< Home | Return to Ballot listing

Ballot Details    TC Member Ballot View
Call for consent of Secure QR Code Authentication Version 1.0 as an OASIS Standard

Do you approve Secure QR Code Authentication Version 1.0 for OASIS Standard?

The Electronic Secure Authentication (ESAT) TC [1] has approved submitting Secure QR Code Authentication Version 1.0 to the members of OASIS as a candidate for OASIS Standard.

The specification describes the use of QR Codes and a mobile phone as a replacement for a username and password in user login authentication. An alternative to passwords that includes QR Codes is described, and typical use cases are described. This document also provides an overview and context for using QR Codes for security purposes.

In addition, the document specifies a "Secure QR Code Authentication Protocol" (SQRAP) and assesses the related security threats and risks.

The TC has received 3 Statements of Use from HYPR, Trusona, and CVS.[2].

This is a call to the Organizational Members of OASIS to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however your consent is assumed unless you register an objection [3]. To register an objection, you must:

1. Indicate your objection on this ballot, and

2. Provide a reason for your objection and/or a proposed remedy to the TC.

You may provide the reason in the comment box or by email to the Technical Committee on its comment mailing list or, if you are a member of the TC, to the TC's mailing list [4]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent. Note that failing to provide a reason and/or remedy may result in an objection being deemed invalid.

URIs:

The Committee Specification is available here:

Secure QR Code Authentication Version 1.0
Committee Specification 01
01 July 2022

Editable source (Authoritative):
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.docx

HTML:
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.html

PDF:
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

http://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.zip

Please contact OASIS TC Administration at tc-admin@lists.oasis-open.org with any questions you may have about this ballot.

--- Additional information ---

[1] Electronic Secure Authentication (ESAT) TC
https://www.oasis-open.org/committees/esat/

[2] Statements of use

- HYPR:
https://www.oasis-open.org/apps/org/workgroup/esat/email/archives/202207/msg00001.html

- Trusona:
https://www.oasis-open.org/apps/org/workgroup/esat/email/archives/202207/msg00000.html

- CVS:
https://www.oasis-open.org/apps/org/workgroup/esat/email/archives/202206/msg00009.html

[3] https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent

[4] Comments may be submitted to the TC through the use of the OASIS TC Comment Facility as explained in the instructions located at https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=esat

Comments submitted to the TC are publicly archived and can be viewed at https://lists.oasis-open.org/archives/esat-comment/

Members of the TC should send comments directly to esat@lists.oasis-open.org.

 [ ]  Yes
 [ ]  No
Opening:   Wednesday, 21 September 2022 @ 12:00 am UTC
Closing:   Tuesday, 4 October 2022 @ 11:59 pm UTC
Group:   OASIS organizational voting
Ballot has closed.

Referenced Items
Name Type Date Action
* 03728: Call for consent of Secure QR Code Authentication Version 1.0 as an OASIS Standard (146K)
Document
2022-10-04
No Access

Voting Details

Voting Summary

Options with highest number of votes are bold

Option # Votes % of Total
Yes 15 100%
No 0 0%
Eligible companies who have voted: 15 of 207 7%
Eligible companies who have abstained: 0 of 207 0%
Eligible companies who have not voted: 192 of 207 93%

Voting Details

Voter Company VoteReference Document and/or Comment
Florian Skopik (Pri)
AIT Austrian Institute of Technology
--
 
Maria Adamczyk (Pri)
AT&T
--
 
Robert Coderre (Pri)
Accenture
--
 
scott tester (Pri)
Acme Test Company
--
 
Vivek Kumar (Pri)
Adobe Systems
--
 
Abbie Barbir (Pri)
Aetna
Yes
 
Roberto Sanchez (Pri)
Anomali
--
 
Cameron Esfahani (Pri)
Apple
--
 
Will Rideout (Pri)
Arista Networks
--
 
Jim Price (Pri)
Arizona Supreme Court
--
 
Antonio Di Perna (Pri)
BankUnited, N.A.
--
 
Alvaro Sandoval (Pri)
Biblioteca del Congreso Nacional de Chile
--
 
Jim Tivy (Pri)
Bluestream
--
 
Karl Hribernik (Pri)
Bremen Institut fur Produktion und Logisti...
--
 
Bret Jordan (Pri)
Bret Jordan
--
 
Heather Kanser (Pri)
Broadcom
--
 
Martin Zádník (Pri)
CESNET, z. s. p. o.
--
 
Alexandre Dulaunoy (Pri)
CIRCL
--
 
Arsalan Iqbal (Pri)
CTM360
--
 
Mary Wilson (Pri)
Carnegie Mellon University
Yes
 
Adelyn Zhou (Pri)
Chainlink
--
 
Narendra Vad (Pri)
Cisco Systems
--
 
Matthew Reed (Pri)
Coelition
--
 
Dawn Stevens (Pri)
Comtech Services, Inc.
--
 
John Wolpert (Pri)
Consensys AG
--
 
Jeff Williams (Pri)
Contrast Security
--
 
Daniel Riedel (Pri)
Copado
--
 
Tim Hudson (Pri)
Cryptsoft Pty Ltd.
--
 
Dmitry Raidman (Pri)
Cybeats
--
 
Jane Ginn (Pri)
Cyber Threat Intelligence Network, Inc. (C...
Yes
 
Anuj Goel (Pri)
Cyware Labs
--
 
Preston Werntz (Pri)
DHS Cybersecurity and Infrastructure Secur...
--
 
Ole Madsen (Pri)
Danish Business Authority
--
 
Paul Patrick (Pri)
DarkLight, Inc.
Yes
 
Gauthier Fanmuy (Pri)
Dassault Systemes
--
 
Len Vitello (Pri)
DataBrains, Inc
--
 
Judith Furlong (Pri)
Dell
--
 
Sigbjorn Berntzen (Pri)
Directorate of Labour and Welfare Norway
--
 
Mark Wood (Pri)
Disaster Relief Communications Foundation
--
 
Zaiming Shi (Pri)
EMQ Technologies Co., Ltd.
--
 
Andreas Schaffhauser (Pri)
EUMETNET
--
 
James Canterbury (Pri)
EYGS LLP
--
 
Aukjan van Belkum (Pri)
EclecticIQ
--
 
Matt Wakefield (Pri)
Electric Power Research Institute (EPRI)
--
 
Mark Nixon (Pri)
Emerson Process Management
--
 
Thomas Sigdestad (Pri)
Enonic
--
 
Richard Hogue (Pri)
Environment Canada
--
 
Daniel Norkin (Pri)
Envision Blockchain Solutions LLC
--
 
Gary Egner (Pri)
Equivant
Yes
 
Carolina Canales-Valenzuela (Pri)
Ericsson
--
 
Olivier Leboeuf (Pri)
European Parliament
--
 
Pavel Rychly (Pri)
Faculty of Informatics Masaryk University
--
 
Thomas Schmidt (Pri)
Federal Office for Information Security (B...
--
 
Kendall Miller (Pri)
File & ServeXpress
--
 
Chris Ricard (Pri)
Financial Services Information Sharing and...
--
 
Andrew Cummings (Pri)
ForAllSecure Inc
--
 
Gerald Stueve (Alt)
Fornetix
Yes
 
Daniel Mallmann (Pri)
Forschungszentrum Juelich GmbH
--
 
Francisco de Andrés Pérez (Pri)
Francisco Luis de Andrés Pérez
Yes
 
Makiko Shimamura (Pri)
Fujitsu Limited
--
 
Patrik Jonasson (Pri)
GS1 AISBL
--
 
Jeremy Allison (Pri)
Google Inc.
--
 
Paul Anderson (Pri)
GrammaTech, Inc.
--
 
Pierre-Jean Lautier (Pri)
HARMAN
--
 
Bill Burns (Pri)
HP Inc.
--
 
Bojan Simic (Pri)
HYPR CORP
--
 
Jeff Vernon (Pri)
HaasOnline
Yes
 
Christoph Meinel (Pri)
Hasso Plattner Institute
--
 
Priya Mysore (Pri)
Healthwise
--
 
Shiva Dasari (Pri)
Hewlett Packard Enterprise (HPE)
--
 
Akihito Sawada (Pri)
Hitachi, Ltd.
--
 
Christian Goetz (Pri)
HiveMQ GmbH
--
 
Fang You (Pri)
Huawei Technologies Co., Ltd.
--
 
Jason Keirstead (Pri)
IBM
--
 
Sid Baccam (Pri)
IEM
--
 
Ashwini Jarral (Pri)
IJIS Institute
--
 
Eric Sirois (Pri)
IXIASOFT
--
 
Ryan Foley (Pri)
ImageSoft, Inc.
--
 
Michael Priestley (Pri)
Individual
--
 
James Cabral (Pri)
InfoTrack US
--
 
Michael Markowitz (Pri)
Information Security Corporation
--
 
Philippe Merle (Pri)
Inria
--
 
Michelle Stout (Pri)
Intel Corp.
--
 
Katalin Bartfai-Walcott (Pri)
Intel Corporation
--
 
Steve Olshansky (Pri)
Internet Society (ISOC)
--
 
Ken Klingenstein (Pri)
Internet2
--
 
Stephen Chin (Pri)
JFrog
--
 
Damian Tamburri (Pri)
Jheronimus Academy of Data Science (JADS)
--
 
Thomas Smith (Pri)
Johns Hopkins University Applied Physics L...
--
 
Katherine Escobar (Pri)
Joint Staff JS-J6 Command, Control, Commun...
--
 
Simon Krek (Pri)
Jozef Stefan Institute
--
 
Camilla Boemann (Pri)
KDE e.V.
--
 
Sandra Stuart (Pri)
Kaiser Permanente
Yes
 
Axel Reichwein (Pri)
Koneksys
--
 
Milos Jakubicek (Pri)
Lexical Computing CZ s.r.o.
--
 
Maarten van der Veen (Pri)
Logius
--
 
Snorri Ogata (Pri)
Los Angeles Superior Court
--
 
Thomas Hardjono (Pri)
M.I.T.
--
 
Arjun Kalsy (Pri)
Matic Network BVI Limited
--
 
Michael Angelo (Pri)
Micro Focus
--
 
Nikola Malcolm (Pri)
Microsoft
--
 
Xavier Guimard (Pri)
Ministere de L'Interieur-France
Yes
 
Doraiswamy ('Raj') Rajagopal (Pri)
Mitre Corporation
--
 
Yuichiro Yoshinari (Pri)
Mitsubishi Corporation (Americas)
--
 
Oswald Kuyler (Pri)
MonetaGo Asia Pacific Private Limited
--
 
Olumide Akinwande (Pri)
Montech Studios Inc
--
 
Noam Eppel (Pri)
Morpheus.Network
--
 
Charles Wilson (Pri)
Motional AD
--
 
Anton Mozgovoy (Pri)
Mover
--
 
Gary Crowe (Pri)
NAPPS
--
 
Takahiro Kakumaru (Pri)
NEC Corporation
Yes
 
Kevin Mangold (Pri)
NIST
--
 
Andrea Hardy (Pri)
NOAA/NWS
--
 
Jim Harris (Pri)
National Center for State Courts
--
 
Denise Anderson (Pri)
National Council of ISACs (NCI)
--
 
Mike Boyle (Pri)
National Security Agency
--
 
John McCrae (Pri)
National University of Ireland Galway
--
 
Tim Chevalier (Pri)
NetApp
--
 
Erin O'Reilly (Pri)
NetCracker
--
 
Philip Weir (Pri)
New Zealand Government
--
 
Thinh Nguyenphu (Pri)
Nokia
--
 
Paul Seay (Pri)
Northrop Grumman
--
 
Scott McGrath (Pri)
OASIS
--
 
Andre Fatton (Pri)
Octavo Labs
--
 
Scott Simmons (Pri)
Open Geospatial Consortium, Inc. (OGC)
--
 
Rolf Bienert (Pri)
OpenADR Alliance, Inc.
--
 
Matti Moell (Pri)
OpenSynergy GmbH
--
 
Anish Karmarkar (Pri)
Oracle
--
 
Mark Joseph (Pri)
P6R, Inc
--
 
Yasuyuki Nishioka (Pri)
PSLX consortium
--
 
Ryan Olson (Pri)
Palo Alto Networks
--
 
Veronique Parisse (Pri)
ParBer Consulting SARL-S
--
 
Stefanie Hale (Pri)
Peraton
--
 
Greta Villagran (Pri)
Pinary Inc.
--
 
Robert Davis (Pri)
Plutora
--
 
Peter Reynolds (Pri)
Polish Association of Translation Agencies...
--
 
Danilo Ardagna (Pri)
Politecnico di Milano-DEIB
--
 
Tsung-Hsien Wen (Pri)
PolyAI
--
 
Matt Hepler (Pri)
Praesidium Partners Inc DBA Arca Funds
--
 
Rob Hanna (Pri)
Precision Content Authoring Solutions Inc.
--
 
Umberto Rosini (Pri)
Presidenza del Consiglio dei Ministri - Di...
Yes
 
Tomas Gustavsson (Pri)
PrimeKey Solutions AB
--
 
Brad Thomas (Pri)
Prophecy International
--
 
Kyle Thomas (Pri)
Provide Technologies Inc.
--
 
Maria Manuela Cruz (Pri)
Publications Office of the European Union
--
 
John Leiseboer (Pri)
QuintessenceLabs Pty Ltd.
--
 
Matthew Gardiner (Pri)
Rapid7, Inc.
--
 
Sam DeBord (Pri)
Real Estate Standards Organization (RESO)
--
 
Mark Little (Pri)
Red Hat
--
 
Gershon Janssen (Pri)
Reideate
--
 
Forrest Hare (Pri)
SAIC
--
 
Ralf Handl (Pri)
SAP SE
--
 
Frank Closset (Pri)
SDL
--
 
David Bizeul (Pri)
SEKOIA
--
 
Phu Nguyen (Pri)
SINTEF
--
 
Leif Johansson (Pri)
SUNET
--
 
Altaz Valani (Pri)
Security Compass
--
 
Scott Hudson (Pri)
ServiceNow
--
 
Marquart FRANZ (Pri)
Siemens AG
--
 
John Batts (Pri)
Snyk Ltd
--
 
David Charles (Pri)
Solace Systems
--
 
Fabrice Bellingard (Pri)
Sonar
--
 
Pim van der Eijk (Pri)
Sonnenglanz Consulting
--
 
Joe Levy (Pri)
Sophos Ltd
--
 
Alexandre Cabrol Perales (Pri)
Sopra Steria Group
--
 
Carole Tiberius (Pri)
Stichting Instituut voor de Nederlandse Taal
--
 
Kerstin Wiss-Holmdahl (Pri)
Swedish Association of Local Authorities & Regions
--
 
Martin Torngren (Pri)
Swedish Royal Institute of Technology
--
 
Steve Dischinger (Pri)
Synadia Communications, Inc.
--
 
Tony Cox (Pri)
TC Logic
--
 
Denny Page (Pri)
TIBCO Software Inc.
--
 
Sebastiaan Tesink (Pri)
TNO
--
 
Julie Wang (Pri)
TWNCERT
--
 
Sotiris Ioannidis (Pri)
Telecommunication Systems Institute
--
 
Mark Mastrangeli (Pri)
Tenzir
--
 
Srujan Kotikela (Pri)
Texas A&M University-Commerce
--
 
Florian Effenberger (Pri)
The Document Foundation
--
 
Jens Aabol (Pri)
The Norwegian Agency for Public and Financ...
--
 
Andrew Pendergast (Pri)
ThreatConnect, Inc.
--
 
David Lewis (Pri)
Trinity College Dublin (ADAPT)
--
 
Ori Eisen (Pri)
Trusona, Inc.
--
 
Philip Baughman (Pri)
Tyler Technologies, Inc.
--
 
Antonio Brogi (Pri)
UNIPI
--
 
George Parson (Pri)
US Department of Defense (DoD)
--
 
Philip Mattson (Pri)
US Department of Homeland Security Science...
--
 
Keven Ates (Pri)
US Federal Bureau of Investigation
--
 
Monica Palmirani (Pri)
University of Bologna-CIRSFID
--
 
Reka Markovich (Pri)
University of Luxembourg
--
 
Toby Considine (Pri)
University of North Carolina at Chapel Hill
--
 
Vasileios Mavroeidis (Pri)
University of Oslo
--
 
Gabriele Pierantoni (Pri)
University of Westminster
--
 
Dieter Bong (Pri)
Utimaco IS GmbH
Yes
 
Pavel Azaletskiy (Pri)
V.S. Optima Inc
--
 
Franco De Bonis (Pri)
VISUA
--
 
VMware Industry Standards Office (Pri)
VMware, Inc.
Yes
 
Helen Beal (Pri)
Value Stream Management Consortium
--
 
Chris Wysopal (Pri)
Veracode
--
 
David Dufour (Pri)
Webroot
--
 
Ori Bach (Pri)
WhiteSource
--
 
David Riddoch (Pri)
Xilinx, Inc
--
 
Michael Stahl (Pri)
allotropia software GmbH
--
 
Manuel Souto Pico (Pri)
cApStAn SA
--
 
Peter Borresen (Pri)
ebConnect
--
 
Hamish Cameron (Pri)
nCipher
Yes
 
Danilo Beuche (Pri)
pure-systems GmbH
--
 
Duncan Sparrell (Pri)
sFractal Consulting LLC
--
 
Simon Johnson (Pri)
u-blox AG
--