Skip Slone opened the meeting and reviewed its objectives
and agenda.
Patrick Curry gave a presentation
in which he outlined the work of the TSCP and its aim for the meeting: by
working with the other groups involved, to raise collaboration to the 5th
power! Trustworthiness is starting to be seen as a business enabler. The
US Department of Defense (DoD) has selected PKI as the trust bridge
technology, and its insistence on this technology will drive adoption by
commerce and industry. The technology has been deployed in the Federal
Bridge and four other PKI bridges. The TSCP has also selected
WS-Federation and SAML as federation standards, although lack of openness
of WS-Federation is an issue.
Chris Harding, Ian Dobson, and Mike Lambert gave a joint
presentation on The Open Group's Identity Management Work Area. This
is a joint activity of The Open Group Directory Interoperability,
Security, and Messaging Forums. Identity management is a key enabling
technology for The Open Group vision of Boundaryless Information Flow™,
and The Open Group has a three-year history of work in this area, with a
number of important current projects.
Jim Ross presented an overview
of the Network Centric Operations Industry Consortium (NCOIC). Its mission
is to help accelerate the achievement of increased levels of
interoperability within, and amongst, all levels of government of the
United States and its allies involved in Joint, Inter-agency, and
Multinational (JIM) operations. It is constituted as an international
body, and aims to be truly international, although its membership
currently has a US bias.
A primary driver of the NCOIC is to automate a manual process which
includes, but is broader than, security. It relates to information
tagging, and the tags include security information. Ron Schuldt said that
the Universal Data Element Framework (UDEF) would assist with metadata
definition, and he presented three
slides on UDEF.
Ian Dobson had drafted a matrix of topics and organizations, showing
which organizations are interested in which topics. The matrix was
discussed and extended during the meeting. The topics of Business
Requirements, Common Core Identifiers, Architecture, Identity Proofing
& Vetting, Authorization Attributes, and Federation Mechanisms all
received substantial attention.
Items of interest for each organization were identified. In general,
however, organizations were not able instantly to commit to joint work
projects, but will review their participation internally before reaching
decisions.
It was noted that several companies contribute substantially to many of
the consortia involved. It was agreed that their views should be sought on
where the emphasis of effort should be placed for each topic.
