This meeting formed the closing plenary for this Open Group Conference. It provided an
opportunity to receive a report on the activities and forward plans of each Forum and
other meetings held during the Conference. As such, this report provides a useful summary
on all non-plenary meetings held during the Conference.
Each presentation is structured around two or three slides which address:
- What was achieved in the meeting
- What is the forward plan to make progress up to the next meeting and beyond
In future Conferences we will provide 10-slide (or thereabouts) slide presentations as
publicly available reports on each Forum meeting. The intent is to provide a set of slides
that members can take and present within their organizations, and also to interested
external gatherings (meetings, conferences, etc.) to spread information on what The Open
Group is doing and why. The first two substantive content slides will provide (as
now) an executive summary:
- What happened in the meeting
- Future plans leading to the next conference and beyond
The next eight (or so) slides will then provide more detail on the meeting activities,
achievements, and way forward in the meeting sessions.
The non-plenary meeting sessions held during the Washington Conference were:
- Security
- Messaging
- Open Source in the Enterprise
- Architecture
- Directory Interoperability
- QoS/EMF
- Real Time & Embedded Systems
The slides presented by each reporter during this session are consolidated into a
single slide presentation.
Security Forum
Mike Jerbic reported on what happened this week:
- Enterprise Vulnerability Management Initiative explored
- Completed American Security Consortium (ASC) Risk Preparedness Index (RPI) review
- Reviewed Identity and Authentication Guide
- Revised PKI Trust Models proposal
- Agreed to complete phase 1 of an Identity Theft analysis and prevention project
- Presentation from the Black Forest Group on B2B PKI requirements
- Joint meeting with DIF on ID Management (Report from Chris Harding)
- Joint meeting with Messaging Forum on Secure Messaging (Report from Mike Lambert)
- Paperback Manager’s Guide to Data Privacy distributed to members
The Enterprise Vulnerability Management (EVM) initiative is a major new project. It is
a key part of the response to provide solutions in the critical infrastructure space. As
such it is high on the requirements agenda of all responsible IT-dependent businesses. We
aim to make our Vulnerability Management business case to CxO-level management in all
government and enterprise industries, and lead the realization of vulnerability management
solutions. This project currently involves joint working with the ASC and through them to
the big four audit companies, with potential to provide solutions for all industry sectors
on:
- Quantitative Risk Management
- Vulnerability Managed SDLC
- Architecture
- Operational Best Practices
- Discovery of Vulnerability Management requirements that are not yet met
- Standards Development
- Certifications
Security Forum plans for ongoing projects are:
- RPI continuation/review/feedback: develop the response to American Security Consortium
(ASC); support the process; commitment to continued joint work with ASC
- Enterprise Vulnerability Initiative: Review NIST 800-53
- Management Guides: Identity and Authentication; ID Theft (Phase 1)
- Guide for Architects & System Designers: PKI Trust Models
- Security Architectures
- Secure Mobile Architecture Company Review
Security Forum San Diego outline agenda:
- EVMi (1 day)
- Project reviews - Identity and Authentication; Identity Theft Phase1; PKI Trust Models;
Security Architectures
- Progress Identity Management
- Progress Secure Messaging
Messaging Forum Report
Mike Lambert reported on what happened this week:
- Secure Messaging Liaison Meeting:
- Trying to apply the PK to messaging without the I. The Secure Messaging Challenge was
the first part. The Secure Messaging Gateway is the second part. The Open Group has its
"interoperability pledge" so the Messaging Forum has been liaising with EEMA,
DoD, OASIS, IETF, NIST, and the Security Forum.
- Major Topics - PKI, the DoD IECA (Internet External Certificate) program which demands
that all its communications with contractors requires encryption and certificates; also
the Secure Messaging Gateway Certification.
- Spam Summit:
- Involves legislators, ISPs, Spam Filter Vendors, and Researchers
- Major Topics - Legislation in Europe, US, & Asia; Blocklists; Research Activities;
White Lists; Spam Filters
- Instant Messaging in the Enterprise - why this is important? - what are the enterprise
concerns? - what approaches are available?
Forward plans:
- Secure Messaging - Managers Guide; Secure Messaging Certification (5/6 Nov); IECA
Program (San Diego)
- Unified Messaging - Workshop (December)
- Spam
- Meeting proceedings (The Message)
- Manager's Guide
- WEB "Resource Area"
- Questions
- Is it possible to define required behavior of a well-behaved site?
- Can we improve authentication of email without re-engineering?
- What is needed to convince ISPs, Filters to recognize a White List?
- Meeting with Direct Marketers (December)
Open Source in the Enterprise
Walter Stahlecker reported on what happened this week:
- Participants were few, all from suppliers, all familiar with the project.
- They had a brief report on the open source conferences in Minneapolis and London, and
contemplated proposals for future regional conferences in local languages, and guide
books.
- They had a fruitful discussion on how the current strategy of the OSE project is being
implemented.
- They intend to develop a blueprint for regional conferences with minimal staff support,
in the local language.
Their steps to implement their strategy are summarized in their 2nd slide, which lists
five strategic items in the left column and for each identifies the intended audience,
approach, and next steps they intend to take between now and the next meeting in San Diego
(2-6 Feb 2004). Walter noted that the items are quite diverse so perhaps they will run
separate tracks on each in the San Diego meeting.
Replying to a question about the status of the OSE activity in The Open Group - is it a
new Forum? Walter replied that it is not a Forum, rather it is a Special Interest Group
that is driven by the registered participants with minimum staff support by The Open
Group. It is open to participation by any interested party without requiring membership of
The Open Group - all that is required is that the party visits the OSE SIG's web page at www.opengroup.org/ose to register their interest
by joining the og-participants@opengroup.org email list. Membership of this email list
then enables them to log in to the OSE web page, and thereby access all the OSE SIG's
documents and contribute. For further information, contact Graham Bird (g.bird@opengroup.org) or Walter Stahlecker (w.stahlecker@opengroup.org).
Architecture Forum Report
John Spencer reported on what happened this week.
The Architecture Practitioners’ Conference ran from Tuesday lunchtime until
Thursday lunchtime. It ran 40 sessions comprising 14 tracks across 3 streams, with
approximately 70 participants overall. It seems to have met all expectations of the
participants, who recommend we should repeat it in the next European-based conference -
Edinburgh in April 2004.
On Thursday afternoon the Architecture Forum members held an Architecture Development
Methods (ADM) Workshop in which they reflected on:
- Lessons to learn from the Forum - Questionnaire feedback
- Lessons to learn from the Conference Plenary and the Practitioners’ Conference
- TOGAF 9 Propositions
- IT Architect Certification proposal
- TOGAF 9 Certification
- TOGAF Marketing
Their forward plans include:
- TOGAF 8.1 company review disposition, approval, and publication
- TOGAF 8 certification based on TOGAF 8.1 - target launch at San Diego meeting (2-6 Feb
2004)
- TOGAF9:
- New structure to reflect Governance, Requirements Management, Change Management
- Internal publication July, external December 2004
- Kick-start with interim workshop Dec/Jan, building on output of ADM Workshop at DC?
In reply to a question on localization, John said this issue was raised by speakers in
this meeting but was not addressed.
QOS/Enterprise Management Forum
Martin Kirk reported on what happened this week:
- The Applications Response Measurement (ARM) 4.0 Java and C Technical Standards were
approved.
- OpenPegasus 2.3 was released. This represents a major event in the evolution of Pegasus.
Version 2.3 includes internationalization, which involved significant effort for the
contributing members. Martin estimates about 50 engineers were involved in producing this
code. The OpenPegasus project is working very well and appears to be gaining ground
against its competitors, with more organizations evaluating it and a potential additional
sponsor considering joining the existing three.
- They held an Application Quality/Resource Measurement (AQRM) Project Meeting which
worked on progressing the Architecture Framework, concentration on core activities, and
planning for user outreach.
Forward plans:
- ARM 4.1 in planning
- OpenPegasus 2.3.1 release
- OpenPegasus 2.4 planning cycle begins
- Common Management Protocol Interface (CMPI) Technical Standard started development
- OpenPegasus Interface Technical Standards being brought out
- AQRM project meeting at the Computer Management Group (CMG) in Dallas, in December 2003
- They have been invited to deliver presentations on OpenPegasus at external conference
sessions in June 2004, and propose making an early start to work on these.
DIF and Associated Work Areas Report
Ed Harrington reported that the Directory Interoperability Forum led three main
activities at this meeting:
Mobile and Directory
- This comprised a Mobile Identity Management open meeting in which the Security Forum
participated, and a Mobile and Directory (MaD) Challenge DIF members-only meeting.
- The outcomes and forward plans for both these activities are to produce a statement of
current positions. In the case of the MaD Challenge they will present alternative ways of
proceeding.
Identity Management
This is a joint Forums project led by the DIF and involving the Security, Mobile, and
Messaging Forums. The IdM Implementation Catalog Survey was approved for publication and
implementation, and the IdM White Paper was further progressed to complete the remaining
few sections that need to be populated. An Enterprise Identity Management architecture
project was also approved.
Forward plans for this joint-Forums activity are:
- Collect implementation catalog project information
- Complete and publish the IdM White Paper
- Produce an Enterprise Identity Management Architecture Guide
Directory Interoperability Forum
In this week's meetings, the DIF members:
- Revised their Charter (subject to approval)
- Declared their "LDAP Ready" program open for certification
- Held a Secure Directory Service (SDS) business scenario workshop, facilitated by Terry
Blevins and involving some good customer input, which was welcome in a DIF that is
typically dominated by directory vendors.
Forward plans are:
- To develop an "LDAP Certified" STANDARD level
- To define a Secure Service ADVANCED profile
- To develop a tactical marketing plan
Real-Time & Embedded Systems
Joe Bergmann reported on what happened this week. He noted that the RT&ES
area has expanded to several tracks, which are attracting different experts and are
operating largely as separate Forums within the one RT&ES Forum.Safety-Critical RT Java (21 October) - Finalize
Business Plan; HIDOORS -- Java for the development of distributed, real-time, and
safety-critical systems; Raytheon’s Java Safety Issues; Evaluation Effort of RT Java;
Java Vulnerability and Security
Security for Real-Time (22 October) - The Open Group
Protection Profile; PK PP Development and Status; Update on multi-level security (MILS)
status; Update on JSF PP progress; Plans for a Secure OS -- Wind River Systems; RT CORBA
MILS Update; Standard Approach to MLS/MILS; MILS for Web Services; SCADA: way forward on
controls for power plants
Open Architecture for RT (23 October/morning) - National Security Space Architecture;
Net-Centric Operations Warfare Reference Model - Compliance/Conformance; MOSA Going
Forward
Software (23 October/afternoon) - Software Assurance; IEEE POSIX 1003.13 Update;
Traceability - Use of Standard XML Tags; Software Development across RT Environments;
Panel Discussion
RTES Forum Members Meeting (23 October) - Looking to 2004
Going forward - future activities include:
- For Net-Centric environments
- Software Assurance
- Software Design and Coding Standards
- Software Conformance
- Tools
- Software Traceability
- Standardized XML Tags
- Mission-Critical RT Java
- MILS Off-the-Shelf RTOSs
- MILS for Web Services
- Middleware Security
- Quality of Service
- Dynamic Resource Management Standards -
Acquisition/Procurement of RT Systems, Database for RT Environments, Directory
Services/DNS for RT Environments, Security Interoperability, RT Aggregated Systems
Joe presented the RT&ES proposed agenda for
San Diego, which identifies seven separate RT&ES threads and a set of other real-time
organizations who are considering co-locating their meetings with The Open Group meeting
in San Diego during the week 2-6 February 2004:
- Focus on Commercial Real-Time Environments - Requirements
for Commercial RT Applications to include Avionics, Telematics, and Pervasive Computing
- Open Architecture WG - Commonality of various OA
Approaches; DRM Standards Development
- Security for RT WG - MILS for Web Services; PP for
Commercial RTOS; Security for SCADA; Security for Middleware
- RT Profiles and Certification WG - Develop RT
Certification Profile based on US Navy OACE, FCS SoSCOE, US Army OE
- Safety/Mission-Critical Applications - Specification
Development for XML Tags for Traceability
- Safety/Mission-Critical RT Java WG - Ratify Business
Plan; Specification Development SC RT Java; Mission-Critical JSR
- Potential New Items - High Assurance Systems; Software
Assurance Issues; Quality of Service Software Issues for RT Environments; Applicability of
OOT in Safety-Critical Environments; Database Requirements for RT; Procurement issues
concerning adherence to Open Systems, Open Standards, and Certification
- Other RT organizations considering co-locating for the
February meeting - SAE SA5, US Army WSTAWG/OE, IEEE PASC SSWG RT, FCS Architecture Group
