The 9:00-10:30 session was a joint meeting with the Cloud/SOA Security group. (Attendees included Arnold Van Overeem, Ed Harrington, Stuart Boardman, Chris Harding, Steve Whitlock, Francois Jan, Mike Hickey, Rance DeLong, Shawn Mullins, Erwin Fisher, Heather Krieger, and Jim Hietala). The group published their first White Paper. Discussion ensued about next White Paper projects. Possibilities include all of the ABBs described in the existing White Paper. There seemed to be enthusiasm for doing a more detailed IDEA project, linking the Jericho Commandments to architectural decisions around Identity. Chris Harding described an Open Group internal Identity problem (ID and access rights management spanning Sophocles, CRM, and web access via Plato). Chris also produced more detailed minutes of this meeting, which are available here.
There was also discussion around using XDSF to solve The Open Group internal identity challenges, and of maybe revisiting and updating XDSF as a security framework.
The 11:00-12:30 session was on SMA, for which Richard Paine dialed in. (Thanks for doing this, at a very awkward time! Richard)
Shawn Mullin, Jim Hietala, and Steve Whitlock also had a discussion around moving ACEML forward on two fronts: Awareness and Progressing Standards.
Awareness
This area will cover press, conferences, Internet, and blogs:
- Press release assigned to The Open Group (Jim)
- Analyst Meetings (Jim to set up meetings; Shawn to present)
- Blogs assigned to The Open Group (Jim's blog)
- Conferences (CSI)
- Presentation and abstract to be worked up by Shawn (Jim needs these by end of month)
- Jim to submit for CSI conference and present
Progressing Standards
This section will concentrate on interlocking US Government and private sector security and compliance standards.
- US Gov – This effort will interlock with NIST and the SCAP protocols.
- Meeting with NIST, Boeing (Steve Whitlock), The Open Group (Jim, David Lounsbury), IBM (Shawn), NIST (need email list from Steve (Muriajuh).
- Shawn to set up conference call.
- UCF differences and integration to be described by Shawn.
- PCI to be set up by Shawn as we get the ball rolling.