Members of the OASIS Open Command and Control (OpenC2) TC create and manage technical content in this TC GitHub repository ( https://github.com/oasis-tcs/openc2-impl-https ) as part of the TC's chartered work (i.e., the program of work and deliverables described in its charter).
OASIS TC GitHub repositories, as described in GitHub Repositories for OASIS TC Members' Chartered Work, are governed by the OASIS TC Process, IPR Policy, and other policies, similar to TC Wikis, TC JIRA issues tracking instances, TC SVN/Subversion repositories, etc. While they make use of public GitHub repositories, these TC GitHub repositories are distinct from OASIS TC Open Repositories, which are used for development of open source licensed content.
The purpose of this GitHub repository is to support development of proposals and change tracking for the OpenC2 HTTPS implementation specification as new working draft level revisions are created and the associated CSDs mature.
This repository is designed to support TC members' work on a formal specification that describes the use of HTTPS as a transfer mechanism for OpenC2 messages. Provisional Work Product title: "Specification for Transfer of OpenC2 Messages via HTTPS", edited by David Lemire (G2). The specification explains the transfer of OpenC2 command and response messages using HTTP and the use of TLS to provide security. The authoritative format for the specification is Markdown, as per the OpenC2 TC request form.
As stated in this repository's CONTRIBUTING file, contributors to this repository are expected to be Members of the OASIS OpenC2 TC, for any substantive change requests. Anyone wishing to contribute to this GitHub project and participate in the TC's technical activity is invited to join as an OASIS TC Member. Public feedback is also accepted, subject to the terms of the OASIS Feedback License.
Please see the LICENSE file for description of the license terms and OASIS policies applicable to the TC's work in this GitHub project. Content in this repository is intended to be part of the OpenC2 TC's permanent record of activity, visible and freely available for all to use, subject to applicable OASIS policies, as presented in the repository LICENSE file.
Further Description of this Repository
This specification describes the use of Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS) as a transport mechanism for OpenC2 messages; this HTTP/TLS layering is typically referred to as HTTPS [RFC2818]. As described in [RFC3205], HTTP has become a common "substrate" for information transfer for other application-level protocols. The broad availability of HTTP makes it a useful option for OpenC2 message transport in support of prototyping, interoperability testing, and for operational use in environments where appropriate security protections can be provided. Similarly, TLS is a mature and widely-used protocol for securing information transfers in TCP/IP network environments. This specification provide guidance to the OpenC2 implementation community when utilizing HTTPS for OpenC2 message transport. It includes guidance for selection of TLS versions and options suitable for use with OpenC2 (see Section 3.2.3).