A slide set covering the agenda and project status for Identity Management Forum
activities is available here.
Framework for Identity Management
This is a joint project with international standards bodies INCITS CS1 and ISO JTC1 SC27; we
are awaiting formal notification that we have been granted category C liaison status with
ISO JTC1 SC27, which will entitle us to make direct review representations to their
drafting the ISO Standard on this topic. SC27 is currently revising its working groups
structure into five working groups. This restructuring activity is delaying their progress on
project
work, including this framework standard. ISO JTC1 SC27 Working Groups are meeting in
Madrid Spain on May 8-12. We may expect a pre-Madrid meeting draft next week, and may
submit comments on it before their May 8-12 meeting if we so wish. We look forward to
progress from their Madrid meeting, although we understand they have allocated only
one hour
to developing this IdM Standards framework document.
Architectures for Identity Management
Due to other work priorities, little progress has been made on this document since the
previous meeting in Barcelona. The situation remains that the co-editors have yet to
decide whether to develop new material to fit into the revised structure so it presents a
balanced view, or to revise the structure (yet again) to fit the material that they
currently have. They are looking for additional resources to complete this project.
Noting that there is significant value in the existing draft, we will make the
latest draft available to all members on our IdM web page and invite renewed review to
establish exactly what additional contributions are needed, and establish a realistic plan
for completing it.
IdM Design Patterns
The revisions for our 3rd Party Identification and 2nd Party Identification design
patterns are captured in notes from the design patterns workshop session held in
Barcelona, but are not yet available in revised pattern definitions. Work will continue to
complete this activity, which is expected to result in almost final patterns. We are also
interested in developing an authenticator design pattern, and have hopes of developing a
draft for it for review in the next conference (Miami, July 17-21). Members also noted
that several new books on security design patterns have been published recently. Members
agreed to take our design patterns work forward by reviewing our current work in the light
of these new publications, and shifting our focus between now and the next meeting to
considering applying existing design patterns to specific security problems - such as are
being proposed in the Jericho Forum's de-perimeterization space - to demonstrate the value
of using a design patterns approach to solving today's IT security problems.
Identity Management Catalog
We have now resolved the final issues on updating our questions in the IdM Catalog
template, so will update the template as soon as possible, and then invite those
with existing entries in the Catalog to revisit their responses in the light of the
clarifications the revised questions provide. Work is progressing well on development of
an advanced web page display system for our Identity Management Catalog, and
we will drive this through to completion as rapidly as time permits. It was agreed that we
will aim for launch of our IdM catalog at the July Conference in Miami - this will require
a deadline of June 30 for close of entries by vendors, allowing time for approval by our
Editorial Advisory Board, and preparation of a press release involving the vendors who
have provided entries.
Common Core Identifiers (joint with NAC and DMTF)
The Company Review of the CCI Business Scenario and the CCI Framework (comprising the
framework document, and the framework matrix spreadsheet) closed on April
11, and the
ballot on change requests closed on the day of this meeting (April 26). Members of the
IdM Forum were the prime review and balloting constituency in The Open Group. The NAC are
running their review of this document concurrently and we are coordinating their feedback
in order to close on mutually agreeable solutions. The DMTF has not participated in the CCI
work in recent months and has indicated that they have copyright problems with joint
publication, so publication of the approved document may not include them. There is also
liaison activity underway with W3C to explain why their URN does not serve the requirement
for a CCI (the reason is because URN is tied to a protocol), and with OASIS to follow up
on evolving their XRI standard so it meets the requirements that have been identified for
CCI. The resulting published CCI documents are expected to provide high value to those
engaged in the area of shared identifier usage across organizational boundaries - a very
difficult area because of problems migrating from the many legacy systems that currently
exist, business reluctance to invest in moving from solutions that currently provide
adequate solutions for today (though probably not tomorrow), and the purist problem of
agreeing what is a "final" solution for an enduring (permanent) universal unique
identifier scheme in an industry that is characterized by adaptability and change.
Best Practice Guide for Directory in IdM
Members received a presentation proposing this new project - to develop a best practices
guide to Identity and Access Management Framework (IAMF), covering what IT needs from the
infrastructure and why. The presenter declared willingness to lead this project. The
outline structure proposed addressing this under several key headings: high availability,
serviceability, leveraging mature & established industry standards, performance,
security, compliance with legislation & regulations, hardware, and case studies.
All members were invited to review this proposal, provide their feedback, and indicate
their interest in being an active contributor/participant.
IdM Standards Entry in Standards Information Base
Members reviewed the final draft preparatory to submitting it for Company Review, made
further additions to include standards called out in the CCI matrix, and deleted some that
were viewed as peripheral or not current. The resulting draft will be submitted for
Company Review directly following this meeting.
