Members of the OASIS Open Command and Control (OpenC2) TC create and manage technical content in this TC GitHub repository ( https://github.com/oasis-tcs/openc2-impl-https ) as part of the TC's chartered work (i.e., the program of work and deliverables described in its charter).
OASIS TC GitHub repositories, as described in GitHub Repositories for OASIS TC Members' Chartered Work, are governed by the OASIS TC Process, IPR Policy, and other policies, similar to TC Wikis, TC JIRA issues tracking instances, TC SVN/Subversion repositories, etc. While they make use of public GitHub repositories, these TC GitHub repositories are distinct from OASIS TC Open Repositories, which are used for development of open source licensed content.
The purpose of this GitHub repository is to support development of proposals and change tracking for the OpenC2 HTTPS implementation specification as new working draft level revisions are created and the associated CSDs mature.
This repository is designed to support TC members' work on a formal specification that describes the use of HTTPS as a transfer mechanism for OpenC2 messages. Provisional Work Product title: "Specification for Transfer of OpenC2 Messages via HTTPS", edited by David Lemire (G2). The specification explains the transfer of OpenC2 command and response messages using HTTP and the use of TLS to provide security. The authoritative format for the specification is Markdown, as per the OpenC2 TC request form.
This repository is organized with three branches:
The Working branch contains work product material that is actively being developed, and subject to potentially frequent and significant change. Contributors to the work product should target their inputs to the Working branch.
The Releases branch contains incremental releases (i.e., Working Drafts [WDs]) of the work product. The current contents of the Working branch are merged into the Releases branch to create a WD.
The Master branch contains TC-approved Committee Specification (CS) or OASIS Standard versions of the work product. Until the first CS is approved, the Master branch will not contain a complete version of the work product.
This branching strategy is illustrated below:
Committee Specification, v1.0
The OpenC2 TC approved v1.0 of the HTTPS Transfer Specification as an OASIS Committee Specification on 11 July 2019. The OASIS publication announcement was made on 5 August 2019. The master branch of this repository contains copies of the files published by OASIS and linked to that announcement; these copies are captured here for convenience and the versions on the OASIS website are the official, authoritative versions of the specification.
As stated in this repository's CONTRIBUTING file, contributors to this repository are expected to be Members of the OASIS OpenC2 TC, for any substantive change requests. Anyone wishing to contribute to this GitHub project and participate in the TC's technical activity is invited to join as an OASIS TC Member. Public feedback is also accepted, subject to the terms of the OASIS Feedback License.
Please see the LICENSE file for description of the license terms and OASIS policies applicable to the TC's work in this GitHub project. Content in this repository is intended to be part of the OpenC2 TC's permanent record of activity, visible and freely available for all to use, subject to applicable OASIS policies, as presented in the repository LICENSE file.
Further Description of this Repository
This specification describes the use of Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS) as a transport mechanism for OpenC2 messages; this HTTP/TLS layering is typically referred to as HTTPS [RFC2818]. As described in [RFC3205], HTTP has become a common "substrate" for information transfer for other application-level protocols. The broad availability of HTTP makes it a useful option for OpenC2 message transport in support of prototyping, interoperability testing, and for operational use in environments where appropriate security protections can be provided. Similarly, TLS is a mature and widely-used protocol for securing information transfers in TCP/IP network environments. This specification provide guidance to the OpenC2 implementation community when utilizing HTTPS for OpenC2 message transport. It includes guidance for selection of TLS versions and options suitable for use with OpenC2 (see Section 3.2.3).