OASIS Report toISO/IEC JTC 1/Study Group on Smart Cities

April 2014

The following report is provided in connection with the Study Group's ongoing examination of existing and developing projects for ICT standardization, including OASIS projects, relevant to the following potential areas of interest to the Study Group:

• Device and Sensor Control• Policy and Privacy Implementation• Smartgrid and Sustainability• Cybersecurity and Access Control• Network Architecture, Topology and Control• Reliability and Orchestration of Networked Data Transactions

Information about OASIS generally can be found at http://www.oasis-open.org. OASIS is one of the oldest and largest consortia for the development, convergence and adoption of ICT open standards. OASIS participates actively and widely in global standards collaboration efforts with public administrations, de jure standards authorities and industry consortia, and has been a recognized PAS submitter to JTC 1 since 2004. See http://www.oasis-open.org/liaisons.

Device and Sensor Control

The OASIS Open Services for Lifecycle Collaboration (OSLC) project applies the W3C's Linked Data Platform semantic methodology to describe, find parts of and help control networks of far-flung networked devices and systems, with specific application to M2M and smart devices being addressed by the OASIS OSLC Lifecycle Integration TC: https://www.oasis-open.org/news/pr/oasis-forms-oslc-core-technical-committee-to-develop-standards-for-lifecycle-integration.

The OASIS Open Building Information Exchange (OBiX) project, building on its successful v1.0 specification, is developing a set of four enhanced specifications for building control, security and HVAC systems, which also are incorporated in home networking specs being developed by the SmartTV Alliance: https://www.oasis-open.org/news/announcements/30-day-public-review-for-4-open-building-information-exchange-obix-committee-spec; https://developers.smarttv-alliance.org/specification

OASIS members have developed a set of open standards web services tools for device discovery and management, including the OASIS standards Devices Profile for Web Services (DPWS) v1.1 and Web Services Dynamic Discovery (WS-Discovery) v1.1: https://www.oasis-open.org/news/pr/oasis-members-approve-ws-dd-standards-to-enable-secure-web-service-discovery-and-control-of-.

The OASIS Virtual I/O Device (VIRTIO) project is developing a standardized common device driver accessible across a variety of hypervisors for hardware sharing over heterogeneous networks: https://www.oasis-open.org/news/pr/oasis-members-to-develop-virtio-interoperability-standard-for-virtualization

OASIS Report to JTC 1/SmartCities Page 1 of 5

Policy and Privacy Implementation

The OASIS Transformational Government Framework (TGF) project is establishing policy guidelines and patterns for ICT-enabled delivery & service transactions by and for public administrations, including its TGF Pattern Language Core Patterns v1.0 OASIS standard: https://www.oasis-open.org/news/announcements/transformational-government-framework-tgf-pattern-language-core-patterns-v1-0-oas. OASIS TGF is used in the new British Smart Cities specification, BSI Standard for Smart Cities (PAS 181): https://www.oasis-open.org/news/pr/new-british-smart-cities-specification-uses-oasis-transformational-government-framework; http://www.bsigroup.com/en-GB/smart-cities/

Key open standards projects for ensuring that proper data protection and privacy functions are natively present in networked systems include: the OASIS Privacy Management Reference Model (PMRM) draft specification, which defines an openly-available privacy technical model and a structured, modeled set of common implementable services and interactions which can tie network functions and events to the fulfillment of policy requirements in auditable ways: https://www.oasis-open.org/news/announcements/15-day-public-review-for-privacy-management-reference-model-and-methodology-pmr-0; https://lists.oasis-open.org/archives/tc-announce/201007/msg00005.html; and the OASIS Privacy by Design for Software Engineers (PbD-SE) project, which is developing a privacy governance model for code expressed in, among other things, guidance for interface design, and code tools including in OMG's UML: https://www.oasis-open.org/committees/pbd-se/charter.php.

Smartgrid and Sustainability

OASIS developed a series of transactive energy standards for smart grid information and energy supply transactions, starting in 2009, which have been endorsed by regulators as model specifications for open energy markets and "demand/response" transactions, enabling synchronized on-demand supply and pricing of electric power. See http://www.appliancedesign.com/articles/print/93071-nist-updated-framework-includes-new-appliance-standards; http://www.nist.gov/smartgrid/upload/NIST_Framework_Release_2-0_corr.pdf (long); http://www.cazalet.com/images/Transactive_Energy_Roadmap_-_10102012.pdf; http://www.openadr.org/faq. These include:

OASIS Energy Interoperation v1.0, which describes an information model and a communication model to enable collaborative and transactive use of energy, service definitions consistent with the OASIS SOA RM (see below), and XML vocabularies for message exchange: ‐ https://www.oasis-open.org/news/announcements/energy-interoperation-version-1-0-approved-and-published-as-committee-specificati;

OASIS Energy Market Information Exchange v1.0, with price and availability expressions: https://www.oasis-open.org/news/announcements/energy-market-information-exchange-emix-v1-0-approved-and-published-as-a-committe; http://docs.oasis-open.org/emix/emix-oasis/v1.0/emix-oasis-v1.0.html; and

OASIS WS-Calendar v1.0, which describes a semantic model for exchange of time and calendar internals and schedules: https://lists.oasis-open.org/archives/tc-announce/201109/msg00001.html.

OASIS Report to JTC 1/SmartCities Page 2 of 5

Cybersecurity and Access Control

OASIS encryption standards projects include the OASIS standard Key Management Interoperability Protocol (KMIP), https://www.oasis-open.org/news/announcements/key-management-interoperability-protocol-specification-v1-1-oasis-standard-publis; and the mobile and cloud computing functionality being added to the widely-used Public-Key Cryptography Standard #11 cryptography specification by the OASIS PKCS #11 TC: https://www.oasis-open.org/news/pr/oasis-enhances-popular-public-key-cryptography-standard-pkcs-11-for-mobile-and-cloud. Cybersecurity also requires robust identity and access-control functionality. The OASIS Security Assertion Markup Language (SAML) v2.0 (also ITU-T Rec. X-1141) has been the most widely-used open standard for identity management for years; many newer standards projects either use or copy its logical structure for attribute assertions and authorization. See: https://www.oasis-open.org/committees/security; https://wiki.oasis-open.org/security/. It is widely tooled, widely deployed in government and academic systems, and has many published profiles and extensions for particular applications. See, e.g., https://www.oasis-open.org/news/announcements/saml-channel-binding-extensions-v1-0-committee-specification-01-published. SAML even drives authorization for ISO's own standards creation and document management platform.

OASIS eXtensible Access Control Markup Language (XACML) v3.0 (also ITU-T Rec. X-1144), provides advanced discrete access control capabilities including profiles for SAML, role-based access control, REST architecture, export controls and intellectual property license control. See: https://www.oasis-open.org/news/announcements/extensible-access-control-markup-language-xacml-version-3-0-oasis-standard-is-pub ; https://wiki.oasis-open.org/xacml/.

The OASIS Web Services Secure Exchange (WS-SX) project published the OASIS standards WS-Trust v1.4, WS-SecureConversation v1.4, and WS-SecurityPolicy v1.3, extending OASIS's WS-Security and W3C's SOAP to provide Web Services methods for issuing security tokens, establishing trust relationships, and facilitating key exchange: https://www.oasis-open.org/news/pr/oasis-members-approve-nine-web-services-standards

Deploying those advanced functions in widely dispersed networks with sparse control structures has been the subject of several OASIS projects, including the OASIS Identity in the Cloud (ID-Cloud) TC, whose gap analysis work has been widely used by global standards bodies to identify areas for additional standardization (see https://lists.oasis-open.org/archives/tc-announce/201402/msg00013.html); and the OASIS Cloud Authorization (CloudAuthZ) project, whose first use case analysis currently is completing public review: https://www.oasis-open.org/news/announcements/30-day-public-review-for-cloud-authorization-use-cases-v1-0-cloudauthz-ends-26-ap

Network Architecture, Topology and Control

A basic model and core concepts for modular, service-oriented network architectures were described in the OASIS Standard Reference Model for SOA (SOA-RM), which has been widely used as a basis for government service network architectures and other standards in SOA and cloud computing domains: https://www.oasis-open.org/news/pr/members-approve-reference-model-for-service-oriented-architecture-soa-rm-as-oasis-standard. More detailed models and methodologies are elaborated in the project's OASIS SOA Reference Architecture Foundation (SOA-RAF): https://www.oasis-open.org/news/announcements/reference-architecture-foundation-for-service-oriented-architecture-v1-0-cs01-pub.

OASIS Report to JTC 1/SmartCities Page 3 of 5

The specific challenges of provisioning, deploying and monitoring routines across a cloud network are addressed by the OASIS standard Topology and Orchestration Specification for Cloud Applications (TOSCA) v.1.0, which can be used to describe and direct cloud infrastructure services and applications across multiple networks and different providers: https://www.oasis-open.org/news/pr/oasis-approves-tosca-standard-for-deployment-and-operational-management-of-applications-acr; and the OASIS Cloud Application Management for Platforms (CAMP) project, developing a REST-based interoperable protocol used by cloud implementers to package and deploy their applications, which currently is completing work on CAMP v1.1 and CAMP Test Assertions v1.1 specifications. https://www.oasis-open.org/news/announcements/15-day-public-review-for-cloud-application-management-for-platforms-camp-v1-1-end; https://www.oasis-open.org/news/pr/camp-tc

Additional open standards projects fulfill specific key service roles within a distributed architecture. The OASIS SOA Repository Artifact Model and Protocol (S-RAMP) v1.0, which provides an SOA artifact data model, together with bindings that describe a syntax for interacting with a SOA repository: https://www.oasis-open.org/news/announcements/s-ramp-version-1-0-committee-specification-01-published. The ebXML Registry and Repository OASIS standards, now at v4.0, define service interfaces, protocols and information model for an integrated open data registry and repository: https://lists.oasis-open.org/archives/tc-announce/201201/msg00010.html.

The OASIS standards Open Data Protocol (OData) v4.0 and OData JSON Format v4.0 specify RESTful protocols for data sharing across heterogeneous enterprise, cloud and mobile systems. https://www.oasis-open.org/news/pr/oasis-approves-odata-4-0-standards-for-an-open-programmable-web.

Reliability and Orchestration of Networked Data Transactions Reliable and enforceable data exchanges require messaging and interaction patterns that can handle complex message traffic correctly among devices and networks – without losing track of proper sequences, recipients, levels of authorization or levels of security. Large-scale and often low-powered device networks require simple, compact protocols that hold up under ultra-high-volume and ultra-high-speed conditions.

OASIS projects to fulfill that requirement include the OASIS standard Advanced Message Queuing Protocol (AMQP) v1.0, widely used in the financial industry: https://www.oasis-open.org/news/pr/amqp-1-0-approval; and the OASIS Message Queuing Telemetry Transport (MQTT) project, developing an open publish/subscribe protocol explicitly designed for telemetry and IoT networks, based on the already-industry-deployed MQTT v3.1 and an Eclipse open source framework: https://www.oasis-open.org/news/pr/oasis-members-to-advance-mqtt-standard-for-m2m-iot-reliable-messaging; https://www.oasis-open.org/news/announcements/30-day-public-review-for-mqtt-and-the-nist-cybersecurity-framework-version-1-0-en.

OASIS standards that also address those reliability functions, across a broad variety of network types and encoding types, include:

The OASIS ebXML Messaging standards, now at v3.0, define packaging, transport and routing of transactional messages consistent with multiple protocols, including SOAP, SAML, WS-Reliable Messaging and IETF's "AS" series of EDI-INT standards. They are particularly used in public administration (e-Gov) systems: https://www.oasis-open.org/news/pr/as4-profile-of-ebms-3-0-becomes-oasis-standard; https://www.oasis-open.org/news/pr/members-approve-ebxml-messaging-services-3-0-as-oasis-standard.

OASIS Report to JTC 1/SmartCities Page 4 of 5

OASIS's WS-Reliable Messaging v1.2, and a suite of related OASIS standards, provides reliable and secure messaging protocols, widely used and tooled in transactional Web Services networks and middleware-driven systems: https://www.oasis-open.org/news/pr/oasis-members-approve-nine-web-services-standards .

OASIS members also developed the OASIS standard SOAP-over-UDP v1.1, extending W3C's SOAP for use over the IETF RFC 768 User Datagram Protocol (UDP), a terse core Internet data transport method for simple systems: https://www.oasis-open.org/news/pr/oasis-members-approve-ws-dd-standards-to-enable-secure-web-service-discovery-and-control-of-. OASIS also hosts the WS-I series of SOAP reliability profiled for web services: the WS-I Basic Profile v1.1 (also ISO/IEC 29361:2008), WS-I Attachments Profile v1.0 (also ISO/IEC 29362:2008) and WS-I Simple SOAP Binding Profile v1.0 (also ISO/IEC 29363:2008). http://www.oasis - ws - i.org/about .

§

OASIS Report to JTC 1/SmartCities Page 5 of 5