OASIS moved forward on two fronts in Web services standardization this week, ratifying a proposal for gauging security vulnerabilities and forming a panel to advance a standard for the building management industry.
Members approved Application Vulnerability Description Language (AVDL) Version 1.0 as an official OASIS Standard. AVDL provides a method for exchanging information about security vulnerabilities within Web services and Web applications, according to OASIS.
AVDL saves network managers from having to manually compare reports from application vulnerability assessments with application firewall rules, patch management systems, and other information from event correlation systems, OASIS said. Vulnerability assessments instead can be imported from AVDL-compliant application scanners. The technology already is being implemented at organizations such as United States Department of Energy and the National Nuclear Security Administration.
OASIS also unveiled plans to advance oBIX (Open Building Information Xchange), with the formation of an oBIX Technical Committee to define a standard method to enable mechanical and electrical systems in facilities to communicate with enterprise applications. The oBIX technology would be applicable to systems such as heating, venting, and air conditioning; elevators; laboratory equipment; life/safety systems; and closed circuit television monitoring. Web services would be used to enhance the effectiveness of building control systems.
The proposal represents a growing trend of vertical industries developing standards within OASIS to leverage Web services for specific industry needs, OASIS said.