Document limitations and requirements around using chat tools like Slack

[OASIS-OP-Admin]

Jason has reminded me that we do not have policy documented for use of Slack, Skype or other chat tools by projects. Currently, tools like Slack violate our transparency requirements: non-members have to ask to be added before they can see the discussion; there is no way to link to an entry so that someone outside can read the exchange; there's no archival record of the conversation; and there is no way to limit participation to members of the project.

Proj Admin has handled this historically by telling projects that Slack, etc., are not approved OASIS platforms and that any exchanges that take place have no more standing that a hallway conversation. No work can be done there. Specifically, no contributions can be made there, no approvals can happen there, and it is up to the members to police its use. Note that the verb here is "tell."

We don't suggest telling projects that they can't use these tools because they are too convenient and they can easily go off and do them on their own anyway.

So we think it would make sense to put the policy into writing. That ensures that the board has given it consideration and also ensures that we tell everybody the same story every time.

While this could be done as tweaks to the TC Process and OP Rules, it may be better - since something new will certainly come along - to draft it as its own policy.

[jordan2175]

I agree that we should work on a policy document. But I want to push back on some wrongful assumptions.

1. We are no longer in the 1990s. People do not use email or list-srv email lists to discuss things. Nor do they use email based threaded discussion boards. Those were fantastic back in 1994.
2. You can easily lock down Slack to only allow members. We did that in the CTI TC and in the CACAO TC and in the OpenC2 TC. It is not hard at all. And those TCs are the largest TCs OASIS has ever had.
3. Saying you can not do business over Slack or things like it, is like saying you can not have a direct email conversation, or phone call, or even a web call to discuss things. Keep in mind that TC meetings over zoom or webex or Gotomeeting or Meet do business all of the time and most of that is never recorded in a way that public people can come back and review. If, and I mean IF there are meeting minutes they are usually so sparse and un-useful that someone would never be able to go back and figure out how or why something was done. There is no email thread to follow all of the discussions, because it is not the 1990s anymore.
4. Sometimes all of the voting members are in slack and are participating in every discussion. So in these cases it is better than a TC Meeting that is over zoom where you may only get half of the voting members.

Now with all of that said, we should write some documentations to help TCs do better at documenting decisions. And if a decision is made by the majority of voting members that are participating in a slack conversation, then maybe they should send an email at the end of the week that just documents the various things. What CTI and CACAO have done is try to send a note to the email list saying the following was talked about or the following changes decisions have been made?

What I have seem some groups in other standards bodies do, which I kind of like (though it is a lot more work). Is they have a separate document open that documents changes and decisions on a section by section basis. But that runs into problems especially in the early days when document structures can change a lot and very significantly. As section 2.1 may be come section 4.4 and then 7.1 and then 1.3 and then back to 2.8.

This is somewhat tangential to this conversation but deals with the preceding paragraph. This is why I think OASIS should adopt a model where work is done by contributions. Especially for new work items. Like there should be authors of a contribution that come to the TC with something that is somewhat fleshed out and it only becomes a CSD once it is a tangible thing.

[chet-ensign]

Bret, I'm adding the process committee email to make sure this gets full visibility. I add some comments below but my main point is that we need to consider this and put guidance in writing. Different groups are getting different messages right now and that's not good.

On Fri, Jan 26, 2024 at 11:31 PM Bret Jordan @.***> wrote:

I agree that we should work on a policy document. But I want to push back on some wrongful assumptions.

1. We are no longer in the 1990s. People do not use email or list-srv email lists to discuss things. Nor do they use email based threaded discussion boards. Those were fantastic back in 1994.
2. You can easily lock down Slack to only allow members.

I meant control access automatically from the roster. The only way I know of to control access is for the chair or someone to manually check the subscribers from time to time and remove those who have left the TC. I am confident that few Slack channels are rigorously maintained and many probably let anybody in who asks whether members of the TC or not.

1. We did that in the CTI TC and in the CACAO TC and in the OpenC2 TC. It is not hard at all. And those TCs are the largest TCs OASIS has ever had.
2. Saying you can not do business over Slack or things like it, is like saying you can not have a direct email conversation

I should be more clear about what I mean by business. And this makes me think we have an even bigger question before us, namely, what actions or transactions must take place or be recorded in a public way in order for us to be able to say that a standard was developed in an open way and provide interested parties with directions to the critical events. Have what I would consider OASIS fundamentals changed?

I think that by "business" I mean contributions and OASIS standards deliverables approvals. Those I think are fundamentals that haven't really happened until they've happened on the public record. So, for example, somebody could share some code on Slack and people could talk about it there, but it isn't yet a contribution under our rules. It is a contribution when the person who owns it takes it and puts it on the TC mailing list or -comment@ list. Likewise approvals; all the voting members can be on Slack and give a thumbs up that something can become a Committee Specification but that isn't approval. The approval of the CS has to happen in the open on the TC's official platform. CSD approvals? OK. Probably not mission critical if they're done with thumbs up/down icons. And conversation, discussion, brainstorming, like you say - equivalent to chatting in a hall or over lunch. But Contributions and Approvals can't be done on a chat platform.

1. , or phone call, or even a web call to discuss things. Keep in mind that TC meetings over zoom or webex or Gotomeeting or Meet do business all of the time and most of that is never recorded in a way that public people can come back and review. If, and I mean IF there are meeting minutes they are usually so sparse and un-useful

Yes, minutes is a whole nother can of worms.

1. that someone would never be able to go back and figure out how or why something was done. There is no email thread to follow all of the discussions, because it is not the 1990s anymore.
2. Sometimes all of the voting members are in slack and are participating in every discussion. So in these cases it is better than a TC Meeting that is over zoom where you may only get half of the voting members.

Now with all of that said, we should write some documentations to help TCs do better at documenting decisions.

I agree. At the very least, give some guidance they can follow if they care.

And if a decision is made by the majority of voting members that are participating in a slack conversation, then maybe they should send an email at the end of the week that just documents the various things. What CTI and CACAO have done is try to send a note to the email list saying the following was talked about or the following changes decisions have been made?

What I have seem some groups in other standards bodies do, which I kind of like (though it is a lot more work). Is they have a separate document open that documents changes and decisions on a section by section basis. But that runs into problems especially in the early days when document structures can change a lot and very significantly. As section 2.1 may be come section 4.4 and then 7.1 and then 1.3 and then back to 2.8.

This is somewhat tangential to this conversation but deals with the preceding paragraph. This is why I think OASIS should adopt a model where work is done by contributions. Especially for new work items. Like there should be authors of a contribution that come to the TC with something that is somewhat fleshed out and it only becomes a CSD once it is a tangible thing.

To me, the question is now turning into 2 topics: (a) what are the events that must be done on the access-controlled, publicly visible platform? (b) what are best practices for documenting progress on the interim work products in a way that doesn't impose a burden on the members and that encourages engagement and adoption of the standards broadly? We've maybe got a runway here to make things smoother and use popular, emerging tech to the good of the organization.

— Reply to this email directly, view it on GitHub https://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1912981191, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACYUWRL6KF4WKNFXF4E4ZTTYQR7IXAVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJSHE4DCMJZGE . You are receiving this because you are subscribed to this thread.Message ID: @.*** com>

-- Chet Ensign

Chief Technical Community Steward

OASIS Open

+1 201-341-1393 <+1+201-341-1393> @.*** www.oasis-open.org

[jordan2175]

But we can do business in a live meeting of the TC that is not open to the public and is not recorded on the email list. We can do a live vote or call for consent in a meeting of the TC. Meetings of the TC can take place via ANY technology platform so long as they are published to the TC or the TC knows about them.

So yes, we need to make sure we talk about this. But it is not a simple fix either way.

Bret

Sent from my TI-99/4A PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050

On Tue, Jan 30, 2024 at 9:48 AM Chet Ensign @.***> wrote:

Bret, I'm adding the process committee email to make sure this gets full visibility. I add some comments below but my main point is that we need to consider this and put guidance in writing. Different groups are getting different messages right now and that's not good.

On Fri, Jan 26, 2024 at 11:31 PM Bret Jordan @.***> wrote:

I agree that we should work on a policy document. But I want to push back on some wrongful assumptions.

1. We are no longer in the 1990s. People do not use email or list-srv email lists to discuss things. Nor do they use email based threaded discussion boards. Those were fantastic back in 1994.
2. You can easily lock down Slack to only allow members.

I meant control access automatically from the roster. The only way I know of to control access is for the chair or someone to manually check the subscribers from time to time and remove those who have left the TC. I am confident that few Slack channels are rigorously maintained and many probably let anybody in who asks whether members of the TC or not.

1. We did that in the CTI TC and in the CACAO TC and in the OpenC2 TC. It is not hard at all. And those TCs are the largest TCs OASIS has ever had.
2. Saying you can not do business over Slack or things like it, is like saying you can not have a direct email conversation

I should be more clear about what I mean by business. And this makes me think we have an even bigger question before us, namely, what actions or transactions must take place or be recorded in a public way in order for us to be able to say that a standard was developed in an open way and provide interested parties with directions to the critical events. Have what I would consider OASIS fundamentals changed?

I think that by "business" I mean contributions and OASIS standards deliverables approvals. Those I think are fundamentals that haven't really happened until they've happened on the public record. So, for example, somebody could share some code on Slack and people could talk about it there, but it isn't yet a contribution under our rules. It is a contribution when the person who owns it takes it and puts it on the TC mailing list or -comment@ list. Likewise approvals; all the voting members can be on Slack and give a thumbs up that something can become a Committee Specification but that isn't approval. The approval of the CS has to happen in the open on the TC's official platform. CSD approvals? OK. Probably not mission critical if they're done with thumbs up/down icons. And conversation, discussion, brainstorming, like you say - equivalent to chatting in a hall or over lunch. But Contributions and Approvals can't be done on a chat platform.

1. , or phone call, or even a web call to discuss things. Keep in mind that TC meetings over zoom or webex or Gotomeeting or Meet do business all of the time and most of that is never recorded in a way that public people can come back and review. If, and I mean IF there are meeting minutes they are usually so sparse and un-useful

Yes, minutes is a whole nother can of worms.

1. that someone would never be able to go back and figure out how or why something was done. There is no email thread to follow all of the discussions, because it is not the 1990s anymore.
2. Sometimes all of the voting members are in slack and are participating in every discussion. So in these cases it is better than a TC Meeting that is over zoom where you may only get half of the voting members.

Now with all of that said, we should write some documentations to help TCs do better at documenting decisions.

I agree. At the very least, give some guidance they can follow if they care.

And if a decision is made by the majority of voting members that are participating in a slack conversation, then maybe they should send an email at the end of the week that just documents the various things. What CTI and CACAO have done is try to send a note to the email list saying the following was talked about or the following changes decisions have been made?

What I have seem some groups in other standards bodies do, which I kind of like (though it is a lot more work). Is they have a separate document open that documents changes and decisions on a section by section basis. But that runs into problems especially in the early days when document structures can change a lot and very significantly. As section 2.1 may be come section 4.4 and then 7.1 and then 1.3 and then back to 2.8.

This is somewhat tangential to this conversation but deals with the preceding paragraph. This is why I think OASIS should adopt a model where work is done by contributions. Especially for new work items. Like there should be authors of a contribution that come to the TC with something that is somewhat fleshed out and it only becomes a CSD once it is a tangible thing.

To me, the question is now turning into 2 topics: (a) what are the events that must be done on the access-controlled, publicly visible platform? (b) what are best practices for documenting progress on the interim work products in a way that doesn't impose a burden on the members and that encourages engagement and adoption of the standards broadly? We've maybe got a runway here to make things smoother and use popular, emerging tech to the good of the organization.

— Reply to this email directly, view it on GitHub < https://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1912981191>,

or unsubscribe < https://github.com/notifications/unsubscribe-auth/ACYUWRL6KF4WKNFXF4E4ZTTYQR7IXAVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJSHE4DCMJZGE>

. You are receiving this because you are subscribed to this thread.Message ID: @.*** com>

-- Chet Ensign

Chief Technical Community Steward

OASIS Open

+1 201-341-1393 <+1+201-341-1393> @.*** www.oasis-open.org

— Reply to this email directly, view it on GitHub https://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1917576407, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACMTMGCYN4FXVKX7UQ4IVSDYREW5LAVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJXGU3TMNBQG4 . You are receiving this because you commented.Message ID: @.***>

[sparrell]

I want to push back on “People do not use email or list-srv email lists to discuss things.” Some people do. Not everyone does. All people probably could. Im fine with having a messaging policy - But I would like email to still be a choice.

iPhone, iTypo, iApologize

---

From: Chet Ensign @.> Sent: Tuesday, January 30, 2024 7:48:06 AM To: oasis-board-process-committee/TC-Process @.> Cc: Subscribed @.***> Subject: Re: [oasis-board-process-committee/TC-Process] Document limitations and requirements around using chat tools like Slack (Issue #22)

Bret, I'm adding the process committee email to make sure this gets full visibility. I add some comments below but my main point is that we need to consider this and put guidance in writing. Different groups are getting different messages right now and that's not good.

On Fri, Jan 26, 2024 at 11:31 PM Bret Jordan @.***> wrote:

I agree that we should work on a policy document. But I want to push back on some wrongful assumptions.

1. We are no longer in the 1990s. People do not use email or list-srv email lists to discuss things. Nor do they use email based threaded discussion boards. Those were fantastic back in 1994.
2. You can easily lock down Slack to only allow members.

I meant control access automatically from the roster. The only way I know of to control access is for the chair or someone to manually check the subscribers from time to time and remove those who have left the TC. I am confident that few Slack channels are rigorously maintained and many probably let anybody in who asks whether members of the TC or not.

1. We did that in the CTI TC and in the CACAO TC and in the OpenC2 TC. It is not hard at all. And those TCs are the largest TCs OASIS has ever had.
2. Saying you can not do business over Slack or things like it, is like saying you can not have a direct email conversation

I should be more clear about what I mean by business. And this makes me think we have an even bigger question before us, namely, what actions or transactions must take place or be recorded in a public way in order for us to be able to say that a standard was developed in an open way and provide interested parties with directions to the critical events. Have what I would consider OASIS fundamentals changed?

I think that by "business" I mean contributions and OASIS standards deliverables approvals. Those I think are fundamentals that haven't really happened until they've happened on the public record. So, for example, somebody could share some code on Slack and people could talk about it there, but it isn't yet a contribution under our rules. It is a contribution when the person who owns it takes it and puts it on the TC mailing list or -comment@ list. Likewise approvals; all the voting members can be on Slack and give a thumbs up that something can become a Committee Specification but that isn't approval. The approval of the CS has to happen in the open on the TC's official platform. CSD approvals? OK. Probably not mission critical if they're done with thumbs up/down icons. And conversation, discussion, brainstorming, like you say - equivalent to chatting in a hall or over lunch. But Contributions and Approvals can't be done on a chat platform.

1. , or phone call, or even a web call to discuss things. Keep in mind that TC meetings over zoom or webex or Gotomeeting or Meet do business all of the time and most of that is never recorded in a way that public people can come back and review. If, and I mean IF there are meeting minutes they are usually so sparse and un-useful

Yes, minutes is a whole nother can of worms.

1. that someone would never be able to go back and figure out how or why something was done. There is no email thread to follow all of the discussions, because it is not the 1990s anymore.
2. Sometimes all of the voting members are in slack and are participating in every discussion. So in these cases it is better than a TC Meeting that is over zoom where you may only get half of the voting members.

Now with all of that said, we should write some documentations to help TCs do better at documenting decisions.

I agree. At the very least, give some guidance they can follow if they care.

And if a decision is made by the majority of voting members that are participating in a slack conversation, then maybe they should send an email at the end of the week that just documents the various things. What CTI and CACAO have done is try to send a note to the email list saying the following was talked about or the following changes decisions have been made?

What I have seem some groups in other standards bodies do, which I kind of like (though it is a lot more work). Is they have a separate document open that documents changes and decisions on a section by section basis. But that runs into problems especially in the early days when document structures can change a lot and very significantly. As section 2.1 may be come section 4.4 and then 7.1 and then 1.3 and then back to 2.8.

This is somewhat tangential to this conversation but deals with the preceding paragraph. This is why I think OASIS should adopt a model where work is done by contributions. Especially for new work items. Like there should be authors of a contribution that come to the TC with something that is somewhat fleshed out and it only becomes a CSD once it is a tangible thing.

To me, the question is now turning into 2 topics: (a) what are the events that must be done on the access-controlled, publicly visible platform? (b) what are best practices for documenting progress on the interim work products in a way that doesn't impose a burden on the members and that encourages engagement and adoption of the standards broadly? We've maybe got a runway here to make things smoother and use popular, emerging tech to the good of the organization.

— Reply to this email directly, view it on GitHub https://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1912981191, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACYUWRL6KF4WKNFXF4E4ZTTYQR7IXAVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJSHE4DCMJZGE . You are receiving this because you are subscribed to this thread.Message ID: @.*** com>

-- Chet Ensign

Chief Technical Community Steward

OASIS Open

+1 201-341-1393 <+1+201-341-1393> @.*** www.oasis-open.org

— Reply to this email directly, view it on GitHubhttps://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1917576407, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AANEXD5BLSJQIVXQHDZVQETYREW5NAVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJXGU3TMNBQG4. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[jordan2175]

But we can do business in a live meeting of the TC that is not open to the public and is not recorded on the email list. We can do a live vote or call for consent in a meeting of the TC. Meetings of the TC can take place via ANY technology platform so long as they are published to the TC or the TC knows about them.

So yes, we need to make sure we talk about this. But it is not a simple fix either way.

[sparrell]

Actually you can only “do business” (ie reach decisions) if it is quorate so it’s very different than one person expressing a view on a board or in a message. It’s important for everyone to see a message which is why I’m more keen on email than any particular of a billion messaging apps. Email has faults but it is universal.

iPhone, iTypo, iApologize

---

From: Bret Jordan @.> Sent: Tuesday, January 30, 2024 10:41:32 AM To: oasis-board-process-committee/TC-Process @.> Cc: duncan sfractal.com @.>; Comment @.> Subject: Re: [oasis-board-process-committee/TC-Process] Document limitations and requirements around using chat tools like Slack (Issue #22)

But we can do business in a live meeting of the TC that is not open to the public and is not recorded on the email list. We can do a live vote or call for consent in a meeting of the TC. Meetings of the TC can take place via ANY technology platform so long as they are published to the TC or the TC knows about them.

So yes, we need to make sure we talk about this. But it is not a simple fix either way.

— Reply to this email directly, view it on GitHubhttps://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1917857446, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AANEXDZVFQ6IJT5DHOH7XTDYRFLHZAVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJXHA2TONBUGY. You are receiving this because you commented.Message ID: @.***>

[jordan2175]

Most working groups and technical committees in the various standard bodies have fewer than 40 voting members. Most have less than 20. At the high point of CTI with 352 members, we only had 49 voting members. It is very possible in situations like this to have a quorate meeting (>50% of voting members) over loads of different platforms including video conferences.

I do agree that we need some policies and guidance documents. But if we restrict interactions to the old ways of doing things is will only push people away from OASIS. We need more people bringing work to OASIS, not less.

[sparrell]

I’m for the policy. I’m just saying leave email as an option. You sometimes imply email doesn’t work and no one uses.

iPhone, iTypo, iApologize

---

From: Bret Jordan @.> Sent: Wednesday, January 31, 2024 3:38:23 PM To: oasis-board-process-committee/TC-Process @.> Cc: duncan sfractal.com @.>; Comment @.> Subject: Re: [oasis-board-process-committee/TC-Process] Document limitations and requirements around using chat tools like Slack (Issue #22)

Most working groups and technical committees in the various standard bodies have fewer than 40 voting members. Most have less than 20. At the high point of CTI with 352 members, we only had 49 voting members. It is very possible in situations like this to have a quorate meeting (>50% of voting members) over loads of different platforms including video conferences.

I do agree that we need some policies and guidance documents. But if we restrict interactions to the old ways of doing things is will only push people away from OASIS. We need more people bringing work to OASIS, not less.

— Reply to this email directly, view it on GitHubhttps://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1919916833, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AANEXD6W2GFOPUCRXHGUP3TYRKTT7AVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJZHEYTMOBTGM. You are receiving this because you commented.Message ID: @.***>

[chet-ensign]

Here is the current policy governing use of tools for work at OASIS: https://www.oasis-open.org/policies-guidelines/oasis-committee-operations-process/#visibility

The official copies of all resources of a committee and any associated subcommittees, including web pages, documents, email lists and any other records of discussions, must be located only on facilities designated by OASIS. Committees may not conduct official business or technical discussions, store documents, or host web pages on servers or systems not designated by OASIS. All web pages, documents, ballot results and email archives of all committees and subcommittees shall be publicly visible. This is the needle we have to currently thread.

On Thu, Feb 1, 2024 at 8:04 AM Duncan Sparrell @.***> wrote:

I’m for the policy. I’m just saying leave email as an option. You sometimes imply email doesn’t work and no one uses.

iPhone, iTypo, iApologize

---

From: Bret Jordan @.> Sent: Wednesday, January 31, 2024 3:38:23 PM To: oasis-board-process-committee/TC-Process @.> Cc: duncan sfractal.com @.>; Comment @.> Subject: Re: [oasis-board-process-committee/TC-Process] Document limitations and requirements around using chat tools like Slack (Issue #22)

Most working groups and technical committees in the various standard bodies have fewer than 40 voting members. Most have less than 20. At the high point of CTI with 352 members, we only had 49 voting members. It is very possible in situations like this to have a quorate meeting (>50% of voting members) over loads of different platforms including video conferences.

I do agree that we need some policies and guidance documents. But if we restrict interactions to the old ways of doing things is will only push people away from OASIS. We need more people bringing work to OASIS, not less.

— Reply to this email directly, view it on GitHub< https://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1919916833>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/AANEXD6W2GFOPUCRXHGUP3TYRKTT7AVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJZHEYTMOBTGM>.

You are receiving this because you commented.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1921282442, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACYUWRJXILARHSHZ7HBIL4LYROHGJAVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMRRGI4DENBUGI . You are receiving this because you commented.Message ID: @.***>

-- Chet Ensign

Chief Technical Community Steward

OASIS Open

+1 201-341-1393 <+1+201-341-1393> @.*** www.oasis-open.org

[jordan2175]

So are Zoom, GotoMeeting, Meet, WebEx, Phone Bridges, etc "facilities designated by OASIS"? If not, then we cannot do any business via any of these and that means the vast majority of business, greater than 90%, is probably null and void. My point with all of this, is that the rules and polices we have are outdated and in my view broken.

[cabralje]

I think Brett is right about Zoom, et. al., It seems like the problematic sentence in Committee Operations Section 1.5 is "Committees may not conduct official business or technical discussions, store documents, or host web pages on servers or systems not designated by OASIS.". Either OASIS needs to provide all those technologies (I don't think we can afford that). or that sentence needs to either be updated to allow for "official business or technical discussions" on other platforms as long as important artifacts (specifications, minutes, etc.) are captured on OASIS designated systems.

[sparrell]

On a tangential but related note wrt Zoom “as provided by OASIS” combined with Jim’s comment “I don’t think we can afford that”:

If I understand OASIS zoom (take this with a grain of salt as I’m just observing on the projects and TCs that I participate in so I may be misunderstanding) – OASIS does have a zoom account but it’s an account that doesn’t allow multiple people yet we share across many people/TC’s/Open-Projects. This results in account/password sharing (a major security no-no) using a particular password manager (lastpass) which, albeit popular, is the most-hacked password manager.

Although tangential, it’s very relevant to this discussion because we either need to correctly provide the tools, or make the members correctly provide the tools, or not use the tools. Where “tools” is any one of the tools Bret mentions. Our current policies, procedures and practices are a recipe for disaster (doubly so given my other email that I do think we are a target and at risk).

-- Duncan Sparrell sFractal Consulting iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/

From: Jim Cabral @.> Date: Saturday, February 3, 2024 at 1:04 PM To: oasis-board-process-committee/TC-Process @.> Cc: duncan sfractal.com @.>, Comment @.> Subject: Re: [oasis-board-process-committee/TC-Process] Document limitations and requirements around using chat tools like Slack (Issue #22)

I think Brett is right about Zoom, et. al., It seems like the problematic sentence in Committee Operations Section 1.5 is "Committees may not conduct official business or technical discussions, store documents, or host web pages on servers or systems not designated by OASIS.". Either OASIS needs to provide all those technologies (I don't think we can afford that). or that sentence needs to either be updated to allow for "official business or technical discussions" on other platforms as long as important artifacts (specifications, minutes, etc.) are captured on OASIS designated systems.

— Reply to this email directly, view it on GitHubhttps://github.com/oasis-board-process-committee/TC-Process/issues/22#issuecomment-1925416215, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AANEXD4Y3MTL6IYSESE5PG3YRZ325AVCNFSM6AAAAABCMRVWSGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMRVGQYTMMRRGU. You are receiving this because you commented.Message ID: @.***>

[Vasileios-Mavroeidis]

I agree with Jim. Something like this may work (a first attempt).

"The official copies of all resources of a committee and any associated subcommittees, including web pages, documents, and email lists, must be located only in facilities designated by OASIS. All web pages, documents, ballot results, and email archives of all committees and subcommittees shall be publicly visible. In that regard, committees may decide to discuss official business and engage in technical discussions in non-designated systems by OASIS. However, all matters that require consensus and approval must be documented only in systems designated by OASIS for archival and transparency purposes".

[jordan2175]

We talked about this on the process committee today and we decided to work on this and address it. There are two sides, keeping track of decisions and protecting IPR and the other is building communities.