within ISO scope than ITU scope - albeit there is work going on in Q4 of ITU-T SG17 already. IMHO we should alert ISO to our intent, get a placeholder, and then we (ie OASIS) should inform the ITU that the supply chain topic is broader than just telcom and the work rightly belongs in ISO (as fed by OASIS).

    I propose this be a topic for discussion at our next meeting.



    ------------------------------
    Duncan Sparrell
    Chief Cyber Curmudgeion
    sFractal Consulting LLC
    Oakton VA
    703-828-8646
    ------------------------------
      Reply to Group via Email   Reply to Sender via Email   View Thread   Recommend   Forward  



     
    You are subscribed to "Open Supplychain Information Modeling TC" as bret.jordan.sdo@gmail.com. To change your subscriptions, go to My Subscriptions. To unsubscribe from this community discussion, go to Unsubscribe.



    Original Message


  • 3.  RE: ISO Placeholder

    Posted 09-21-2024 19:48
    Bret,
    Wrt ISO charging model:
    I also dislike ISO in general for their charging model. But in his case I don't think it applies. My understanding is that OASIS standards that become ISO standards are not charged for. You might want to check with Jamie (ie OASIS Legal & OASIS Liaision) to validate which of us is correct.

    Wrt: joint ISO/ITU
    And I am vehemently against joint ISO/ITU. I think the swimlanes should get defined and something belongs in one or the other. Joint means you have to get both to approve and it's a nightmare as the current joint ISO/ITU work in SG17 has already shown. Pick one. If you think it is within ITU scope, then argue for ITU, not both.

    My understanding is ISO was created after ITU and IEC to cover all standards not already covered by those two. If it's telcom, it's ITU. If it's electricity, it's IEC. Everything else is ISO.

    You can make the argument that everything cybersecurity is ITU since there is no need for cybersecurity without telcom (i.e. telcom is the attack avenue and the reason you need cybersecurity). I used to make that argument but lost it too many times so now I'm of the mind that 'cybersecurity of telcom' is ITU but general cybersecurity is ISO. And if it's for telcom and general  - then it's ISO and ITU references the ISO standards for the any telcom-specific application.

    But happy to discuss more at 1-Oct meeting.

    iPhone, iTypo, iApologize

    Duncan Sparrell
    sFractal Consulting, LLC
    I welcome VSRE emails. Learn more at http://vsre.info/




    Original Message


  • 4.  RE: ISO Placeholder

    Posted 09-23-2024 11:48

    If the process used to bring a standard into ISO/IEC is the Publicly Available Standard (PAS) process they can be offered by ISO as free.  They are listed here: https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html

    Bob

    Robert (Bob) Martin Sr. Software and Supply Chain Assurance Principal Eng. Cross Cutting Solutions and Innovation Dept Cyber Solutions Innovation Center MITRE Labs MITRE Corporation 781-271-3001o 781-424-4095c
    On 9/21/24 7:47 PM, Duncan Sparrell via OASIS wrote:
    0100019216fc2f40-685c881f-ce03-4957-bf8c-83dfb6191d2d-000000@email.amazonses.com">
    Bret, Wrt ISO charging model: I also dislike ISO in general for their charging model. But in his case I don't think it applies. My understanding. . . Open Supplychain Information Modeling TC Post New Message Re: ISO Placeholder Reply to Group
    Bret, Wrt ISO charging model: I also dislike ISO in general for their charging model. But in his case I don't think it applies. My understanding...



    Original Message


  • 5.  RE: ISO Placeholder

    Posted 09-24-2024 07:54
    OASIS can submit via the Publicly Available Specification (PAS) process. It both gives you the ISO stamp and allows for the standard to be freely available.

    OASIS did this with MQTT: https://www.ansi.org/standards-news/all-news/2016/08/isoiec-jtc-1-approves-oasis-mqtt-internet-of-things-standard-04, and Bob posted the public download page: https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html.

    I support working with ISO rather than ITU-T, and I support requesting OASIS to "put in a placeholder" with ISO for OSIM.

    David Kemp
    NSA Cybersecurity Collaboration Center



    Original Message


Related Content