Objective of Meeting
Summary
Outputs
Next Steps
Links
Sponsoring Forum
Security
|
Security Forum
Objective of Meeting
The Security Forum aimed to review and progress its current projects, review and update
its work program and priorities in the light of existing developments, and establish
actions to progress its activities between this meeting and the next.
The next meeting will be in New
Orleans, 18-22 October, 2004, where the plenary theme will be "Securing
the Extended Enterprise".
Summary
The Security Forum addressed the following topics in its meeting in Boston, July 20-22,
2004. For members of the Security Forum, a more detailed report, including the slide
presentations used during the meeting, is available here.
- Reviewed progress and actions since the previous meeting (April 2004 in Brussels) and
revised our Forum priorities taking into account expected progress during our meeting
sessions this week in Boston.
- Received presentations from three new members - Procter & Gamble, Signix,
Commonwealth of Massachusetts ITD - on their organizations and their specific interests in
The Open Group Security Forum
- Continued our Identity Management program - joint with the Directory Interoperability
Forum. For more information, see the separate IdM meeting report.
The topics worked on included:
- Populating and marketing the IdM Catalog
- Developing an Architecture Guide for IdM
- Creating a business scenario to define true business requirements for core identity
- Discussing opportunities for attracting open source community involvement in producing
test suites for *ML languages (DSML, XACML, SAML, etc.)
- Reviewed new proposals and agreed on new actions to complete the Manager's Guide to
Identity & Authentication
- Reviewed progress and agreed further actions on developing our two Technical Guides:
- Guide to PKI Trust Models
- Guide to Digital Rights Management
- Reviewed our Vulnerability Management (VM) program. After summarizing our progress and
current status, we then reviewed proposals for projects which aim to address:
- Writing software which is secure. This item took up the majority of the time available
in this session.
- Collaborating with legal consortia (e.g., the American Bar Association) and with
regulators to contribute technical information in developing effective legal and
regulatory regimes
- Developing an industry-accepted metrics methodology for risk and vulnerability
- Coordinating provision of a test and certification program for VM products, along the
same lines as existing independent test and certification for anti-virus products
- Reviewed all existing and proposed new Security Forum projects, and re-evaluated their
relative importance and current priorities
Outputs
Achieved all the objectives set at the start of the meeting.
Next Steps
An actions
list is available to members of the Security Forum, recording who has agreed to lead
what activities on each of our projects between the end of this Brussels meeting and the
start of the next meeting (New Orleans, October 2004).
Links
See above.
|
