This is the public summary report for the meetings of the Security
Forum during the week 24-28 January 2005. For members of the Security
Forum, a more detailed report, including the slide presentations used
during the meeting, is available here.
The detailed report will also be available to non-member attendees who
were guest attendees in the Security Forum.
The Security Forum addressed the following topics in its meetings
through the week.
Monday
All-day plenary, on the theme "Architecting Identity
Management"
This was a highly informative plenary meeting, put together by the
members of the Forums who are collaborating in The Open Group Identity
Management program - the Directory Interoperability Forum, the Security
Forum, and the Messaging Forum. The presentations were structured to
address five aspects of the theme:
- Business Issues
- Standards
- Requirements
- Technology
- Architecting Solutions
The plenary meeting report is available from the
Conference proceedings.
Tuesday AM
Plenary (continued.)
Tuesday PM
Identity Management - Common Core Identity Representations (CCIR)
This was a joint open meeting with the Network Applications Consortium
(NAC), the Distributed Management Task Force (DMTF), and members of the
Transatlantic Secure Collaboration Program (TSCP) and its associated
International Collaborative Identity Management (I-CIDM) program. The CCIR
meeting report is available from the Conference proceedings.
Wednesday AM1
Identity Management
The meeting report is available from the
Conference proceedings. The meeting was intended to address three items:
- SAML Interoperability Testing: Unfortunately the
project leader for this item was unavoidably called away, so this item
was deferred for another time.
- Architecture Guide for Identity Management: The
lead author on this document gave a conducted presentation through the
latest draft and gathered further inputs towards developing the next
draft within an agreed timeframe.
- IdM Standards: A presentation on a proposal for a
collaborative project with the INCITS T4 TC, initially on Role-Based
Access Control, but with a broader intent to develop a multi-part
Identity Management standard. Action was agreed for a group of
interested members to engage in a teleconference with the INCITS T4 TC
on February 3rd, to develop understanding and terms of reference for
this proposal.
Wednesday AM2
The Security Forum received two presentations:
- Real-Time Security Requirements: Presentation by
Ben Calloni (Lockheed Martin).
- Endpoint Integrity Network Access Controls:
Presentation by Steve Hanna (Funk Software) on an open standard in
development within the Trusted Network Computing (TNC) group.
Wednesday PM
Secure Interoperability for Cross-Organizational Information
Sharing
A second joint meeting with the Network Applications Consortium (NAC),
the Distributed Management Task Force (DMTF), and members of the
Transatlantic Secure Collaboration Program (TSCP) and its associated
International Collaborative Identity Management (I-CIDM) program. The meeting
report is available from the Conference proceedings.
Thursday AM1
Trust Models
The lead author on this document gave a conducted presentation through
the latest draft and gathered further inputs towards developing the next
draft within an agreed timeframe.
Thursday AM2
Security Architectures
The leader for the core group on architected approaches to security
challenges set the current status of this project and re-asserted its
goals. A key outcome identified the need for further in-depth training and
guidance from the Architecture Forum's security leader. This discussion
was followed by a review of the existing TOGAF Standards Information Base
(SIB) Security Services entries, plus a review of a presentation on
standards for security in a de-perimeterized environment, resulting in
actions to update the security services entries in the SIB.
Thursday PM1
Vulnerability Management
Virus Throttling and Active Countermeasures: Presentation by
Keith Millar (HP), followed by discussion on future objectives in this
topic area.
Thursday PM2
Security Architectures (continued)
Workshop presentation by the Architecture Forum's security leader, on
the TOGAF Architecture Development Method (ADM) and how we should best
address improving the security content of the TOGAF technical reference
model. The Security Forum members took advantage of the opportunity
offered by the AF presenter, to make immediate progress on our Security
Architecture development plans. Actions were identified to work together
to develop the required new content, with the objective of presenting
progress in the Architecture Practitioners Conference in the next
Conference (Dublin, April 2005).
Friday
Joint meeting of the Security Forum with the American Bar
Association (ABA) Cyberspace Law Committee
(Hosted by the ABA in its meeting at Stanford University, Palo Alto,
CA.)
In the morning session, the ABA invited the Security Forum members to join
them for three presentations: from eBay (Jay Monahan, General
Counsel), TiVo (Michael Zinn, General Counsel), and a professor at
Stanford Law School.
In the afternoon, the Security Forum gave a short presentation
introducing The Open Group and the Security Forum, and then the meeting
engaged in robust discussion on legal barriers to use of e-documents for
business transactions. The outcome was agreement to review issues raised
by the Cyberspace Law Committee and respond with a view to establishing a
mutually beneficial exchange of legal and technical views aimed at
analyzing those barriers and identifying technology solutions to those
that technology might be able to overcome.
