Unlike in past Conferences, this Forums meeting report was not WebCast, so a record of
the proceedings is only available as this Forums Report and its associated Forums Report slide presentations.
Messaging Forum Program Director, Mike Lambert reported that in Joe Bergmann's terms
the Messaging Forum has been going "gangbusters" in their Boston meeting. They
had over 60 attendees - and a total of 79 engaged over the whole week - sharing highest
attendee honors with the Real-Time Forum, and plan a re-match at the next meeting
(Washington DC) with a plan to attract up to 500. They have also gained 3 new members
during this meeting. Their agenda covered:
- Unified Messaging - the integration of different messaging streams into a single queue
and the ability to look at that information from a single device - cellphone, PDA, etc.
Work has started on developing a Business Scenario. They reviewed two customer/vendor case
studies, from Boeing, and from Oracle who very helpfully advised areas where the industry
needs to do more work. Also Cisco presented an architecture chart showing where they
believe industry standards are required. This and other inputs in this meeting have
enabled them to set an agenda of work items that they are planning to address in a working
group.
- Coping with Spam - email you don't want and didn't ask for. They reviewed a White Paper
identifying the steps one can take to mitigate it, and they will develop this paper
further. They had some vendor presentations on the subject, and a brainstorming session on
the role of The Open Group which concluded that an immediate action could involve lobbying
and informing.
- Instant Messaging - a new form of email that bypasses all known corporate policies. It
will not go away, so we need to integrate IM into the enterprise. They held a Birds of a
Feather session to bring out the issues, which they plan to gather into a Problem
Statement on the business drivers, requirements, and features, which they will present in
the next meeting
- Secure Messaging - they initiated a Secure Messaging Gateway certification program in
collaboration with six of the Massachusetts Health Data Consortium's customers who agreed
to buy it. Vendors of gateway products are very interested and a further meeting is being
planned for September to write the specification. This represents only one model; an
architecture for integration of different approaches is needed, so they have developed an
outline architecture for this which includes LDAP and DNS.
Their forward plan is:
- Unified Messaging - they will hold continuing eMail dialog to set up a plan and a
working group to prioritize and address the issues identified in the Boston meeting,
and to progress their Business Scenario.
- Coping with Spam - a major session to be held at the next meeting in Washington DC,
where they intend to get a USA Federal Trade Commission keynote speaker, and bring in
representatives from Europe and Japan, to lobby for federal/global legislation because
spam can only be addressed effectively by a global solution. Between now and the
Washington meeting they will also run a formal review of the White Paper, create a
position paper, and position The Open Group on a "White List" of "good
people" who conform to best practice, including "good marketing people".
- Instant Messaging - a major session in Washington where they aim to attract vendors of
IM products and business consumers to engage with them.
- Secure Messaging - they will develop a certification program for this, hold a further
meeting in Boston in September to develop the SMG specification, and develop an
architecture for integrated secure messaging.
Overall, The Open Group is about specification work and certification programs, and
bringing buyers and vendors together. The Messaging Forum in Boston and forwards is
achieving all of this.
Open Source in the Enterprise Program
Walter Stahlecker noted that this program started in February 2003, and because Open
Source is such a huge space it has taken some time to decide on priorities. However, the
"Manager's Guide to Open Source Software" is progressing well. However, few
participants in the MGOSS project were able to attend this Boston meeting, so the
discussion has been focused more on looking at existing proposed work items. There were
seven new participants, who joined in evaluating and prioritizing work items and detailed
a top four:
- Including Open Source in your software landscape
- How to improve Reliability & Dependability of Open Source
- Evangelization in Enterprises
- Guide on the impact of different Open Source licenses
They applied a template comprising title, contents, and also form so that the
output provided can be most easily re-used by others. Discussion also introduced some new
thinking - on ways to establish 2-way channels of communication on open source topics so
as to enable effective interaction with other groups. The meeting also reviewed progress
on the "Manager's Guide to Open Source Software" (draft published for review),
the Open Source Strategy document which is almost ready for publication, and the
significant impact of the Minneapolis Conference "Open Standards – Open
Source" hosted by the University of St Thomas for which proceedings are available.
Forward plans are to launch work on the top four work items, and set up work-areas at www.opengroup.org/ose for each. The meeting
proposed that participation in the OSE program electronic discussion and access to review
documents should be open to all, but voting and decision-making should be limited to
members of The Open Group only. Also to abide by the established consensus rules, so all
deliverables are from The Open Group. The OSE program has support from The Open Group's
email and Web facilities but the work in the program has to be driven by members without
additional support from Open Group staff. This might suggest a role model for other Forums
to follow, and in particular member companies could try to identify potential contributors
from within their own organizations. They also discussed outreach to involve interested
contributors, and already have undertakings to sponsor regional conferences, based on
re-usable agendas and materials:
- Hagen (Germany) – Michael Ostermann, Walter Stahlecker
- Boston – Ileana Reisch, Dock Allen (Mitre)
- Tokyo (tentative)
To facilitate all this, they intend to establish a portal for questions on the OSE
site, and to provide a resource locator to assist in Open Source discussions. Although
this OSE Program has not arranged the upcoming Open Source in the Enterprise 1-day
conference in London on 8 September, this event is of course supported by OSE program
participants.
The draft agenda for the next meeting in Washington will include a review of work items
and of outreach work and lessons learned, development of the roadmap for 2004 based
on The Open Group's strategy-2003 paper and the Open Source Strategy paper aimed at
including as many open source interest communities as possible, a review of the OSE
program modus operandi, plus progress reports and reviews on current work items.
Security Forum
Security Forum Chairman, Mike Jerbic noted this was the first meeting he has chaired.
Security Forum attendees are of very high caliber and this ensured a successful meeting.
In Boston there were 18 attendees from 16 member organizations over the whole week.
- The Forum is continuing to contribute significantly to the Identity Management joint
project with three Forum partners, and also separately in the "Business Perspectives
White Paper" and the "Manager's Guide to Identity & Authentication".
- There was a joint meeting with I3C - a biotech consortium committed to creating an
Interoperable Informatics Iinfrastructure. The intent in this collaboration was outreach
to bring in some new members, new ideas, and new requirements in information security that
are applicable to non-IT professional vertical markets. The outcome was mutual
appreciation and help, but in particular to give them a jump-start to establishing good
basic information security in their organization.
- There was an evening writers workshop for security design patterns to critique and
improve them, and the 15 attendees benefited greatly from it; Mike thanked IBM for their
leadership and sponsorship of that event.
- There was a review of the current Security Forum positioning and core goals strategy,
and it was agreed to start new projects on Identity Theft, Security in Data, PKI Trust
Models, and Digital Rights Management.
- The security architectures development work was progressed under Eliot Solomon's
guidance.
Going forward, the scheduled weekly teleconferences will continue to progress
activities between quarterly meetings, and between now and the Washington meeting they
will:
- Complete the "Technical Guide to Security Design Patterns".
- Support the Identity Management joint team in completing the "IdM White Paper"
as well as continuing with the business perspectives, and complete the
"Manager's Guide to Identity & Authentication".
- Support the European Union ALPINE project.
- Grow the relationship and collaboration by developing a joint project with the I3C.
- Progress the agreed new projects as listed above.
- Move forward with an Enterprise Vulnerability Management initiative that Dave Lounsbury
and Terry Blevins recognized as having significant synergy with a new project proposal in
the Security Forum. An exploratory meeting in Boston this week established clear interest
in developing safety, dependability, and security into a higher-level abstract approach to
managing critical infrastructure vulnerability. Terry expanded on this, explaining how
there is an opportunity to leverage the expertise of Open Group members to contribute to
addressing the vulnerability management aspects of the US National Strategy for Critical
Infrastructure for Cyberspace. The big opportunity is to bring together the right
representation on this issue. It is anticipated this will form a major item in the agenda
for the next meeting in Washington DC. Mike added that this work also ties in with the
Security Forum's interests in the safety, dependability, and security requirements of I3C
and similar market sectors who have to comply with regulatory regimes and need consistent
guidelines to operate against - so this project has far-reaching potential.
Directory Interoperability Forum
The DIF Program Director, Chris Harding explained he will cover not only the DIF
meeting but also the joint-forums Identity Management meeting and the MaD meeting, in both
of which the DIF takes the lead.
The high point of the week was launch of the LDAP-certified program, in which to
date 4 vendors have achieved a total of 13 certified products. There are another 3 vendors
working to achieve certification, so they look forward to these vendors submitting their
applications an similarly achieving LDAP-certified status. LDAP-certified certifies
conformance of a directory server to LDAP Version 3 or equivalent. LDAP-Ready is a
complimentary program that certifies interoperability with certified servers of
directory-enabled applications. The DIF plans to launch LDAP-Ready at the next Conference
in Washington DC.
Sadly, their well-known chairman Winston Bumpus had to withdraw from chairing the DIF
on leaving Novell, but they are pleased to announce election of a new Chair Ed Harrington,
and a new Vice Chair Scott Campbell.
Recognizing that a large part of the value of the LDAP certification programs is
ensuring the industry has clear visibility on the value this represents, the DIF reviewed
is marketing strategy. They also looked at DSML testing and certification - DSML is an
XML-based language that can do a lot of what LDAP does, and was touted as better - they
feel well-positioned to provide such test and certification but they don't as yet see
sufficient market interest to proceed at this time.
In the Identity Management meeting, the DIF and Security Forum have provided most of
the contributions to the White Paper and the Implementation Catalog - Chris encouraged the
MMF and Messaging Forums to remember their inputs. In this meeting they also received an
interesting presentation from Chris Gervaise of Partners Healthcare on identity management
in a large healthcare organization.
The DIF reviewed the current position on the Mobile & Directory (MaD) Challenge.
Two major problems have arisen - session handover, and identity management and accounting
aspects of handling roaming. The MMF's Secure Mobile Architecture is seen as not in scope,
so they now plan to draw up a focused prospectus on the other activity.
Forward plans are:
- To prepare and launch the LDAP-Ready certification program. They anticipate running a
plugfest prior to the Washington meeting (probably in the US West-Coast area) to encourage
applicants and prepare for successful launch in Washington. They will also be developing
further LDAP certification programs - including an LDAP-Base conformance for
LDAP-certified, a higher-level LDAP-Standard conformance, and vertical profiles on top of
that. They will also pursue the marketing program to raise industry awareness of the value
of these LDAP certification programs.
- To produce the white paper and implementation catalog for Identity Management.
- To investigate enterprise architectures for Identity Management, as a contribution to
the theme of the Washington DC meeting.
- To draft a prospectus for the MaD Challenge, concentrating on authentication,
authorization and accounting, and identity management.
Their draft agenda for the next meeting in Washington will include all these topics.
Quality of Service & Enterprise Management Program Director, Martin Kirk reported a
highly successful OpenPegasus Developers’ Workshop occupying 25 participants over 3
full days (Monday through Wednesday) - the previous meeting in Austin had 8-10
participants - and involving detailed tutorials on various aspects of OpenPegasus given by
various people active in developing the code, and plenty of opportunities for feedback and
discussion. Several non-member participants were involved and overall the level of
satisfaction was high. It is clear there is a very active community of OpenPegasus
developers out there in the industry. Martin expressed public thanks to Karl Schopmeyer
from Inova, Denise Eckstein and Roger Kumpf from HP, Warren Grumbock and Conrad Regitek
from IBM, and Rich Roscoe from EMC, all of whom put a lot of work into presentations and
making the workshop the success it was. Further such workshops will be expanded possibly
up to 5 days to take in the increasing range of experience, and offered in Europe as well
as the USA.
The AQRM (Application Quality Resource Management) Forum was launched in Austin in the
April 2003 meeting. Since then, electronic discussions have built the merge of QoS and EM
interests, and identified 14 topics that need to run inside this merged Forum. This week
they created 6 subgroups to address:
- Recruiting - particularly in the end-user community, so plan to involve the Customer
Council
- Industry Research - to know what is happening in many islands among other forums, to
plan AQRM work so it complements other work (e.g., on SLAs) in other forums
- Architectural Framework
- Application Instrumentation
- Policy
- AQoS
Separate areas are now set up on the AQRM Web site for each of these activities. They
now feel they have an active nucleus of participation, with renewed assurance that The
Open Group is the right place to do this work because of its links to customers, to test
& certification, to figuring out integration and interoperability issues, etc.
The next quarter’s activities will include:
- OpenPegasus Release 2.3 development and OpenPegasus-derived specification drafts
- AQRM work items within subgroups
- Liaison with the Real-Time Forum in its resource management activities
- Approval of Application Response Measurement (ARM) Version 4.0 for publication
Architecture Forum Chairman, Chris Greenslade reported they had a very good and very
significant meeting in Boston. To date they have been absorbed in development of TOGAF to
become the world-class architectural framework and methodology of choice. However, they
recognize that there is no point in being the world-class leader if they don't also convey
that message well enough to the industry so people know about it and use it. So there are
now four aspects to getting good enterprise architecture:
- The framework itself that needs to be maintained to retain its premier position
- The users need tools to support the use of this methodology
- The users have to be trained in its use
- The users need to be able to claim their level of knowledge - there is no good measure
of competence in the industry at present
Looking at the enhancements to TOGAF, contributions on IT governance, and requirements
management, maturity models, extending TOGAF to take in Boundaryless Information Flow, and
relating TOGAF to OMG work on MDA, all represent enhancements to strengthen TOGAF.
Academic licensing for software architects is also a new but important inroad they aim to
make to introduce TOGAF into University curriculums. They also intend to evaluate the
value of industry certification for software architects. Making The Open Group's
Architecture portal the portal of choice in finding information about
architectures is also an objective. They also had a session with the Real-Time Forum on
architecture methods, which did not go too well.
TOGAF is now matured. We have several drivers for change: multiple versions of TOGAF,
certification schemes which require a stable standard, and investors in TOGAF and
certification who need a known return period. The Forum’s work is becoming more
diverse, the weight of information is becoming greater, and different types of information
require different lifecycles. So as a transition they plan to publish the next version
(8.1?) of TOGAF in December 2003, and to include along with that a proposal for new
lifecycles. The new approach from 2004 will include possible separation of certification
numbers from TOGAF numbers.
Next steps:
- Hold August workshops on TOGAF enhancements, in the US and UK
- Develop a new strategy for TOGAF releases
- Finalize the content of TOGAF 8.1
- Start a review procedure for TOGAF 8.1
- Prepare for a major initiative at the Enterprise Architecture Conference in Washington,
DC
- Work towards a clarification of the demand for "Certification of IT Architecture
Practitioners"
Real-Time & Embedded Systems Forum
Program Director, Joe Bergmann reported discussion of the following:
- RT Profiles & Certification
An update from IEEE PASC SSWG on POSIX 1003.13, and from ARINC on ARINC 653 (defines the
partitions needed) revealed a clash: if you do ARINC first there is a problem, but not the
other way round. The experts plan to work on this before the next meeting. Also the FCS
SoSCOE represents a potential certification candidate, so they will look at this in their
next meeting mid-September.
- Safety-Critical RT Java
Ongoing discussion on specification requirements, and an information briefing on
approaches to Specification Development. This is about 20-man years. The most important
part of this is putting together a Business Plan for the work, because the resource
commitment involved here is massive. Their next meeting is the second week of August.
- Security for RT
Commitment to conduct additional work sessions to facilitate development of a additional
Common Criteria RT Protection Profiles – meeting in early September. Also they made a
commitment to develop an approach for Protection Profiles for Multiple Independent Levels
of Security (MILS) for Web Services.
- Safety-Critical
Looking at what is needed to be able to certify commercial off-the-shelf products. They
had a demonstration of a tool to support Security/Safety-Critical Systems in preparation
of artifacts for traceability.
- Open Architecture for Real-Time
They received an update on the Modular Open Systems Approach. They also have ongoing
discussions on their roadmap. They shared with the AQRM Forum a presentation on dynamic
resource management and an associated DRM Standards Development Commitment, and have a
meeting on this scheduled for late August. Finally they held a joint Meeting with the
Architecture Forum, and while it was not the best of meetings, the outcome was that the
protagonists have arranged to talk to resolve their problems, which arise from RTES
architecture being very low-level while TOGAF is at a much higher level ... and it's only
a framework!
Their draft agenda for the next meeting in Washington DC is:
- Focus on the Boundaryless Information Flow
- Open Architecture WG - commonality of various OA approaches, and DRM Standards
Development
- Security for RT WG - MILS for Web Services, and PP for process controls
- RT Profiles and Certification WG - develop Certification Profile based on US Navy OA, US
Army OE, and FCS SoS COE
- Safety-Critical WG - investigate tools for traceability
- Safety-Critical RT Java WG - finalize Business Plan
- Potential New Items - these include Software Development for RT Environments; Quality of
Service Issues for Software for the RT Environment; Joint Project Development with
Universities; Applicability of OOT in Safety Critical Environments; Database Requirements
for RT; Directory Requirements for RT; Procurement issues concerning adherence to Open
Systems; and Open Standards and Certification.
- Other RT organizations to collocate in Washington - SAE SA5, US Army WSTAWG, FCS
Architecture Group, IEEE PASC SSWG RT.
