The slides presented by each reporter during this session are consolidated into a
single slide presentation.
Member Meeting
Carl Bunje reported. The meeting started with a news round-up and update on activities
since the previous Conference, including a review of the results of the Member Survey on
Conference locations, frequency, and themes, from which a good match to the plan for
future Conferences can be seen. A further survey was conducted in the meeting to gather
member feedback on suggested hot topics and speakers for future Conferences. The Council
wants to gather more input from members, so aims to run further surveys, at a frequency to
be decided. The Council published and distributed "Member Value" leaflets on
Governance (Being a Member Board Director), How to Start New Activities, and Open
Standards and Certified Products. In this meeting we also announced that The Open Group is
open for nominations for member representatives on the Governing Board - key information
on this is included in the Governance leaflet. Nominations should be sent by email to ogcc_steering@opengroup.org.
The majority of meeting time was spent reviewing the benefits to members of Open
Standards and Certified Products. Key information on this is presented in the associated
leaflet. Elaine Babcock, U.S. DoD DISA moderated this panel discussion. The members of the
panel were Judith Jones (Architecture Forum), John Schmidt (Enterprise Application
Integration Industry Consortium) representing the customer view, and Walter Stahlecker
(HP) representing the supplier view.
QoS/Enterprise Management Forum
Martin Kirk reported. In this Conference, the group held
an AQRM (Applications Quality/Resource Management) project meeting, in which they
addressed:
- Information gathering on Policy Management
- Refinement of Architecture Framework
- Refocusing on requirements
- Planning to seek greater user input
Forward plans are to run a company review on the ARM 4.0 Version 1 specification, and
also run a company review on the TMF SLA Handbook Volume 4. The AQRM Forum will probably
not meet at the Brussels Conference (April 2004), but might hold a meeting in April 2004
in New York, where they will feel well-placed to implement their planned outreach to the
Financial Community.
Real-Time and Embedded Systems
Forum
Joe Bergmann reported. In this Conference, the RT&ES Forum held meetings on:
- Open Architecture for RT (February 4, all day)
- Security for Real-time (February 5, all day)
- Safety/Mission-Critical RT Java (February 5, all day and February 6, morning only)
Going forward, future activities are focused on net-centric environments and will
address:
- Software Assurance
- Software Design and Coding Standards
- Software Conformance Tools
- Software Traceability
- Standardized XML Tags
- Mission-critical RT Java
- Content-based Security
- MILS off-the-shelf RTOSs
- MILS for Web Services
- Middleware Security
- Security Interoperability
- Dynamic Resource Management Standards
- Acquisition/Procurement of RT Systems
- Database for RT Environments
Joe presented his proposed RT&ES Forum Agenda for Belgium:
- Focus on Commercial Real-time Environments
- Open Architecture WG
- Security for RT WG
- RT Profiles and Certification WG
- Safety/Mission-critical Applications
- Safety/Mission-critical RT Java WG
- Additional topics to be considered
- Initiate RT Forum Activity with Focus on Real-time (Net-Centric) Requirements Unique to
Europe
Architecture Forum
John Spencer reported. In this meeting the Forum ran a TOGAF 8 Certification Showcase,
an Enterprise Application Integration Workshop (25 participants), an Architecture Briefing
(29 participants), and an Architecture Forum Workshop (14 participants).
Forward plans are to run an Architecture Practitioners Conference at the Brussels
Conference (April 2004), to firm-up plans for TOGAF 9 (to include an internal
"beta" release in September 2004), and to progress development on TOGAF 9 in
four parallel tracks:
- Architecture development
- Architecture transition planning
- Architecture realization / implementation
- Architecture governance / change management
Messaging Forum
Ian Dobson presented this report, prepared by Mike Lambert. In this Conference they
held two main meetings.
The first was on the DoD External Certificate Authority (ECA) program, in which they
reviewed the program status with representatives from the DoD, Defense Contractors, and
Certificate Authorities, and established a status where the DoD is mandating introduction
of PKI in April 2004. But the DoD is not itself ready, there are no approved ECAs in
place, defense contractors face uncertainty and duplication of effort and unnecessary
cost, and there is a major need for increased awareness among the numerous smaller
suppliers to DoD of the DoD's program and what it involves. At the next Conference in
Brussels (April 2004), the Messaging Forum intends to provide an ECA briefing for NATO and
European defense contractors, and explore the impact of local regulations in Europe. In
the following Conference in July 2004, the Forum plans to run a follow-up ECA briefing and
status review in support of the DoD awareness program.
The second was on Secure Messaging in the Healthcare Community. This included:
- A briefing on Customer Requirements, Vendor Responses, and SMG Certification
- An SMG Certification WG Meeting, addressing final changes to the SMG profile before
company review, and identifying contents of the CSQ
- An SMG Certification Program meeting, running the profile company review in 2nd
half February and all other materials in March, doing informal IOP testing in March/April,
and targeting accepting applications early in Q2
Meeting plans are to run an ECA Briefing in Brussels, an SMG Certification meeting in
Boston at a time to be arranged, and a Role of Identity Management in Controlling Spam
meeting with the Identity Management project members at a time to be arranged. Then at the
Boston Conference in July they will meet to review the DoD ECA Program, and the Secure
Messaging in the Healthcare Community, and also consider Instant Messaging and the
Financial World.
Security Forum
Ian Dobson reported. The Forum held a one-day Vulnerability Management meeting which
was well attended - 7 presentations, 19 attendees - consolidating existing liaisons with
NIST and the ASC, and resulting in outline plans for VM projects which will add value to
the existing situation. The Security Forum also met with the DIF to review the joint
Identity Management program (see the DIF report). Members also participated in the DoD
External Certificate Authority (ECA) program meeting run by the Messaging Forum (see the
Messaging Forum report). Other meeting sessions progressed current projects, including the
Manager's Guide to Identity and Authentication, the Technical Guides on Security Design
Patterns and on Trust Models. Reports were also reviewed on the ALPINE (Active Loss
Prevention for ICT Enabled Enterprises) project.
The forward plan includes publication of the Security Design Patterns document in
Q1/04, followed by promotion and development of these security design patterns in a
Patterns Developers Object Programming (PLoP) conference in Carefree, Arizona in April
2004. The ALPINE project (see www.opengroup.org/alpine)
will deliver six active loss reports in Q1/04 - three of them produced by The Open Group.
The Vulnerability Management initiative has identified seven areas for us to explore the
benefits of starting projects, and these will be developed into formal problem statements
between now and the next meeting. For forward plans on the joint projects on Identity
Management and on the DoD External Certificate Authority (ECA) program, refer to the DIF
and Messaging Forum reports. The Identity and Authentication Guide will be completed by
the end of Q1/04, and work on the Trust Models Guide will continue, as will work on
Security Architectures.
Grid Enterprise Services
Graham Bird reported. The meetings had high attendance numbers - 50+ on Tuesday, 30+ on
Wednesday. They covered a NCES update by Rob Walker, service perspectives from the Navy,
Army, and Air Force, Vendor directions on GIG/NCES, progress with the Linux COE program,
and excellent presentations on the Integrator view - provided by speakers from General
Dynamics and Northrop Grumman. Graham particularly recommended "the good, the bad,
and the ugly" presentation on interoperability from the Northrop Grumman speaker.
Forward plans are to hold the next meeting on the USA East Coast at a time to be
arranged, to explore the value of Certification in COE programs, to do likewise on
Procurement, and to start to define components for NCES.
Directory Interoperability Forum
and Identity Management Program
Chris Harding reported. His slide set includes additional slides which give more
detailed information on the Identity Management and DIF meetings and forward plans, for
those who are interested.
In the Identity Management program, we have delivered our IdM White Paper and are
populating our Implementation Catalog. Arising from review of the White Paper, five
potential new work items have been identified as worthy of further investigation.
In the DIF, members discussed the promotion plan for LDAP Ready, education events at
future Conferences, STANDARD level certification, Secure Directory Services, and held
information sessions on standards body reports, directories and XML, and portals.
Forward plans on Identity Management include proposals to produce an Enterprise IdM
Architecture Guide, write Government authentication guidelines, liaise with LAP (and
WS-I?) on certification, and do further work on developing ideas for core identity uuid
pairs.
Forward plans in the DIF include creating a directory applications website, education
"open" events at Boston and New Orleans, STANDARD level certification, and work
on a Secure Directory Services scenario and profile.
And Something New - Information Flow Initiative
Chris Harding introduced an idea for a new initiative in The Open Group. Statistics and
feedback from many sources show that Information Flow problems are costing 100s of
millions of dollars in lost opportunities, and billions of dollars are spent to make
systems interoperate or to recover from mistakes made in losing data when trying to share
information.
Is this your problem? Do you want to do more about it?
If so then join others who share similar concerns - and leverage each other's needs and
solutions to get more out of it for putting less of your time and money into finding
workable solutions. Send email to c.harding@opengroup.org
if you are interested in supporting this initiative in The Open Group.
