from TC minutes https://raw.githubusercontent.com/oasis-tcs/csaf/master/meeting_minutes/2022/2022-03-30.md - Thomas set motion to request TC admins to register “csaf” as ROLIE feed type [#314](https://github.com/oasis-tcs/csaf/issues/314) - Omar second - Motion passed - Will work with Chet and OASIS to complete [PK - I think this motion is not relevant for the three IANA request tickets (TCADMIN-4263, -4, -5)] It is apparently based on RFC8322. See the CSAF spec (OS) sections 7.1.15-7.1.17. - Thomas set motion - Register path in .well-known [#317](https://github.com/oasis-tcs/csaf/issues/317) - Which will work with OASIS admins to register - Omar second - Motion approved [PK - This motion is relevant for the IANA request tickets (TCADMIN-4263 and TCADMIN-4264)] From TCADMIN-4263 "Link to the request form prepared by the committee:" [5] (https://raw.githubusercontent.com/oasis-tcs/csaf/master/csaf_2.0/register/dot-well-dash-known-slash/csaf-aggregator.txt) URI suffix: .well-known/csaf-aggregator/ Change controller: OASIS_OPEN Specification document(s): Common Security Advisory Framework Version 2.0 section 7.1.21 Requirement 21: List of CSAF providers, URL: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7121-requirement-21-list-of-csaf-providers Related information: Common Security Advisory Framework Version 2.0 section 7 Distributing CSAF Documents, URL https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7-distributing-csaf-documents From TCADMIN-4264 "Link to the request form prepared by the committee:" [5] (https://raw.githubusercontent.com/oasis-tcs/csaf/master/csaf_2.0/register/dot-well-dash-known-slash/csaf.txt) URI suffix: .well-known/csaf/ Change controller: OASIS_OPEN Specification document(s): Common Security Advisory Framework Version 2.0 section 7.1.9 Requirement 9: Well-known URL for provider-metadata.json, URL https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#719-requirement-9-well-known-url-for-provider-metadatajson [Note - prefer to use the OS link: - https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#719-requirement-9-well-known-url-for-provider-metadatajson] Related information: Common Security Advisory Framework Version 2.0 section 7 Distributing CSAF Documents, URL https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7-distributing-csaf-documents [Note - prefer to use the OS link: - https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#7-distributing-csaf-documents] from TC minutes: - Thomas set motion to approve CSAF in security.txt [#318](https://github.com/oasis-tcs/csaf/issues/318) - Issue https://github.com/oasis-tcs/csaf/issues/318 - Omar second - Motion approved - Dependent on second standard - https://github.com/securitytxt/security-txt/issues/200 [PK - This motion is relevant for the IANA request ticket (TCADMIN-4265)] Text from item [5] (TCADMIN-4265 - Link to the request form prepared by the committee): Field Name: CSAF Description: link to a provider-metadata.json resource of the Common Security Advisory Framework (CSAF) Multiple Appearances: yes Status: current Change controller: OASIS-OPEN Reference: Common Security Advisory Framework Version 2.0 section 7.1.8 "Requirement 8: security.txt" https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#718-requirement-8-securitytxt [Note - prefer to use the OS link: - https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#718-requirement-8-securitytxt]